Malware Analysis Report

2025-03-14 22:51

Sample ID 240406-1hhjqsbf9v
Target 61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef
SHA256 61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef
Tags
upx persistence spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef

Threat Level: Known bad

The file 61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef was found to be: Known bad.

Malicious Activity Summary

upx persistence spyware stealer

UPX dump on OEP (original entry point)

UPX dump on OEP (original entry point)

Detects executables containing possible sandbox analysis VM usernames

UPX packed file

Checks computer location settings

Reads user/profile data of web browsers

Adds Run key to start application

Enumerates connected drives

Drops file in System32 directory

Drops file in Windows directory

Drops file in Program Files directory

Unsigned PE

Enumerates physical storage devices

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-06 21:38

Signatures

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-06 21:38

Reported

2024-04-06 21:41

Platform

win7-20231129-en

Max time kernel

150s

Max time network

149s

Command Line

"C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe"

Signatures

Detects executables containing possible sandbox analysis VM usernames

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\beast public glans sweet .mpeg.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Windows\System32\DriverStore\Temp\japanese animal trambling masturbation hole .avi.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Windows\System32\LogFiles\Fax\Incoming\italian fetish sperm [milf] feet high heels .zip.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\danish animal gay full movie (Sylvia).mpeg.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\russian action horse big hole (Gina,Sylvia).mpg.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Windows\SysWOW64\IME\shared\american porn gay sleeping (Sarah).avi.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\hardcore girls penetration .rar.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\tyrkish kicking beast girls boots .mpg.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Windows\SysWOW64\IME\shared\bukkake girls cock pregnant (Curtney).mpeg.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\lesbian [free] high heels .mpeg.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\danish gang bang lingerie big hole .rar.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\danish kicking sperm [bangbus] mistress .rar.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\russian nude lingerie several models hole circumcision .zip.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\beast [bangbus] .avi.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Program Files\DVD Maker\Shared\swedish kicking fucking sleeping titts fishy .avi.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Program Files\Windows Journal\Templates\brasilian nude trambling masturbation titts lady (Jade).rar.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\indian beastiality beast catfight (Karin).rar.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\indian porn lesbian [milf] cock ejaculation (Liz).rar.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Program Files (x86)\Google\Temp\tyrkish fetish lingerie sleeping feet .mpg.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\swedish porn bukkake [free] cock .avi.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\danish action lingerie licking sweet .rar.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Program Files\Windows Sidebar\Shared Gadgets\tyrkish beastiality beast several models .rar.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\swedish animal fucking lesbian (Sarah).mpeg.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Program Files (x86)\Google\Update\Download\trambling hot (!) .zip.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\italian horse gay masturbation penetration .mpg.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_6.1.7600.16385_none_af6f98ff87b0e3cc\handjob bukkake masturbation glans .avi.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_cd2006602e5ee22e\british xxx public .mpeg.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_f3c374fc18118ca2\british sperm masturbation shoes .rar.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-m..-temptable-provider_31bf3856ad364e35_6.1.7600.16385_none_1dd3ce8d1e7524cd\porn lingerie [milf] 40+ (Kathrin,Sarah).zip.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\lesbian licking YEâPSè& .mpg.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\brasilian action bukkake big .avi.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8c6fc5a7aa8c435d\blowjob sleeping leather .mpg.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0ac4ebfc358e5ec0\spanish horse full movie .avi.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\tyrkish cumshot trambling licking glans penetration (Samantha).rar.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_aedaf3947d09fbe5\kicking bukkake girls 50+ .zip.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_664dbffec8693dfe\italian horse hardcore public (Melissa).avi.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\danish horse gay lesbian .avi.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\swedish animal fucking sleeping feet penetration .zip.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ad7c61fb28607522\canadian lesbian big ìï .mpeg.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Windows\winsxs\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_5e4ff1f4cf2dee9b\french xxx hidden castration (Gina,Melissa).rar.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8d9f242de8497d58\action blowjob voyeur cock upskirt (Sylvia).avi.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_6.1.7600.16385_none_a727eb798dcfb185\cum blowjob licking feet (Kathrin,Liz).mpg.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e30b5ec05031d17d\blowjob hot (!) hole ìï .mpeg.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_3c93ac15fd731acf\brasilian action lingerie masturbation stockings .mpeg.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_3b85bcbe4734e96a\american horse gay [milf] (Jade).mpeg.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\black cum lesbian voyeur ejaculation .avi.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f25d066604c2ad34\bukkake sleeping .avi.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_b7f38afb92de484f\british gay [free] (Melissa).avi.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_293ea1e3e6bc5364\french lingerie [milf] .rar.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_9498b282333b64ec\sperm masturbation glans .rar.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_095efe9c8261401e\gay masturbation (Melissa).rar.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_d8216ed3d8746200\italian horse lingerie [free] glans mistress .avi.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Windows\winsxs\x86_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_dd18b2a07d49aa11\fucking public feet high heels (Liz).mpeg.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\Downloads\black horse lesbian lesbian (Sylvia).mpeg.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5d6ada54ed6d35a2\cum hardcore [milf] .avi.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_de-de_5803850b2f40840e\gang bang blowjob catfight blondie .zip.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_en-us_00f45b041e1e8fd3\indian handjob lingerie lesbian cock penetration .mpeg.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_6b16fa9f975e1109\beastiality sperm hidden ìï .mpeg.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_ddab3bcb3a4ffb45\action blowjob hot (!) feet hotel .rar.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Windows\mssrv.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Windows\SoftwareDistribution\Download\indian cum xxx sleeping (Jade).mpg.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\sperm [free] girly .avi.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0835101f2d90c7b6\cumshot fucking hot (!) titts .rar.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_387a16fe7addf3b6\canadian beast masturbation ìï (Sandy,Samantha).avi.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\black horse fucking girls .mpeg.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8bc7919d3f36cee7\sperm [bangbus] hole circumcision .mpeg.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Windows\winsxs\amd64_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_c26c5b8280c6af34\gay big 40+ (Anniston,Sylvia).mpeg.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_aea650787d30ed8a\danish gang bang beast big titts wifey (Liz).mpg.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Windows\Downloaded Program Files\beast uncut cock circumcision (Samantha).mpg.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Windows\winsxs\Temp\horse catfight .zip.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_3d98a610fed70b75\malaysia blowjob licking titts .avi.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_d81c96999f75bd77\canadian sperm several models hairy .mpeg.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_bacc7ceffc55dca2\asian horse hot (!) .zip.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Windows\winsxs\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_dba3691c6002e10e\norwegian lingerie full movie latex .mpeg.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_94ab98ac6d213009\handjob sperm public ìï .avi.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Windows\security\templates\lesbian hot (!) glans latex (Curtney).zip.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Windows\winsxs\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_a945e2c500c90142\russian gang bang gay voyeur 50+ .avi.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_99b74194b7347cab\african trambling voyeur hotel .rar.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_f0ca3430257ea13f\brasilian gang bang gay public .mpeg.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Windows\winsxs\InstallTemp\cum sperm full movie hole upskirt .mpeg.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\lingerie full movie .zip.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\hardcore [bangbus] (Melissa).mpg.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_657d9a203abeb154\norwegian beast public titts fishy (Jade).mpg.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_it-it_18a6fde3093acac7\italian animal xxx sleeping titts fishy (Jade).mpg.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_515dc677700303ec\canadian lesbian catfight granny .zip.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\beast several models feet .mpg.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_6.1.7600.16385_none_49dd84a06c7c8863\lesbian [free] bedroom .mpeg.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ac16749b75335680\nude beast [milf] ash .mpg.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_05ea1d9b8e2bf020\german sperm masturbation glans 50+ .avi.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2948 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe
PID 2948 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe
PID 2948 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe
PID 2948 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe
PID 2756 wrote to memory of 584 N/A C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe
PID 2756 wrote to memory of 584 N/A C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe
PID 2756 wrote to memory of 584 N/A C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe
PID 2756 wrote to memory of 584 N/A C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe

Processes

C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe

"C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe"

C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe

"C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe"

C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe

"C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 44.124.92.50.in-addr.arpa udp
US 8.8.8.8:53 110.71.250.193.in-addr.arpa udp
US 8.8.8.8:53 208.134.225.115.in-addr.arpa udp
US 8.8.8.8:53 246.71.133.138.in-addr.arpa udp
US 8.8.8.8:53 122.46.231.16.in-addr.arpa udp
US 8.8.8.8:53 101.90.209.250.in-addr.arpa udp
US 8.8.8.8:53 111.60.135.20.in-addr.arpa udp
US 8.8.8.8:53 174.72.154.16.in-addr.arpa udp
US 8.8.8.8:53 239.242.154.92.in-addr.arpa udp
US 8.8.8.8:53 52.75.30.150.in-addr.arpa udp
US 8.8.8.8:53 200.50.158.21.in-addr.arpa udp
US 8.8.8.8:53 12.91.16.19.in-addr.arpa udp
US 8.8.8.8:53 24.66.66.134.in-addr.arpa udp
US 8.8.8.8:53 90.101.203.212.in-addr.arpa udp
US 8.8.8.8:53 224.138.164.105.in-addr.arpa udp
US 8.8.8.8:53 139.122.4.49.in-addr.arpa udp
US 8.8.8.8:53 235.34.226.95.in-addr.arpa udp
US 8.8.8.8:53 250.112.178.234.in-addr.arpa udp
US 8.8.8.8:53 27.119.22.247.in-addr.arpa udp
US 8.8.8.8:53 101.156.205.10.in-addr.arpa udp
US 8.8.8.8:53 227.225.35.145.in-addr.arpa udp
US 8.8.8.8:53 19.247.245.170.in-addr.arpa udp
US 8.8.8.8:53 203.202.143.247.in-addr.arpa udp
US 8.8.8.8:53 196.235.61.222.in-addr.arpa udp
US 8.8.8.8:53 115.247.214.46.in-addr.arpa udp
US 8.8.8.8:53 69.68.107.205.in-addr.arpa udp
US 8.8.8.8:53 186.98.249.87.in-addr.arpa udp
US 8.8.8.8:53 142.44.126.107.in-addr.arpa udp

Files

memory/2948-0-0x0000000000400000-0x000000000041E000-memory.dmp

C:\Program Files\Windows Sidebar\Shared Gadgets\tyrkish beastiality beast several models .rar.exe

MD5 a0f15397fb2cddd2800dbc2542095e79
SHA1 05c2569d9d3f7fa161fae33fa6012c27fcce15b3
SHA256 d00fb269d85dfaa6a59cac95724aaaf0d252c23cde8e4d7e3212cbc6588af81e
SHA512 6c5e6408f16bd086c82adae92691a6880ce9b55c25144f834de983fa65706b7541966c220931bf2db47b1b9dff15bf396896a662b4b24d471cc40d7c291d929b

memory/2948-66-0x0000000001E80000-0x0000000001E9E000-memory.dmp

memory/2756-67-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2756-90-0x0000000004AA0000-0x0000000004ABE000-memory.dmp

memory/584-91-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2948-95-0x0000000000400000-0x000000000041E000-memory.dmp

C:\debug.txt

MD5 789a9f5b497da0e4057d68c8acda8b22
SHA1 f2c2544f9a95c65363776362eb111cc9e91be2d1
SHA256 e4e71a7a1c0e3113d2078ad8c9309e4882c690032ae0927e87b4d4e862043929
SHA512 109e178daa79f34a1199c27588998010c1d0c5b9dd6d9eed4562218a8b3b182301d04fb9f913e67c5f2cf2e8c5187277d2ee9f637840429232d4c40b659dcdd7

memory/2756-104-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2948-106-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2948-108-0x0000000001E80000-0x0000000001E9E000-memory.dmp

memory/2756-110-0x0000000004AA0000-0x0000000004ABE000-memory.dmp

memory/2948-111-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2948-114-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2948-117-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2948-122-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2948-125-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2948-128-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2948-131-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2948-134-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2948-137-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2948-140-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2948-143-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2948-146-0x0000000000400000-0x000000000041E000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-04-06 21:38

Reported

2024-04-06 21:41

Platform

win10v2004-20240226-en

Max time kernel

150s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe"

Signatures

Detects executables containing possible sandbox analysis VM usernames

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\IME\SHARED\russian porn hot (!) feet castration .mpg.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\french cumshot beastiality public hotel .rar.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\brasilian fucking hardcore big .zip.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\canadian hardcore uncut upskirt .mpg.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\sperm beastiality voyeur boobs .rar.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Windows\SysWOW64\IME\SHARED\asian lesbian big ash (Melissa,Ashley).mpeg.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\handjob catfight young (Curtney,Anniston).zip.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\chinese fetish beastiality several models ejaculation .rar.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Windows\System32\DriverStore\Temp\indian handjob public YEâPSè& .avi.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\norwegian cum nude girls nipples Ôï .rar.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Windows\System32\LogFiles\Fax\Incoming\horse several models mistress (Christine,Jenna).zip.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\chinese bukkake uncut titts blondie .rar.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\xxx uncut .mpg.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\british action handjob lesbian boobs shoes .zip.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\canadian lingerie horse big black hairunshaved .avi.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Program Files\Windows Sidebar\Shared Gadgets\african trambling [bangbus] (Ashley,Britney).avi.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Program Files\Microsoft Office\Updates\Download\fetish bukkake voyeur ejaculation (Ashley,Gina).avi.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Program Files (x86)\Google\Temp\spanish fetish gang bang big vagina .mpeg.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\action [free] titts .rar.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\danish kicking porn girls cock (Anniston).mpg.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\horse licking castration .rar.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\italian bukkake full movie gorgeoushorny (Liz).mpeg.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\blowjob masturbation latex .rar.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Program Files\Common Files\microsoft shared\hardcore sleeping .avi.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\malaysia lesbian masturbation hotel .mpg.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\canadian bukkake porn [bangbus] glans bondage (Jade,Sarah).mpg.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Program Files (x86)\Google\Update\Download\asian horse uncut (Sylvia,Samantha).mpeg.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\beast hot (!) ejaculation .zip.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Program Files\dotnet\shared\beast masturbation castration .rar.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\sperm cumshot lesbian .avi.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_93c5f32b7859ec4f\animal gang bang uncut lady .mpeg.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Windows\WinSxS\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_10.0.19041.1_none_359f84f8e5af60e2\french cum sperm masturbation (Sonja,Britney).mpeg.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Windows\CbsTemp\american sperm handjob several models (Ashley,Tatjana).rar.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..s-ime-eashared-ihds_31bf3856ad364e35_10.0.19041.1_none_e8996b7d3512363f\asian horse animal hot (!) (Tatjana).zip.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_fd7349c396c417ae\animal hardcore catfight .rar.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1202_none_e2f5ebbcec2d8fca\chinese cumshot uncut .rar.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5fdc43acc1be690d\asian cumshot licking .mpeg.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_10.0.19041.746_none_292c449ed2edefa3\porn beast masturbation .mpeg.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Windows\WinSxS\amd64_netfx4-uninstallsqlstatetemplate_sql_b03f5f7f11d50a3a_4.0.15805.0_none_db70a8ec1b999dd5\cum [bangbus] gorgeoushorny .zip.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1_none_a23e6a858fad9595\cum several models penetration .mpg.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Windows\WinSxS\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_10.0.19041.1_none_4ab14109a3e1e067\tyrkish fetish beastiality lesbian stockings (Jenna).rar.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.789_en-us_58ebf9ecc407e3c0\action uncut wifey .avi.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_2610450c30b37cc4\spanish blowjob uncut (Liz,Sandy).mpeg.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-m..ineshared.resources_31bf3856ad364e35_10.0.19041.1_en-us_a4327320c19e2fa7\cum licking traffic (Sylvia,Karin).rar.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Windows\WinSxS\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_10.0.19041.1_none_a723631dce180fe0\xxx animal public .mpg.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Windows\WinSxS\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_10.0.19041.1_none_c049dbdb4e15bdd2\handjob blowjob [bangbus] balls (Janette).avi.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_833abdc06c68d338\animal several models ash beautyfull .zip.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_6c85d64de79e0985\black gay horse [milf] ash stockings .mpeg.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-security-ntlmshared_31bf3856ad364e35_10.0.19041.1_none_7d9dab4e456449b1\chinese nude lingerie voyeur vagina .rar.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.1_none_6e0e425bd0e83959\animal [free] circumcision .avi.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Windows\WinSxS\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_10.0.19041.1_none_03040a328f65b761\african blowjob catfight .rar.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Windows\WinSxS\x86_microsoft-windows-m..-temptable-provider_31bf3856ad364e35_10.0.19041.1_none_77cfea69a421a4a1\malaysia horse big hole penetration (Karin).rar.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_4c786ae2f508e6d5\japanese bukkake full movie feet .avi.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_it-it_f1a0741e853eda74\blowjob masturbation glans mistress (Christine).rar.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_10.0.19041.207_none_e2f2dfeea7fa44fc\trambling nude catfight feet castration .mpg.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Windows\WinSxS\x86_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_10.0.19041.1_none_34e3bab50607a64b\japanese horse [free] swallow .mpg.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_ca03036af4a5017e\norwegian fetish uncut feet girly .mpg.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_es-es_30d7585a049f5b52\asian nude porn lesbian .zip.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.1_none_7862ecae0548fb54\canadian beast catfight boobs 50+ (Curtney,Kathrin).rar.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.867_none_c29826784f9429f8\black fucking fucking big hole ejaculation .avi.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_es-es_8da1621e0a800290\italian xxx fucking public (Sylvia).avi.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.1_none_b6514808f7d87b1a\cumshot nude hot (!) YEâPSè& .rar.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Windows\PLA\Templates\french gay sleeping shower (Samantha,Jenna).rar.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\french blowjob catfight vagina ΋ .avi.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_it-it_72a319bf8ee74a9b\black hardcore [free] girly (Melissa).zip.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_f8d34ba1b1eb00de\spanish beastiality masturbation (Sonja,Ashley).avi.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_6c6bd34f082a97f1\danish sperm cumshot voyeur circumcision .mpeg.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_b597a55b603b537d\beast hot (!) swallow (Sandy,Sylvia).mpeg.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\african beast blowjob big ejaculation (Liz,Christine).rar.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_1bbb9ab9fc52bac9\japanese hardcore big redhair .zip.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..-kf-commondownloads_31bf3856ad364e35_10.0.19041.1_none_a914e3e3f19ceda1\cumshot kicking full movie hole (Tatjana).mpeg.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Windows\SystemResources\Windows.UI.ShellCommon\SharePickerUI\cum [free] (Anniston,Gina).zip.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1202_none_d8a1416ab7cccdcf\french fucking beast girls granny .mpeg.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_it-it_bdb6c49fcea35732\russian cum kicking catfight nipples (Liz,Jade).rar.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.1_none_c6da8048542fddc7\french lingerie catfight shoes .rar.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..ervices-tsfairshare_31bf3856ad364e35_10.0.19041.1_none_e32b64807ab11fd2\italian beast [bangbus] high heels .mpg.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-update-upshared_31bf3856ad364e35_10.0.19041.84_none_85259eff919b7c9e\german action big mature (Christine,Curtney).rar.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.746_none_a06b29f6c4bab99e\fetish catfight young .mpg.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Windows\Downloaded Program Files\porn action voyeur vagina ejaculation (Britney,Karin).rar.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.867_en-us_49453482f1fb5356\british gang bang beastiality uncut mature .mpeg.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_10.0.19041.1_none_ae957c4c35a7bf73\blowjob horse [bangbus] .rar.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_de-de_e4e52f411b7b0526\lingerie hot (!) .avi.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_10.0.19041.1_none_91025638be651781\gay hot (!) high heels .zip.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_it-it_56adcc94becfef03\german horse porn lesbian hotel .zip.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_2fe79eae2833b9b1\gay sleeping wifey .rar.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.572_none_cf90e12518baac85\beastiality hardcore several models castration (Jade).mpeg.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..mon-sharedresources_31bf3856ad364e35_10.0.19041.1_none_5417ea1f38dbb76b\italian nude voyeur Ôï .mpg.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Windows\mssrv.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\templates\cumshot [milf] nipples 50+ .mpg.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d38ece58f77171b4\trambling bukkake big boobs .zip.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_es-es_e5c3ad79c4e34ebb\brasilian beast fetish big legs (Jade).mpeg.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.746_none_96167fa49059f7a3\tyrkish kicking fetish catfight .avi.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.906_none_f962ab5f47e1e896\handjob fucking catfight upskirt .rar.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
File created C:\Windows\WinSxS\amd64_netfx-aspnet-nonwow64-shared_b03f5f7f11d50a3a_4.0.19041.1_none_d66d07dacac85e2d\indian lingerie porn catfight hole traffic .zip.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2648 wrote to memory of 2244 N/A C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe
PID 2648 wrote to memory of 2244 N/A C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe
PID 2648 wrote to memory of 2244 N/A C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe
PID 2648 wrote to memory of 1320 N/A C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe
PID 2648 wrote to memory of 1320 N/A C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe
PID 2648 wrote to memory of 1320 N/A C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe
PID 2244 wrote to memory of 5064 N/A C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe
PID 2244 wrote to memory of 5064 N/A C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe
PID 2244 wrote to memory of 5064 N/A C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe

Processes

C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe

"C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe"

C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe

"C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe"

C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe

"C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe"

C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe

"C:\Users\Admin\AppData\Local\Temp\61d6d34e6f1c55cadd529769e099f2bd1d11e65862d0d4bafbb5d35c83dfcdef.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 0.204.248.87.in-addr.arpa udp
US 8.8.8.8:53 76.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 157.13.229.108.in-addr.arpa udp
US 8.8.8.8:53 19.233.67.56.in-addr.arpa udp
US 8.8.8.8:53 140.71.91.104.in-addr.arpa udp
US 8.8.8.8:53 8.45.208.225.in-addr.arpa udp
US 8.8.8.8:53 253.75.250.104.in-addr.arpa udp
US 8.8.8.8:53 222.194.132.7.in-addr.arpa udp
US 8.8.8.8:53 130.133.46.165.in-addr.arpa udp
US 8.8.8.8:53 127.66.119.92.in-addr.arpa udp
US 8.8.8.8:53 215.218.202.118.in-addr.arpa udp
US 8.8.8.8:53 237.51.114.181.in-addr.arpa udp
US 8.8.8.8:53 215.166.239.188.in-addr.arpa udp
US 8.8.8.8:53 143.111.27.202.in-addr.arpa udp
US 8.8.8.8:53 191.227.12.191.in-addr.arpa udp
US 8.8.8.8:53 238.62.17.245.in-addr.arpa udp
US 8.8.8.8:53 56.131.18.202.in-addr.arpa udp
US 8.8.8.8:53 154.145.75.66.in-addr.arpa udp
US 8.8.8.8:53 255.31.167.203.in-addr.arpa udp
US 8.8.8.8:53 216.210.67.151.in-addr.arpa udp
US 8.8.8.8:53 135.137.131.40.in-addr.arpa udp
US 8.8.8.8:53 227.222.67.198.in-addr.arpa udp
US 8.8.8.8:53 209.155.85.117.in-addr.arpa udp
US 8.8.8.8:53 249.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 63.15.41.75.in-addr.arpa udp
US 8.8.8.8:53 115.16.100.63.in-addr.arpa udp
US 8.8.8.8:53 28.145.135.63.in-addr.arpa udp
US 8.8.8.8:53 252.242.63.116.in-addr.arpa udp
US 8.8.8.8:53 255.254.6.86.in-addr.arpa udp
US 8.8.8.8:53 172.126.152.115.in-addr.arpa udp
US 8.8.8.8:53 218.112.149.93.in-addr.arpa udp
US 8.8.8.8:53 192.60.124.37.in-addr.arpa udp
US 8.8.8.8:53 149.166.227.49.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 156.150.28.16.in-addr.arpa udp
US 8.8.8.8:53 87.111.190.110.in-addr.arpa udp
US 8.8.8.8:53 139.14.140.71.in-addr.arpa udp
US 8.8.8.8:53 252.114.138.243.in-addr.arpa udp
US 8.8.8.8:53 189.142.139.244.in-addr.arpa udp
US 8.8.8.8:53 214.30.203.239.in-addr.arpa udp
US 8.8.8.8:53 169.112.12.53.in-addr.arpa udp
US 8.8.8.8:53 102.70.174.6.in-addr.arpa udp
US 8.8.8.8:53 216.188.251.180.in-addr.arpa udp
US 8.8.8.8:53 36.23.20.252.in-addr.arpa udp
US 8.8.8.8:53 15.27.109.19.in-addr.arpa udp
US 8.8.8.8:53 173.87.207.200.in-addr.arpa udp
US 8.8.8.8:53 157.61.171.163.in-addr.arpa udp
US 8.8.8.8:53 52.71.166.128.in-addr.arpa udp
US 8.8.8.8:53 205.176.53.49.in-addr.arpa udp
US 8.8.8.8:53 146.207.72.1.in-addr.arpa udp
US 8.8.8.8:53 179.68.1.105.in-addr.arpa udp
US 8.8.8.8:53 70.106.82.171.in-addr.arpa udp
US 8.8.8.8:53 226.87.42.227.in-addr.arpa udp
US 8.8.8.8:53 134.238.191.179.in-addr.arpa udp
US 8.8.8.8:53 100.115.159.133.in-addr.arpa udp
US 8.8.8.8:53 197.131.176.250.in-addr.arpa udp
US 8.8.8.8:53 192.60.237.195.in-addr.arpa udp
US 8.8.8.8:53 48.188.171.90.in-addr.arpa udp
US 8.8.8.8:53 15.133.61.197.in-addr.arpa udp
US 8.8.8.8:53 119.191.171.201.in-addr.arpa udp
US 8.8.8.8:53 117.74.229.27.in-addr.arpa udp
US 8.8.8.8:53 197.158.212.28.in-addr.arpa udp
US 8.8.8.8:53 253.115.25.90.in-addr.arpa udp
US 8.8.8.8:53 21.50.197.120.in-addr.arpa udp
US 8.8.8.8:53 55.241.94.68.in-addr.arpa udp
US 8.8.8.8:53 16.76.198.201.in-addr.arpa udp
US 8.8.8.8:53 udp

Files

memory/2648-0-0x0000000000400000-0x000000000041E000-memory.dmp

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\malaysia lesbian masturbation hotel .mpg.exe

MD5 5dd04a3278e4076f1fb292cd91d009b3
SHA1 d07ea3c605e534af2ca3b626fc8afa38434dfe7b
SHA256 c894edbbebb5134ce16bcf92ad38459f59c714347456221850ed6898b0c635ba
SHA512 3cad78a8cadddb26bf3fab23cfa293f64a910a434b3d57155afc4470caf082cb18195d0e630ea806be080cb9dd092766d2a2bb7aec01a7506b134595917088bd

memory/2244-119-0x0000000000400000-0x000000000041E000-memory.dmp

memory/5064-165-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2648-182-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2244-183-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1320-184-0x0000000000400000-0x000000000041E000-memory.dmp

memory/5064-185-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2648-187-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2648-188-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2648-194-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2648-204-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2648-208-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2648-213-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2648-217-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2648-221-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2648-225-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2648-229-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2648-233-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2648-237-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2648-241-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2648-245-0x0000000000400000-0x000000000041E000-memory.dmp