Malware Analysis Report

2025-03-14 22:45

Sample ID 240406-1tachacb5y
Target 69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456
SHA256 69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456
Tags
persistence spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456

Threat Level: Known bad

The file 69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456 was found to be: Known bad.

Malicious Activity Summary

persistence spyware stealer

Detects executables containing possible sandbox analysis VM usernames

Detects executables containing possible sandbox analysis VM usernames

Reads user/profile data of web browsers

Checks computer location settings

Adds Run key to start application

Enumerates connected drives

Drops file in System32 directory

Drops file in Program Files directory

Drops file in Windows directory

Enumerates physical storage devices

Unsigned PE

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-06 21:55

Signatures

Detects executables containing possible sandbox analysis VM usernames

Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-04-06 21:55

Reported

2024-04-06 21:58

Platform

win10v2004-20240319-en

Max time kernel

150s

Max time network

156s

Command Line

"C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe"

Signatures

Detects executables containing possible sandbox analysis VM usernames

Description Indicator Process Target
N/A N/A N/A N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\IME\SHARED\french fetish several models stockings .zip.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\canadian fetish sleeping blondie .rar.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\indian lesbian hardcore [bangbus] nipples (Jenna,Sarah).zip.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\porn catfight nipples 40+ (Britney).avi.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\gay horse big boots .zip.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\handjob horse several models (Samantha,Sandy).avi.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\chinese kicking masturbation bondage .zip.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\american animal hot (!) .avi.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Windows\SysWOW64\IME\SHARED\porn catfight nipples gorgeoushorny .avi.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\canadian fetish cumshot masturbation .rar.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Windows\System32\DriverStore\Temp\russian hardcore kicking sleeping high heels (Anniston,Jenna).avi.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Windows\System32\LogFiles\Fax\Incoming\italian porn full movie .rar.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\horse fetish [bangbus] bondage (Anniston,Christine).mpg.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\xxx animal uncut bedroom .mpg.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\sperm lingerie lesbian .mpeg.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Program Files\Windows Sidebar\Shared Gadgets\fetish nude [milf] ash .avi.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Program Files (x86)\Google\Temp\italian cumshot big glans (Tatjana,Sarah).rar.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\sperm big granny .rar.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Install\{D3EA2F86-0081-495C-8439-1E64CA71F999}\EDGEMITMP_57EE5.tmp\fetish big (Sarah,Gina).mpeg.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\horse lingerie several models 50+ .mpeg.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Program Files\Common Files\microsoft shared\german bukkake masturbation .zip.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\nude horse masturbation stockings (Sonja,Karin).avi.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\british bukkake cum full movie bondage .avi.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\danish action girls lady .avi.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\american handjob beastiality big vagina girly (Kathrin,Jade).avi.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Program Files (x86)\Google\Update\Download\american lesbian horse masturbation sweet .avi.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Program Files\Microsoft Office\Updates\Download\tyrkish gang bang [free] (Karin).rar.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\horse girls mature .rar.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\black lingerie big cock .mpg.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\brasilian kicking big circumcision (Jenna,Sonja).zip.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\animal voyeur (Jenna).avi.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d38ece58f77171b4\brasilian trambling horse girls feet leather .mpg.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_ab42fb092bda9182\brasilian beast masturbation nipples ejaculation .mpg.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_ca03036af4a5017e\lesbian gay full movie swallow (Anniston).avi.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-m..ineshared.resources_31bf3856ad364e35_10.0.19041.1_en-us_99ddc8ce8d3d6dac\black horse voyeur glans .zip.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_2fe79eae2833b9b1\african animal [free] .rar.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-u..ell-sharedutilities_31bf3856ad364e35_10.0.19041.1_none_813610a8a9b59e0a\asian action lesbian traffic (Sonja,Samantha).avi.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_10.0.19041.1_none_01240756137c3159\fetish sleeping wifey .zip.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_it-it_1a80ce63d483fe70\cumshot animal masturbation titts wifey .avi.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_es-es_c9ce604ef4cbf323\hardcore xxx uncut feet .mpg.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_6c85d64de79e0985\kicking masturbation wifey .rar.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_621728fcd3c9d5f6\malaysia xxx nude sleeping .zip.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_10.0.19041.1_none_965fbcbe4df0916b\xxx kicking hot (!) glans boots .rar.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.1_none_7862ecae0548fb54\indian animal action hot (!) .mpeg.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\kicking public (Sylvia).zip.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\Downloads\sperm animal lesbian .mpeg.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_it-it_bdb6c49fcea35732\swedish nude fucking big .mpg.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.153_none_e23c926e32d07dc1\cum fetish several models .mpg.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Windows\CbsTemp\norwegian animal gang bang full movie hotel .rar.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\black cumshot several models black hairunshaved .zip.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.746_none_d01527cffa9c25bc\brasilian fucking hidden .zip.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_es-es_bf79b5fcc06b3128\porn lesbian uncut (Gina).mpeg.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.1266_none_7916f7558927ae23\asian xxx [milf] Ôï (Liz).avi.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.1_none_abfc9db6c377b91f\trambling voyeur .rar.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1288_none_56c05939711f0938\chinese bukkake hot (!) titts bedroom (Gina).zip.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedrealitysvc_31bf3856ad364e35_10.0.19041.1_none_5a23b464e1e0b15e\brasilian porn cum masturbation gorgeoushorny .avi.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_10.0.19041.1_none_4ac6500cab2b2113\beast sleeping .mpeg.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..acejoin-gptemplates_31bf3856ad364e35_10.0.19041.1_none_609f27436445f4da\spanish beast blowjob licking .avi.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Windows\WinSxS\amd64_netfx-aspnet-sharedcomponents_b03f5f7f11d50a3a_4.0.19041.1_none_47ca94859da20b28\lesbian horse lesbian YEâPSè& (Jade).avi.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\japanese fetish big .zip.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_f3b35d713ce0fc7f\nude [milf] .rar.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_10.0.19041.207_none_e2f2dfeea7fa44fc\malaysia hardcore girls vagina 50+ .avi.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_f8d34ba1b1eb00de\malaysia lesbian [free] .avi.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_f07d4fae3e8e883f\fucking masturbation castration (Jenna).mpg.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_e79b400a6df5fd2c\italian action [milf] glans beautyfull (Britney).mpeg.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\trambling several models femdom .mpeg.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.867_en-us_49453482f1fb5356\porn lingerie [free] granny .mpeg.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1_none_97e9c0335b4cd39a\blowjob lingerie uncut stockings .avi.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1_none_a23e6a858fad9595\action public hole wifey .mpg.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-a..gement-uevtemplates_31bf3856ad364e35_10.0.19041.1_none_0d66b54875835a49\indian nude public circumcision .rar.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.844_none_67b5915b5651dd8a\american sperm fetish hot (!) YEâPSè& .avi.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_19d22204a1f3fcaf\norwegian lingerie beastiality [bangbus] .mpeg.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_en-us_64f5aaf4bb13ecef\british handjob cum several models vagina (Kathrin).avi.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-u..tyvm-sysprep-shared_31bf3856ad364e35_10.0.19041.1_none_3ba048793ab5eb3f\beastiality full movie .mpeg.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-security-ntlmshared_31bf3856ad364e35_10.0.19041.1_none_7d9dab4e456449b1\french gang bang [bangbus] hotel .zip.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Windows\WinSxS\x86_microsoft-windows-m..-temptable-provider_31bf3856ad364e35_10.0.19041.1_none_77cfea69a421a4a1\spanish action licking boobs Ôï .mpeg.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Windows\Downloaded Program Files\chinese kicking uncut ìó .zip.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1151_none_fbdc4c5f677dc2ec\canadian beast [milf] .zip.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Windows\WinSxS\InstallTemp\british bukkake porn girls hole .mpg.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.1_none_4a03fd12cb3f16c2\indian trambling cumshot voyeur .mpg.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_2610450c30b37cc4\lesbian sleeping ash (Sarah,Samantha).rar.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Windows\SystemResources\Windows.ShellCommon.SharedResources\cumshot voyeur .zip.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_it-it_72a319bf8ee74a9b\german horse big nipples stockings .mpg.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Windows\WinSxS\amd64_netfx4-installsqlstatetemplate_sql_b03f5f7f11d50a3a_4.0.15805.0_none_7636d1cd418015c8\horse nude hidden bondage .rar.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\chinese beast public granny .mpg.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ces-ime-eashared-lm_31bf3856ad364e35_10.0.19041.1_none_3d0229d17c310f10\trambling sleeping pregnant .avi.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Windows\WinSxS\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_10.0.19041.1_none_a723631dce180fe0\gang bang voyeur .rar.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\canadian beastiality catfight .rar.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Windows\WinSxS\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_10.0.19041.1_none_359f84f8e5af60e2\chinese fucking lesbian stockings (Liz,Ashley).zip.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.1_none_d12f2a9a88909fc2\kicking hidden boobs (Curtney).mpg.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Windows\WinSxS\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_10.0.19041.1_none_4ab14109a3e1e067\french xxx voyeur ash mistress .rar.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c3d467c525734eb3\indian cum gang bang public .avi.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\beastiality catfight .zip.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_es-es_8da1621e0a800290\italian horse uncut .mpeg.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.789_en-us_58ebf9ecc407e3c0\lesbian handjob licking (Sandy,Curtney).mpg.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3504 wrote to memory of 388 N/A C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe
PID 3504 wrote to memory of 388 N/A C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe
PID 3504 wrote to memory of 388 N/A C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe
PID 3504 wrote to memory of 5080 N/A C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe
PID 3504 wrote to memory of 5080 N/A C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe
PID 3504 wrote to memory of 5080 N/A C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe
PID 388 wrote to memory of 3532 N/A C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe
PID 388 wrote to memory of 3532 N/A C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe
PID 388 wrote to memory of 3532 N/A C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe

Processes

C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe

"C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe"

C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe

"C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe"

C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe

"C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe"

C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe

"C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4480 --field-trial-handle=2292,i,2927097380497635931,2014459809064723663,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 26.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 14.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 11.2.37.23.in-addr.arpa udp
NL 142.250.179.138:443 tcp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
GB 172.165.61.93:443 tcp
IE 94.245.104.56:443 tcp
GB 51.140.244.186:443 tcp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 134.71.91.104.in-addr.arpa udp
US 13.107.246.64:443 tcp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 251.33.61.39.in-addr.arpa udp
US 8.8.8.8:53 2.150.18.220.in-addr.arpa udp
US 8.8.8.8:53 201.57.32.158.in-addr.arpa udp
US 8.8.8.8:53 30.22.27.224.in-addr.arpa udp
US 8.8.8.8:53 76.27.251.107.in-addr.arpa udp
US 8.8.8.8:53 16.41.133.33.in-addr.arpa udp
US 8.8.8.8:53 232.185.173.122.in-addr.arpa udp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 213.250.15.117.in-addr.arpa udp
US 8.8.8.8:53 60.85.65.239.in-addr.arpa udp
US 8.8.8.8:53 243.50.73.44.in-addr.arpa udp
US 8.8.8.8:53 15.189.149.106.in-addr.arpa udp
US 8.8.8.8:53 28.238.110.82.in-addr.arpa udp
US 8.8.8.8:53 159.214.173.247.in-addr.arpa udp
US 8.8.8.8:53 133.252.198.86.in-addr.arpa udp
US 8.8.8.8:53 2.15.196.156.in-addr.arpa udp
US 8.8.8.8:53 207.182.46.106.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 102.24.177.60.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 18.45.140.142.in-addr.arpa udp
US 8.8.8.8:53 103.20.145.148.in-addr.arpa udp
US 8.8.8.8:53 150.55.221.165.in-addr.arpa udp
US 8.8.8.8:53 177.33.189.61.in-addr.arpa udp
US 8.8.8.8:53 76.131.42.5.in-addr.arpa udp
US 8.8.8.8:53 128.42.183.137.in-addr.arpa udp
US 8.8.8.8:53 21.182.64.238.in-addr.arpa udp
US 8.8.8.8:53 235.83.40.86.in-addr.arpa udp
US 8.8.8.8:53 190.189.28.110.in-addr.arpa udp
US 8.8.8.8:53 160.13.111.8.in-addr.arpa udp
US 8.8.8.8:53 78.56.71.11.in-addr.arpa udp
US 8.8.8.8:53 178.138.45.218.in-addr.arpa udp
US 8.8.8.8:53 128.91.106.161.in-addr.arpa udp
US 8.8.8.8:53 91.251.188.154.in-addr.arpa udp
US 8.8.8.8:53 130.177.94.145.in-addr.arpa udp
US 8.8.8.8:53 74.155.73.1.in-addr.arpa udp
US 8.8.8.8:53 193.246.108.209.in-addr.arpa udp
US 8.8.8.8:53 200.197.112.76.in-addr.arpa udp
US 8.8.8.8:53 244.106.18.129.in-addr.arpa udp
US 8.8.8.8:53 27.73.42.20.in-addr.arpa udp
US 8.8.8.8:53 148.33.131.186.in-addr.arpa udp

Files

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\xxx animal uncut bedroom .mpg.exe

MD5 90154a61293c1a3eb14e25937c895f22
SHA1 35c125877617a14b628a24697e96a68bf4716249
SHA256 5ec28da1367154e6a4dd63ddb3bb0a1a5a80d682984a6ebbb4d3bed8e3e7f65d
SHA512 83c54b1619299fa134e9927c12d41b5654b96af88885b8109765b2531791de6491bc408a3cfd050db2223d692791d10ccf8315175b85c85830b873d3b3319642

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-06 21:55

Reported

2024-04-06 21:58

Platform

win7-20240221-en

Max time kernel

150s

Max time network

146s

Command Line

"C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe"

Signatures

Detects executables containing possible sandbox analysis VM usernames

Description Indicator Process Target
N/A N/A N/A N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\FxsTmp\italian fetish xxx public .avi.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\black action bukkake voyeur cock .avi.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\indian porn lingerie [bangbus] bondage .mpg.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\italian cumshot lingerie masturbation glans femdom (Sarah).zip.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\beast voyeur granny .avi.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\japanese cum sperm full movie glans castration .avi.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Windows\System32\DriverStore\Temp\swedish animal gay voyeur swallow .rar.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Windows\SysWOW64\IME\shared\trambling masturbation feet leather .zip.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Windows\System32\LogFiles\Fax\Incoming\hardcore masturbation .avi.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Windows\SysWOW64\IME\shared\tyrkish porn fucking several models hairy .zip.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\DVD Maker\Shared\lingerie hidden .zip.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Program Files (x86)\Google\Update\Download\lesbian big .mpeg.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\american horse blowjob [milf] .avi.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\tyrkish porn fucking hot (!) glans redhair (Janette).avi.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Program Files\Windows Journal\Templates\black cum sperm full movie cock .rar.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Program Files (x86)\Google\Temp\indian fetish hardcore hidden hole bedroom (Sarah).mpeg.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\hardcore big circumcision .zip.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\blowjob masturbation traffic (Kathrin,Curtney).zip.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\bukkake [bangbus] feet .mpeg.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Program Files\Windows Sidebar\Shared Gadgets\fucking uncut hole .avi.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\trambling several models .rar.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\lingerie several models (Sylvia).mpg.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\japanese nude lesbian uncut femdom .avi.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\black action horse [milf] sm .mpeg.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\swedish porn gay licking cock mature .mpeg.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_aea650787d30ed8a\asian horse lesbian glans sweet (Sarah).rar.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\hardcore public hole high heels .mpeg.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_657d9a203abeb154\african lingerie hot (!) .mpeg.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8bfc34b93f0fdd42\nude bukkake public girly (Sandy,Melissa).mpg.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ad7c61fb28607522\american action blowjob catfight titts .zip.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\indian porn beast [bangbus] circumcision (Christine,Sylvia).zip.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\russian porn hardcore masturbation mistress .avi.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_d81c96999f75bd77\cumshot sperm lesbian cock hotel (Sarah).avi.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_it-it_18a6fde3093acac7\african blowjob girls glans pregnant (Tatjana).mpeg.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_60c2504d62fd4f0e\norwegian fucking big (Sarah).rar.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Windows\winsxs\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_a945e2c500c90142\beastiality horse masturbation balls .rar.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\beast sleeping titts (Kathrin,Jade).mpg.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\brasilian animal lingerie catfight pregnant .avi.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5d9f7d70ed4643fd\chinese fucking full movie mature .zip.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_ddab3bcb3a4ffb45\lesbian [bangbus] hole fishy .zip.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Windows\PLA\Templates\tyrkish animal lingerie public ejaculation .mpeg.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_6f0f7833cb71e18d\gang bang gay masturbation (Jade).avi.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_6b16fa9f975e1109\brasilian cum blowjob girls granny .rar.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_cd2006602e5ee22e\horse hardcore hot (!) glans traffic .zip.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ac16749b75335680\beastiality lesbian hot (!) granny (Anniston,Curtney).mpeg.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Windows\mssrv.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Windows\security\templates\fucking hot (!) (Samantha).mpeg.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\indian handjob gay lesbian hole sweet .mpeg.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_39c9d74ef2ad6c7b\beastiality fucking big feet traffic .avi.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\italian handjob fucking licking fishy .avi.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_6.1.7600.16385_none_6377027f0030a06a\lingerie [bangbus] cock (Anniston,Sarah).rar.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_6.1.7600.16385_none_49dd84a06c7c8863\animal sperm several models cock .rar.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_6.1.7600.16385_none_a727eb798dcfb185\fetish bukkake full movie hole castration (Sarah).mpg.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_60a2cbbf935c42b4\kicking bukkake catfight .rar.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Windows\winsxs\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_5e4ff1f4cf2dee9b\kicking horse several models hole ìï .rar.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e30b5ec05031d17d\indian handjob fucking full movie (Melissa).zip.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_6.1.7600.16385_none_5499606faffb3f9f\asian hardcore [milf] hole femdom .mpg.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_6208b91f46896156\british xxx uncut feet latex .rar.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_97a45841ff925aa0\xxx public hole (Sonja,Melissa).avi.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_d8216ed3d8746200\handjob blowjob girls hole penetration .rar.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\lesbian big .avi.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\russian nude blowjob big hairy .rar.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Windows\assembly\temp\trambling sleeping bedroom .mpeg.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_6.1.7600.16385_none_2958d4a31d2ec64f\asian fucking girls feet (Sandy,Samantha).mpg.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\russian cum sperm full movie hole 50+ .rar.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\beast uncut glans young .rar.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_293ea1e3e6bc5364\cum lingerie full movie stockings .mpeg.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_94828572f7ddbf0f\tyrkish fetish bukkake big glans shower (Samantha).mpeg.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_79642285ffd2a388\american beastiality gay several models sm .zip.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\russian gang bang xxx lesbian titts boots .mpg.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_f27c4f066f5c6701\fetish fucking public hairy (Jenna,Liz).zip.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f25d066604c2ad34\spanish bukkake full movie cock .rar.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_515dc677700303ec\handjob fucking hot (!) fishy .avi.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_4d274741486b900c\porn lingerie hot (!) .avi.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\bukkake uncut circumcision (Christine,Liz).mpg.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Windows\winsxs\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_39374e2435a71b47\german blowjob uncut (Curtney).mpeg.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Windows\winsxs\InstallTemp\chinese blowjob [bangbus] sweet .mpeg.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_f3c374fc18118ca2\nude blowjob hot (!) (Samantha).mpg.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_7bfdfb15e7184c41\asian xxx [free] glans young (Sylvia).zip.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_aedaf3947d09fbe5\malaysia horse hot (!) feet ash .rar.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\bukkake [milf] .mpg.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Windows\winsxs\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_dba3691c6002e10e\tyrkish gang bang bukkake hot (!) fishy (Kathrin,Samantha).mpeg.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_963e6ae24c653bfe\animal fucking [milf] cock black hairunshaved .mpeg.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_387a16fe7addf3b6\asian fucking [milf] blondie .zip.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_94ab98ac6d213009\blowjob catfight bedroom (Anniston,Tatjana).avi.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\xxx [free] hotel .rar.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\russian action bukkake voyeur .mpeg.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a3772de7111797da\brasilian gang bang beast [milf] feet shower (Jade).mpeg.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_6.1.7600.16385_none_af6f98ff87b0e3cc\norwegian beast [milf] black hairunshaved .mpg.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2944 wrote to memory of 2812 N/A C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe
PID 2944 wrote to memory of 2812 N/A C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe
PID 2944 wrote to memory of 2812 N/A C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe
PID 2944 wrote to memory of 2812 N/A C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe
PID 2812 wrote to memory of 1944 N/A C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe
PID 2812 wrote to memory of 1944 N/A C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe
PID 2812 wrote to memory of 1944 N/A C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe
PID 2812 wrote to memory of 1944 N/A C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe

Processes

C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe

"C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe"

C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe

"C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe"

C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe

"C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 254.28.125.237.in-addr.arpa udp
US 8.8.8.8:53 244.134.41.44.in-addr.arpa udp
US 8.8.8.8:53 169.33.135.155.in-addr.arpa udp
US 8.8.8.8:53 40.79.134.50.in-addr.arpa udp
US 8.8.8.8:53 29.21.254.32.in-addr.arpa udp
US 8.8.8.8:53 206.70.235.80.in-addr.arpa udp
US 8.8.8.8:53 238.223.211.46.in-addr.arpa udp
US 8.8.8.8:53 120.248.13.127.in-addr.arpa udp
US 8.8.8.8:53 34.234.238.105.in-addr.arpa udp
US 8.8.8.8:53 243.11.183.237.in-addr.arpa udp
US 8.8.8.8:53 183.141.81.135.in-addr.arpa udp
US 8.8.8.8:53 215.91.122.153.in-addr.arpa udp
US 8.8.8.8:53 59.238.90.237.in-addr.arpa udp
US 8.8.8.8:53 56.64.137.8.in-addr.arpa udp
US 8.8.8.8:53 209.42.114.251.in-addr.arpa udp
US 8.8.8.8:53 163.125.118.121.in-addr.arpa udp
US 8.8.8.8:53 104.126.114.154.in-addr.arpa udp
US 8.8.8.8:53 151.214.98.169.in-addr.arpa udp
US 8.8.8.8:53 81.227.193.30.in-addr.arpa udp
US 8.8.8.8:53 18.196.89.53.in-addr.arpa udp
US 8.8.8.8:53 170.205.184.123.in-addr.arpa udp
US 8.8.8.8:53 76.52.210.247.in-addr.arpa udp
US 8.8.8.8:53 250.230.215.14.in-addr.arpa udp
US 8.8.8.8:53 226.9.143.86.in-addr.arpa udp
US 8.8.8.8:53 159.37.219.90.in-addr.arpa udp
US 8.8.8.8:53 183.53.185.241.in-addr.arpa udp
US 8.8.8.8:53 3.176.181.4.in-addr.arpa udp
US 8.8.8.8:53 186.252.14.188.in-addr.arpa udp

Files

C:\Program Files\Windows Sidebar\Shared Gadgets\fucking uncut hole .avi.exe

MD5 7d5e4fc57582d3a61f14c4d6445c27b6
SHA1 bd2d06972dc95aa0d39e0dea8b5d27f4bbbb27a0
SHA256 576e74fb4b303ec80ac1f9008edd08ad340b7374cee1746377a97dddc754ec93
SHA512 c12246f18698c1f67d39a5720108ed0fa0bb66c8d2265866b983eb090d40a388ff325ca225ddcb60de1efbd3ced279282764b782a57bacfda24465983ecc63c5

C:\debug.txt

MD5 d2733faed99a00ac4ab804f97eaa728c
SHA1 494d6ff3faddc515c72660a641a2b8d2e33f87c4
SHA256 f22456c001d754b925cec4f7d329d108dc3bcbd2535900f7ab130d727e9d19ce
SHA512 efa53d1e33090e6bb7fe4b1732be4d1b240f7d1193a045ab3c84030ccd7d129af317b6388b9bd2201b2f9dde91afdcc65502e22793d8bd04ea2c51696c524daf