Malware Analysis Report

2025-08-05 09:59

Sample ID 240403-xxr5yaaa9t
Target 1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc
SHA256 1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc
Tags
upx persistence spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc

Threat Level: Known bad

The file 1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc was found to be: Known bad.

Malicious Activity Summary

upx persistence spyware stealer

UPX dump on OEP (original entry point)

Detects executables containing possible sandbox analysis VM usernames

UPX dump on OEP (original entry point)

Reads user/profile data of web browsers

Checks computer location settings

UPX packed file

Enumerates connected drives

Adds Run key to start application

Drops file in System32 directory

Drops file in Windows directory

Drops file in Program Files directory

Enumerates physical storage devices

Unsigned PE

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-03 19:14

Signatures

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-03 19:14

Reported

2024-04-03 19:16

Platform

win7-20240221-en

Max time kernel

153s

Max time network

154s

Command Line

"C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe"

Signatures

Detects executables containing possible sandbox analysis VM usernames

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\FxsTmp\lingerie catfight black hairunshaved .mpg.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Windows\SysWOW64\IME\shared\italian kicking trambling several models titts wifey (Liz).mpg.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\horse voyeur feet .zip.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Windows\System32\DriverStore\Temp\brasilian fetish bukkake [free] ash .avi.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\beast [free] bedroom .mpeg.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Windows\System32\LogFiles\Fax\Incoming\swedish action trambling girls hole hairy (Janette).mpeg.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\brasilian horse xxx public pregnant (Sonja,Liz).zip.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\fucking girls feet .zip.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\lesbian [free] feet redhair (Sarah).avi.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Windows\SysWOW64\IME\shared\brasilian beastiality gay [free] girly .zip.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\xxx lesbian cock .mpeg.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Program Files (x86)\Google\Temp\american animal blowjob big ash .avi.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\lingerie voyeur feet castration .mpg.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Program Files\Windows Sidebar\Shared Gadgets\american animal horse public glans beautyfull (Tatjana).mpg.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\fucking [free] .rar.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\brasilian horse hardcore big glans lady (Samantha).mpg.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Program Files\DVD Maker\Shared\russian fetish horse masturbation shower (Ashley,Sarah).zip.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Program Files (x86)\Google\Update\Download\swedish kicking beast sleeping (Sylvia).mpg.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\lingerie big swallow .mpg.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\fucking public cock .avi.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\lingerie lesbian .mpg.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\lingerie sleeping titts .avi.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Program Files\Windows Journal\Templates\indian gang bang hardcore girls (Samantha).zip.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\brasilian animal sperm lesbian 40+ .avi.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\sperm hot (!) beautyfull .mpg.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\tyrkish beastiality blowjob girls cock balls .mpeg.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\japanese handjob trambling public cock 40+ .mpg.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\trambling masturbation glans (Christine,Liz).zip.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_6.1.7600.16385_none_6377027f0030a06a\beast public feet .rar.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_bcc167434bb9b3ea\african beast hot (!) .mpg.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_65b23d3c3a97bfaf\horse blowjob licking glans hairy (Tatjana).mpeg.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_34400a5790d1d336\animal gay girls leather .avi.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_de-de_5803850b2f40840e\indian fetish gay [bangbus] glans 40+ .avi.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_6.1.7600.16385_none_49dd84a06c7c8863\sperm big (Janette).rar.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_f0ca3430257ea13f\beastiality lingerie masturbation hole shower (Tatjana).mpeg.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_7f84cd98a7a56fd8\bukkake uncut .zip.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_664dbffec8693dfe\action fucking hidden .avi.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Windows\SoftwareDistribution\Download\russian cum bukkake girls hole shoes .mpeg.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_4fe2107fd06efdd8\british lingerie masturbation titts gorgeoushorny (Janette).mpeg.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_095efe9c8261401e\british lesbian lesbian cock .rar.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Windows\mssrv.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_6.1.7600.16385_none_a727eb798dcfb185\malaysia trambling public .rar.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0993a1b8823a4e79\german beast [bangbus] redhair (Kathrin,Liz).mpg.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_515dc677700303ec\danish cumshot blowjob voyeur ìï .avi.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_6208b91f46896156\german blowjob sleeping blondie .zip.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_6b16fa9f975e1109\porn beast [milf] circumcision .mpg.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_f3c374fc18118ca2\cum xxx [free] (Jade).zip.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2fc4a33adb648f33\german blowjob girls mature .zip.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0ac4ebfc358e5ec0\chinese lingerie uncut .zip.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_657d9a203abeb154\malaysia sperm hot (!) titts YEâPSè& .rar.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_3b85bcbe4734e96a\gay [bangbus] .rar.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e30b5ec05031d17d\spanish horse uncut (Karin).rar.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\american fetish lesbian uncut (Samantha).mpg.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8c6fc5a7aa8c435d\spanish horse masturbation .mpeg.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_963e6ae24c653bfe\nude bukkake hidden titts swallow .mpeg.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\lesbian hot (!) stockings (Christine,Tatjana).mpg.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_39c9d74ef2ad6c7b\african beast uncut hole .mpeg.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_293ea1e3e6bc5364\gang bang xxx several models mistress .avi.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-m..-temptable-provider_31bf3856ad364e35_6.1.7600.16385_none_1dd3ce8d1e7524cd\blowjob uncut .zip.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_aedaf3947d09fbe5\sperm lesbian blondie .mpeg.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Windows\winsxs\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_5e4ff1f4cf2dee9b\italian horse xxx catfight young .zip.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\lesbian girls titts .mpg.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_f27c4f066f5c6701\russian gang bang horse voyeur hole 50+ .mpeg.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\Downloads\russian porn blowjob hot (!) beautyfull .mpg.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_es-es_00bfb7e81e458178\animal bukkake lesbian cock girly (Melissa).zip.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ad7c61fb28607522\spanish beast several models .rar.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\danish cum trambling big girly (Ashley,Karin).avi.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\american action hardcore several models cock mistress (Liz).avi.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b4aea777fe683838\chinese lingerie full movie titts 40+ (Sylvia).rar.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_3d98a610fed70b75\black animal gay [free] hole ejaculation (Janette).avi.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_bacc7ceffc55dca2\malaysia lesbian masturbation feet (Jenna,Samantha).rar.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Windows\winsxs\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_39374e2435a71b47\african hardcore [milf] cock upskirt .zip.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5d9f7d70ed4643fd\asian gay voyeur hairy .mpeg.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a3772de7111797da\animal sperm voyeur titts granny (Melissa).rar.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_05ea1d9b8e2bf020\nude bukkake masturbation femdom .mpg.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\trambling catfight titts girly .mpg.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_3c93ac15fd731acf\action blowjob full movie cock .zip.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_aea650787d30ed8a\xxx sleeping bondage .zip.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\fucking hot (!) penetration .mpeg.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f25d066604c2ad34\russian gang bang hardcore public cock .rar.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\swedish fetish fucking [free] hotel (Anniston,Karin).mpeg.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_00225053e03f4c04\chinese hardcore voyeur titts .mpeg.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_6f0f7833cb71e18d\african lingerie several models feet leather .mpeg.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_it-it_18a6fde3093acac7\gang bang beast licking hole sm .mpg.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_60a2cbbf935c42b4\german hardcore [milf] (Janette).avi.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_4d274741486b900c\chinese sperm uncut feet femdom (Liz).rar.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\brasilian fetish bukkake masturbation titts lady .rar.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Windows\PLA\Templates\indian kicking fucking licking .rar.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\fucking [milf] feet .zip.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2372 wrote to memory of 2620 N/A C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe
PID 2372 wrote to memory of 2620 N/A C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe
PID 2372 wrote to memory of 2620 N/A C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe
PID 2372 wrote to memory of 2620 N/A C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe
PID 2620 wrote to memory of 2472 N/A C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe
PID 2620 wrote to memory of 2472 N/A C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe
PID 2620 wrote to memory of 2472 N/A C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe
PID 2620 wrote to memory of 2472 N/A C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe

Processes

C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe

"C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe"

C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe

"C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe"

C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe

"C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 157.52.227.170.in-addr.arpa udp
US 8.8.8.8:53 44.101.49.59.in-addr.arpa udp
US 8.8.8.8:53 192.201.61.55.in-addr.arpa udp
US 8.8.8.8:53 122.28.203.252.in-addr.arpa udp
US 8.8.8.8:53 178.182.34.56.in-addr.arpa udp
US 8.8.8.8:53 1.125.164.50.in-addr.arpa udp
US 8.8.8.8:53 24.59.96.195.in-addr.arpa udp
US 8.8.8.8:53 94.187.250.104.in-addr.arpa udp
US 8.8.8.8:53 72.228.196.79.in-addr.arpa udp
US 8.8.8.8:53 117.98.84.204.in-addr.arpa udp
US 8.8.8.8:53 73.218.24.15.in-addr.arpa udp
US 8.8.8.8:53 217.19.92.23.in-addr.arpa udp
US 8.8.8.8:53 97.111.109.159.in-addr.arpa udp
US 8.8.8.8:53 173.30.22.103.in-addr.arpa udp
US 8.8.8.8:53 126.240.241.3.in-addr.arpa udp
US 8.8.8.8:53 110.137.117.61.in-addr.arpa udp
US 8.8.8.8:53 55.40.73.181.in-addr.arpa udp
US 8.8.8.8:53 64.244.12.225.in-addr.arpa udp
US 8.8.8.8:53 45.224.174.241.in-addr.arpa udp

Files

memory/2372-0-0x0000000000400000-0x0000000000420000-memory.dmp

C:\Program Files\Windows Sidebar\Shared Gadgets\american animal horse public glans beautyfull (Tatjana).mpg.exe

MD5 7ce1a4452f29952bad61719e45c6a075
SHA1 fba5b000102bb86fb417ad5f40a4532324b291cf
SHA256 d8ca40097151b97a7951da13170065c0953b798ff565778b96da71a7938023a3
SHA512 456bc8df0e24329b015dc853effb017285b3d25f71a80d037c0a5d5b60205145a23f438e7fcd81faf555ebcefbdb75b4bf3a86386a84e66bb5d2970ce6fc6d3f

memory/2472-54-0x0000000000400000-0x0000000000420000-memory.dmp

memory/2372-78-0x0000000000400000-0x0000000000420000-memory.dmp

memory/2620-79-0x0000000000400000-0x0000000000420000-memory.dmp

memory/2472-80-0x0000000000400000-0x0000000000420000-memory.dmp

memory/2372-81-0x0000000000400000-0x0000000000420000-memory.dmp

memory/2372-89-0x0000000004B00000-0x0000000004B20000-memory.dmp

memory/2372-97-0x0000000000400000-0x0000000000420000-memory.dmp

memory/2372-101-0x0000000000400000-0x0000000000420000-memory.dmp

C:\debug.txt

MD5 c065747785e95940923644a7bf5713ea
SHA1 c405c31b3681d580fc5135259a7fccd18aeafcee
SHA256 2ab3dea31ba37d8786e2aefb008d6360f446652214f3dca41e231f7bac0101bd
SHA512 78d2fc02cb326a91802205bc02bebc08bd6d583d5de8b1a499385e89721921df8aba40fad85d9499d59a0a6f7c07e401c08ff9b3d00edf8dc8ea372dc018764f

memory/2372-114-0x0000000000400000-0x0000000000420000-memory.dmp

memory/2372-117-0x0000000000400000-0x0000000000420000-memory.dmp

memory/2372-120-0x0000000000400000-0x0000000000420000-memory.dmp

memory/2372-123-0x0000000000400000-0x0000000000420000-memory.dmp

memory/2372-128-0x0000000000400000-0x0000000000420000-memory.dmp

memory/2372-131-0x0000000000400000-0x0000000000420000-memory.dmp

memory/2372-134-0x0000000000400000-0x0000000000420000-memory.dmp

memory/2372-137-0x0000000000400000-0x0000000000420000-memory.dmp

memory/2372-140-0x0000000000400000-0x0000000000420000-memory.dmp

memory/2372-143-0x0000000000400000-0x0000000000420000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-04-03 19:14

Reported

2024-04-03 19:16

Platform

win10v2004-20240226-en

Max time kernel

150s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe"

Signatures

Detects executables containing possible sandbox analysis VM usernames

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\LogFiles\Fax\Incoming\hardcore cumshot catfight hole hotel .mpg.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\asian gay hot (!) cock bondage .rar.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\porn public hole pregnant .zip.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\hardcore uncut .mpg.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Windows\SysWOW64\IME\SHARED\hardcore [milf] (Kathrin).mpeg.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\japanese action catfight feet boots .zip.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\trambling girls cock sm (Liz,Melissa).mpg.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\xxx blowjob public .avi.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Windows\System32\DriverStore\Temp\animal horse [bangbus] ash .mpeg.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Windows\SysWOW64\IME\SHARED\spanish lesbian sleeping granny (Jenna,Gina).mpg.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\sperm public .mpg.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\porn bukkake voyeur nipples shower (Liz).avi.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Windows Sidebar\Shared Gadgets\gang bang full movie titts gorgeoushorny .mpeg.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\horse girls ΋ .zip.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\sperm [bangbus] redhair (Britney,Sarah).avi.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Program Files\dotnet\shared\american fetish licking .avi.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Program Files\Microsoft Office\Updates\Download\russian cumshot masturbation ash shoes .avi.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\lesbian beastiality full movie (Jade).mpg.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\african sperm uncut shower (Jade).mpg.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Program Files (x86)\Google\Temp\spanish gang bang girls wifey (Anniston,Janette).mpeg.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Program Files\Common Files\microsoft shared\bukkake [bangbus] leather .rar.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\canadian fetish big 40+ .mpeg.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\lingerie gay catfight lady .mpg.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU8B19.tmp\animal hardcore lesbian glans 40+ (Sonja,Kathrin).mpg.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\asian hardcore hot (!) girly .zip.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\french gay nude big .avi.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\horse [free] girly .rar.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Program Files (x86)\Google\Update\Download\canadian blowjob bukkake hidden boobs .avi.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\sperm xxx public boobs shower (Tatjana,Gina).mpeg.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\indian fucking fucking public (Anniston).mpeg.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\russian lingerie porn [bangbus] (Jenna).rar.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_ee7ea14f7d8a3ee3\canadian hardcore beast hot (!) .avi.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1_none_3cfd44d351b1a8ab\brasilian fucking fetish [milf] ash stockings (Tatjana).rar.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.906_none_ef0e010d1381269b\horse nude hidden boots (Jade).mpeg.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_de-de_3d077a9cd5de5151\kicking lesbian .avi.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_10.0.19041.1_none_01240756137c3159\animal catfight .mpg.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Windows\WinSxS\x86_microsoft-windows-m..-temptable-provider_31bf3856ad364e35_10.0.19041.1_none_77cfea69a421a4a1\swedish bukkake kicking several models nipples lady .avi.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Windows\Downloaded Program Files\indian animal several models traffic .zip.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_5d54c0aac5c3c12c\french sperm fucking catfight penetration .mpg.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_es-es_e5c3ad79c4e34ebb\african sperm big mature .rar.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..-kf-commondownloads_31bf3856ad364e35_10.0.19041.1_none_a914e3e3f19ceda1\malaysia gang bang gang bang hot (!) hairy .avi.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5fdc43acc1be690d\swedish beastiality sleeping pregnant .mpeg.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Windows\WinSxS\amd64_netfx-aspnet-nonwow64-shared_b03f5f7f11d50a3a_4.0.19041.1_none_d66d07dacac85e2d\trambling fucking hot (!) .mpg.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1288_none_6115038ba57fcb33\danish horse catfight .mpg.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Windows\PLA\Templates\gang bang horse hot (!) blondie .rar.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Windows\WinSxS\x86_netfx4-installsqlstatetemplate_sql_b03f5f7f11d50a3a_4.0.15805.0_none_bde408a455fc3ece\african horse trambling big bedroom .zip.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Windows\SoftwareDistribution\Download\tyrkish fetish porn big black hairunshaved .avi.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_de-de_16bd831fd16633be\french gay nude uncut ejaculation .zip.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_e79b400a6df5fd2c\danish bukkake uncut gorgeoushorny .zip.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_10.0.19041.1_none_91025638be651781\danish beastiality sleeping nipples .avi.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_d58d4747b1d5988c\indian cum xxx lesbian shower .mpeg.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_f8d34ba1b1eb00de\french porn lesbian .zip.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ces-ime-eashared-lm_31bf3856ad364e35_10.0.19041.1_none_3d0229d17c310f10\cumshot action catfight cock penetration (Christine,Sarah).mpg.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_62312bfbb33d478a\action porn [free] boobs leather .rar.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_19d22204a1f3fcaf\indian beastiality [milf] 50+ .zip.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_8fafa997b9980bea\sperm [free] ash castration .mpeg.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_adfc5e0bfca53431\canadian fucking voyeur glans .avi.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Windows\WinSxS\x86_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_10.0.19041.1_none_d980e9752d51efac\tyrkish fucking cum [free] redhair (Jenna).mpg.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\gang bang sperm big .avi.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_fd7349c396c417ae\xxx horse [milf] .mpeg.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_10.0.19041.207_none_e2f2dfeea7fa44fc\japanese handjob horse catfight .zip.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_10.0.19041.1_none_096bb4dc0d5d63a0\german action horse lesbian blondie (Tatjana,Melissa).rar.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_b597a55b603b537d\sperm kicking lesbian stockings .zip.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_215194e2327a46ac\horse [milf] shoes .rar.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.867_en-us_49453482f1fb5356\spanish lingerie several models legs (Jade,Tatjana).mpg.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedpc-sharedpccsp_31bf3856ad364e35_10.0.19041.1_none_24f622f1fc5a3f3c\malaysia animal big upskirt .mpg.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-update-upshared_31bf3856ad364e35_10.0.19041.1151_none_025296d718a7b3a8\bukkake trambling public .zip.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_ca03036af4a5017e\malaysia blowjob sleeping pregnant .rar.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-sx-shared_31bf3856ad364e35_10.0.19041.1_none_f8e978b0ed48a6bb\kicking public .mpeg.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_1bbb9ab9fc52bac9\blowjob licking shower (Ashley).mpeg.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-u..ell-sharedutilities_31bf3856ad364e35_10.0.19041.546_none_a93e4a2569276206\nude girls .avi.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_6c6bd34f082a97f1\handjob masturbation .rar.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_833abdc06c68d338\kicking fetish full movie .avi.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_10.0.19041.1_none_ae957c4c35a7bf73\canadian lesbian sperm catfight gorgeoushorny .zip.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..ervices-tsfairshare_31bf3856ad364e35_10.0.19041.1_none_e32b64807ab11fd2\beastiality xxx voyeur boots (Melissa,Jade).rar.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.1_none_b201c2e68d8dbc0d\beast horse big cock redhair .avi.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\german gay voyeur mature .mpg.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Windows\security\templates\russian beastiality licking .mpeg.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.1266_none_7916f7558927ae23\japanese bukkake nude girls titts .avi.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_10.0.19041.1_none_a3d9a07cf2290837\cum girls vagina granny (Samantha).rar.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1_none_97e9c0335b4cd39a\russian xxx porn big .rar.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_es-es_c9ce604ef4cbf323\trambling [bangbus] .mpg.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d38ece58f77171b4\kicking girls (Ashley,Kathrin).zip.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.572_none_cf90e12518baac85\swedish hardcore catfight nipples traffic (Karin).rar.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Windows\WinSxS\amd64_netfx4-uninstallsqlstatetemplate_sql_b03f5f7f11d50a3a_4.0.15805.0_none_db70a8ec1b999dd5\italian hardcore hidden .rar.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.1_none_0bc0f3d4cd7dc8fd\fetish horse lesbian boobs lady (Christine,Ashley).mpeg.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_5b152a8d329397ec\african gay beast sleeping gorgeoushorny .zip.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.1_none_c6da8048542fddc7\porn handjob full movie feet castration (Anniston).mpeg.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_b1ffa0e7b4ed03e2\italian gay xxx catfight (Tatjana).rar.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-security-ntlmshared_31bf3856ad364e35_10.0.19041.1_none_734900fc110387b6\bukkake masturbation nipples .mpg.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_10.0.19041.1_none_c513167c1d0a90dd\trambling fetish full movie cock upskirt .rar.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.964_none_1c1a193f5bfcf136\japanese fucking sperm sleeping traffic .zip.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_10.0.19041.746_none_292c449ed2edefa3\lesbian fetish catfight legs bedroom (Karin,Melissa).mpg.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_bca64d70c79f104b\black animal lesbian hotel .zip.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_de-de_21122d7205c6f5b9\tyrkish kicking beast hidden .rar.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2484 wrote to memory of 1520 N/A C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe
PID 2484 wrote to memory of 1520 N/A C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe
PID 2484 wrote to memory of 1520 N/A C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe
PID 2484 wrote to memory of 3760 N/A C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe
PID 2484 wrote to memory of 3760 N/A C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe
PID 2484 wrote to memory of 3760 N/A C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe
PID 1520 wrote to memory of 2204 N/A C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe
PID 1520 wrote to memory of 2204 N/A C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe
PID 1520 wrote to memory of 2204 N/A C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe

Processes

C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe

"C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe"

C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe

"C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe"

C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe

"C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe"

C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe

"C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 227.66.18.2.in-addr.arpa udp
US 8.8.8.8:53 140.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
NL 52.142.223.178:80 tcp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 52.181.73.77.in-addr.arpa udp
US 8.8.8.8:53 218.122.19.2.in-addr.arpa udp
US 8.8.8.8:53 63.97.52.29.in-addr.arpa udp
US 8.8.8.8:53 229.253.32.70.in-addr.arpa udp
US 8.8.8.8:53 128.99.154.83.in-addr.arpa udp
US 8.8.8.8:53 235.214.166.105.in-addr.arpa udp
US 8.8.8.8:53 133.27.89.114.in-addr.arpa udp
US 8.8.8.8:53 173.78.98.128.in-addr.arpa udp
US 8.8.8.8:53 143.179.162.50.in-addr.arpa udp
US 8.8.8.8:53 101.110.171.175.in-addr.arpa udp
US 8.8.8.8:53 239.216.77.14.in-addr.arpa udp
US 8.8.8.8:53 215.202.250.116.in-addr.arpa udp
US 8.8.8.8:53 145.136.98.56.in-addr.arpa udp
US 8.8.8.8:53 29.52.16.31.in-addr.arpa udp
US 8.8.8.8:53 11.48.110.157.in-addr.arpa udp
US 8.8.8.8:53 243.108.222.173.in-addr.arpa udp
US 8.8.8.8:53 211.11.250.131.in-addr.arpa udp
US 8.8.8.8:53 30.12.154.73.in-addr.arpa udp
US 8.8.8.8:53 217.80.214.41.in-addr.arpa udp
US 8.8.8.8:53 3.54.241.162.in-addr.arpa udp
US 8.8.8.8:53 194.47.150.167.in-addr.arpa udp
US 8.8.8.8:53 205.61.3.7.in-addr.arpa udp
US 8.8.8.8:53 186.198.229.188.in-addr.arpa udp
US 8.8.8.8:53 104.105.50.19.in-addr.arpa udp
US 8.8.8.8:53 60.51.43.42.in-addr.arpa udp
US 8.8.8.8:53 154.212.232.121.in-addr.arpa udp
US 8.8.8.8:53 227.9.148.93.in-addr.arpa udp
US 8.8.8.8:53 96.72.123.147.in-addr.arpa udp
US 8.8.8.8:53 225.3.174.90.in-addr.arpa udp
US 8.8.8.8:53 224.203.158.102.in-addr.arpa udp
US 8.8.8.8:53 156.156.185.166.in-addr.arpa udp
US 8.8.8.8:53 87.32.209.100.in-addr.arpa udp
US 8.8.8.8:53 192.61.80.170.in-addr.arpa udp
US 8.8.8.8:53 195.148.125.213.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 204.96.19.170.in-addr.arpa udp
US 8.8.8.8:53 126.200.56.87.in-addr.arpa udp
US 8.8.8.8:53 7.4.50.164.in-addr.arpa udp
US 8.8.8.8:53 189.23.4.121.in-addr.arpa udp
US 8.8.8.8:53 137.249.44.167.in-addr.arpa udp
US 8.8.8.8:53 162.79.93.121.in-addr.arpa udp
US 8.8.8.8:53 189.75.58.247.in-addr.arpa udp
US 8.8.8.8:53 70.8.86.49.in-addr.arpa udp
US 8.8.8.8:53 247.28.169.181.in-addr.arpa udp
US 8.8.8.8:53 147.172.206.7.in-addr.arpa udp
US 8.8.8.8:53 127.205.68.183.in-addr.arpa udp
US 8.8.8.8:53 243.73.112.57.in-addr.arpa udp
US 8.8.8.8:53 139.169.209.207.in-addr.arpa udp
US 8.8.8.8:53 241.45.28.71.in-addr.arpa udp
US 8.8.8.8:53 253.229.109.25.in-addr.arpa udp
US 8.8.8.8:53 198.90.187.119.in-addr.arpa udp
US 8.8.8.8:53 21.134.42.150.in-addr.arpa udp
US 8.8.8.8:53 128.155.110.94.in-addr.arpa udp
US 8.8.8.8:53 130.130.1.98.in-addr.arpa udp
US 8.8.8.8:53 124.230.141.116.in-addr.arpa udp
US 8.8.8.8:53 92.116.139.19.in-addr.arpa udp
US 8.8.8.8:53 37.163.206.167.in-addr.arpa udp
US 8.8.8.8:53 199.180.100.227.in-addr.arpa udp
US 8.8.8.8:53 199.188.215.247.in-addr.arpa udp
US 8.8.8.8:53 253.222.97.66.in-addr.arpa udp
US 8.8.8.8:53 177.180.112.231.in-addr.arpa udp
US 8.8.8.8:53 16.1.236.173.in-addr.arpa udp
US 8.8.8.8:53 203.165.238.255.in-addr.arpa udp
US 8.8.8.8:53 187.251.141.247.in-addr.arpa udp
US 8.8.8.8:53 11.186.19.248.in-addr.arpa udp
US 8.8.8.8:53 155.55.182.150.in-addr.arpa udp
US 8.8.8.8:53 63.174.3.72.in-addr.arpa udp
US 8.8.8.8:53 150.217.223.95.in-addr.arpa udp
US 8.8.8.8:53 118.131.9.68.in-addr.arpa udp
US 8.8.8.8:53 25.23.220.129.in-addr.arpa udp
US 8.8.8.8:53 199.174.151.14.in-addr.arpa udp
US 8.8.8.8:53 82.14.118.134.in-addr.arpa udp
US 8.8.8.8:53 136.189.177.34.in-addr.arpa udp
US 8.8.8.8:53 209.143.182.52.in-addr.arpa udp

Files

memory/2484-0-0x0000000000400000-0x0000000000420000-memory.dmp

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\asian hardcore hot (!) girly .zip.exe

MD5 dda7e1512cbb4df04374387beda072e8
SHA1 3537e3083ce5f1f49afa5a7e4babb7ba9f91b8fb
SHA256 cd1054eabdaf124b7eee5cfe674c0822d46ec5e40c24013bc4f0706010f26302
SHA512 8726227c3a624817b596cd278c4fd9cc6c5001acdb6c070d7c83e011aa4bd7642bca37bd6620eb2862a00032c30367c6fd49e5f1e0cb33ee629cbde008502d96

memory/1520-130-0x0000000000400000-0x0000000000420000-memory.dmp

memory/2484-183-0x0000000000400000-0x0000000000420000-memory.dmp

memory/1520-184-0x0000000000400000-0x0000000000420000-memory.dmp

memory/3760-185-0x0000000000400000-0x0000000000420000-memory.dmp

memory/2204-186-0x0000000000400000-0x0000000000420000-memory.dmp

memory/2484-188-0x0000000000400000-0x0000000000420000-memory.dmp

memory/2484-194-0x0000000000400000-0x0000000000420000-memory.dmp

memory/2484-204-0x0000000000400000-0x0000000000420000-memory.dmp

memory/2484-208-0x0000000000400000-0x0000000000420000-memory.dmp

memory/2484-213-0x0000000000400000-0x0000000000420000-memory.dmp

memory/2484-217-0x0000000000400000-0x0000000000420000-memory.dmp

memory/2484-221-0x0000000000400000-0x0000000000420000-memory.dmp

memory/2484-225-0x0000000000400000-0x0000000000420000-memory.dmp

memory/2484-229-0x0000000000400000-0x0000000000420000-memory.dmp

memory/2484-233-0x0000000000400000-0x0000000000420000-memory.dmp

memory/2484-237-0x0000000000400000-0x0000000000420000-memory.dmp

memory/2484-241-0x0000000000400000-0x0000000000420000-memory.dmp

memory/2484-245-0x0000000000400000-0x0000000000420000-memory.dmp