Malware Analysis Report

2025-03-14 22:35

Sample ID 240406-2cp73ade33
Target 76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733
SHA256 76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733
Tags
persistence spyware stealer upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733

Threat Level: Known bad

The file 76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733 was found to be: Known bad.

Malicious Activity Summary

persistence spyware stealer upx

UPX dump on OEP (original entry point)

Detects executables containing possible sandbox analysis VM usernames

UPX dump on OEP (original entry point)

UPX packed file

Reads user/profile data of web browsers

Checks computer location settings

Enumerates connected drives

Adds Run key to start application

Drops file in System32 directory

Drops file in Program Files directory

Drops file in Windows directory

Unsigned PE

Enumerates physical storage devices

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-06 22:26

Signatures

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-04-06 22:26

Reported

2024-04-06 22:29

Platform

win10v2004-20231215-en

Max time kernel

150s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe"

Signatures

Detects executables containing possible sandbox analysis VM usernames

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\IME\SHARED\brasilian horse horse girls (Tatjana).rar.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\russian porn fucking hot (!) titts castration (Sylvia).zip.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\brasilian handjob sperm public redhair .zip.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Windows\SysWOW64\IME\SHARED\black action lesbian voyeur ash .mpeg.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\danish cum gay licking shower .zip.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\hardcore hidden fishy .zip.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\indian nude lesbian [free] .mpeg.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Windows\System32\DriverStore\Temp\russian action gay masturbation fishy .mpeg.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Windows\System32\LogFiles\Fax\Incoming\japanese animal sperm uncut YEâPSè& .rar.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\tyrkish horse xxx [free] (Melissa).avi.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\blowjob sleeping balls .mpg.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\indian handjob hardcore hidden titts .mpg.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Templates\danish action trambling [free] swallow .zip.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Program Files (x86)\Google\Temp\black fetish blowjob full movie hole redhair (Janette).mpeg.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\horse sleeping (Melissa).rar.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Program Files\dotnet\shared\lingerie uncut titts .mpeg.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\black cumshot sperm masturbation .mpeg.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Program Files\Windows Sidebar\Shared Gadgets\american handjob blowjob full movie latex .mpeg.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\indian porn fucking big glans traffic (Liz).mpeg.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\bukkake full movie feet ash (Melissa).avi.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\brasilian nude lingerie hot (!) cock .avi.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\american gang bang xxx catfight .zip.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Program Files\Common Files\microsoft shared\swedish beastiality beast sleeping feet latex .mpeg.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\sperm full movie hole 40+ .avi.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Program Files (x86)\Google\Update\Download\fucking lesbian (Curtney).zip.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\trambling lesbian .avi.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Program Files\Microsoft Office\Updates\Download\gay licking titts 50+ (Janette).mpg.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\african bukkake hot (!) .mpg.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\swedish porn horse sleeping .rar.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\horse lesbian cock 50+ (Sylvia).mpeg.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.964_none_1c1a193f5bfcf136\german lingerie catfight swallow .mpg.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_bca64d70c79f104b\japanese handjob blowjob voyeur feet .rar.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_833abdc06c68d338\norwegian beast hot (!) swallow .mpg.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_10.0.19041.207_none_e2f2dfeea7fa44fc\african gay big .avi.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedpc-sharedpccsp_31bf3856ad364e35_10.0.19041.1_none_24f622f1fc5a3f3c\african gay big titts lady .rar.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_fe0807c37141be7a\handjob horse girls .mpeg.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\trambling hot (!) glans bedroom .rar.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..ervices-tsfairshare_31bf3856ad364e35_10.0.19041.1_none_e32b64807ab11fd2\lingerie girls gorgeoushorny .avi.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.1_none_b201c2e68d8dbc0d\sperm masturbation cock balls .avi.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1_none_a23e6a858fad9595\beast hot (!) .rar.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_de-de_881b257d159a5de8\bukkake voyeur hole mistress (Liz).zip.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.867_none_c29826784f9429f8\black beastiality beast masturbation granny .mpg.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..-kf-commondownloads_31bf3856ad364e35_10.0.19041.1_none_a914e3e3f19ceda1\african gay girls (Karin).mpg.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.84_none_c494b3b28da10665\italian porn hardcore hidden redhair .mpg.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_3a3c49005c947bac\american horse blowjob girls YEâPSè& .rar.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\italian kicking bukkake uncut hole .mpeg.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Windows\CbsTemp\lesbian hidden .mpg.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Windows\Downloaded Program Files\xxx masturbation titts bedroom .rar.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_215194e2327a46ac\brasilian porn beast [milf] 50+ .mpeg.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Windows\security\templates\tyrkish cum gay hot (!) blondie .avi.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.746_none_d404daff82e97769\black action blowjob hot (!) (Janette).mpg.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..ervices-tsfairshare_31bf3856ad364e35_10.0.19041.746_none_0b33a1c93a22de1c\japanese fetish bukkake [free] (Tatjana).zip.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_2610450c30b37cc4\spanish lesbian hot (!) glans penetration (Sarah).avi.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_de-de_e4e52f411b7b0526\canadian trambling big hole circumcision (Liz).mpg.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Windows\WinSxS\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_10.0.19041.1_none_15ba23b7f1e2b81b\sperm licking glans shoes (Karin).avi.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.572_none_cf90e12518baac85\japanese porn fucking [milf] .mpeg.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.1_none_c6da8048542fddc7\swedish nude lesbian hidden young (Gina,Jade).mpeg.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_14c898cc82025c76\indian cum hardcore [bangbus] cock balls .mpeg.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..mon-sharedresources_31bf3856ad364e35_10.0.19041.1_none_5417ea1f38dbb76b\african beast [milf] cock .mpeg.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_89c0bf1761110f07\french fucking sleeping .mpg.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_10.0.19041.1_none_91025638be651781\brasilian kicking bukkake [bangbus] titts lady (Jade).zip.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_it-it_bdb6c49fcea35732\xxx [free] hole Ôï .zip.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_621728fcd3c9d5f6\swedish action sperm sleeping glans wifey .rar.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.84_none_81616275259e37fe\fetish trambling several models swallow .mpeg.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_de-de_16bd831fd16633be\bukkake uncut feet .mpg.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.1266_none_7916f7558927ae23\norwegian fucking catfight .avi.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_10.0.19041.746_none_292c449ed2edefa3\italian beastiality trambling uncut .zip.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-sx-shared_31bf3856ad364e35_10.0.19041.1_none_f8e978b0ed48a6bb\lesbian big boots .zip.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\templates\lesbian sleeping leather .avi.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1288_none_6115038ba57fcb33\italian fetish lingerie licking cock .rar.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Windows\WinSxS\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_10.0.19041.1_none_359f84f8e5af60e2\canadian xxx big ash .avi.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Windows\WinSxS\amd64_netfx4-uninstallsqlstatetemplate_sql_b03f5f7f11d50a3a_4.0.15805.0_none_db70a8ec1b999dd5\indian handjob xxx full movie girly .avi.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_6242879b1c08046f\indian animal xxx several models (Karin).avi.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-m..ineshared.resources_31bf3856ad364e35_10.0.19041.1_en-us_a4327320c19e2fa7\nude horse big (Sarah).mpeg.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\indian porn horse public feet .avi.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.153_none_e23c926e32d07dc1\action sperm public titts .avi.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1_none_3cfd44d351b1a8ab\canadian lingerie full movie titts fishy (Melissa).zip.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1_none_97e9c0335b4cd39a\chinese hardcore catfight .zip.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Windows\WinSxS\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_10.0.19041.1_none_03040a328f65b761\french gay voyeur glans (Ashley,Sylvia).avi.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.746_none_b53f8b98f2b3a373\malaysia lesbian [free] leather .mpg.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Windows\WinSxS\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_10.0.19041.1_none_a723631dce180fe0\cumshot trambling masturbation swallow .mpg.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\american kicking gay girls glans fishy (Janette).avi.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.928_none_33e0d5558cdd7c61\trambling big .mpeg.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_b1ffa0e7b4ed03e2\handjob xxx lesbian .mpg.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_fad1fa0072ef4a3a\french lesbian hidden boots .avi.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-update-upshared_31bf3856ad364e35_10.0.19041.84_none_85259eff919b7c9e\italian nude sperm catfight (Curtney).rar.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Windows\WinSxS\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_10.0.19041.1_none_c049dbdb4e15bdd2\russian cum hardcore [milf] .rar.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\templates\bukkake voyeur stockings .mpg.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-m..ineshared.resources_31bf3856ad364e35_10.0.19041.1_en-us_99ddc8ce8d3d6dac\beast hot (!) cock pregnant .zip.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_de-de_3d077a9cd5de5151\animal hardcore hot (!) feet bondage (Sylvia).mpg.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedrealitysvc_31bf3856ad364e35_10.0.19041.1_none_5a23b464e1e0b15e\brasilian porn trambling masturbation titts wifey (Sarah).rar.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.867_en-us_49453482f1fb5356\norwegian beast voyeur high heels .mpeg.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1288_none_56c05939711f0938\black cumshot horse hidden hole boots (Sarah).mpg.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Windows\WinSxS\amd64_netfx4-_dataoraclec.._shared12_neutral_h_b03f5f7f11d50a3a_4.0.15805.0_none_3b8d4dacc2ea6b71\american animal horse uncut hole 40+ .rar.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 872 wrote to memory of 2872 N/A C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe
PID 872 wrote to memory of 2872 N/A C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe
PID 872 wrote to memory of 2872 N/A C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe
PID 872 wrote to memory of 4456 N/A C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe
PID 872 wrote to memory of 4456 N/A C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe
PID 872 wrote to memory of 4456 N/A C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe
PID 2872 wrote to memory of 3520 N/A C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe
PID 2872 wrote to memory of 3520 N/A C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe
PID 2872 wrote to memory of 3520 N/A C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe

Processes

C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe

"C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe"

C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe

"C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe"

C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe

"C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe"

C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe

"C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe"

Network

Country Destination Domain Proto
GB 23.44.234.16:80 tcp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 178.223.142.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 71.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 159.113.53.23.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 241.37.39.41.in-addr.arpa udp
US 8.8.8.8:53 137.10.28.243.in-addr.arpa udp
US 8.8.8.8:53 244.71.5.204.in-addr.arpa udp
US 8.8.8.8:53 146.183.1.62.in-addr.arpa udp
US 8.8.8.8:53 37.185.93.189.in-addr.arpa udp
US 8.8.8.8:53 29.217.2.33.in-addr.arpa udp
US 8.8.8.8:53 187.83.237.207.in-addr.arpa udp
US 8.8.8.8:53 33.59.229.114.in-addr.arpa udp
US 8.8.8.8:53 8.99.139.109.in-addr.arpa udp
US 8.8.8.8:53 179.254.20.1.in-addr.arpa udp
US 8.8.8.8:53 152.238.53.136.in-addr.arpa udp
US 8.8.8.8:53 231.23.118.121.in-addr.arpa udp
US 8.8.8.8:53 6.184.122.146.in-addr.arpa udp
US 8.8.8.8:53 83.55.217.124.in-addr.arpa udp
US 8.8.8.8:53 65.153.180.247.in-addr.arpa udp
US 8.8.8.8:53 236.46.112.125.in-addr.arpa udp
US 8.8.8.8:53 134.21.148.22.in-addr.arpa udp
US 8.8.8.8:53 39.32.71.171.in-addr.arpa udp
US 8.8.8.8:53 1.136.40.181.in-addr.arpa udp
US 8.8.8.8:53 126.182.121.44.in-addr.arpa udp
US 8.8.8.8:53 156.134.123.61.in-addr.arpa udp
US 8.8.8.8:53 182.233.216.183.in-addr.arpa udp
US 8.8.8.8:53 39.49.195.234.in-addr.arpa udp
US 8.8.8.8:53 78.226.164.197.in-addr.arpa udp
US 8.8.8.8:53 197.217.49.115.in-addr.arpa udp
US 8.8.8.8:53 200.117.215.208.in-addr.arpa udp
US 8.8.8.8:53 26.2.241.140.in-addr.arpa udp
US 8.8.8.8:53 48.95.34.24.in-addr.arpa udp
US 8.8.8.8:53 187.140.131.36.in-addr.arpa udp
US 8.8.8.8:53 3.42.20.116.in-addr.arpa udp
US 8.8.8.8:53 126.221.164.14.in-addr.arpa udp
US 8.8.8.8:53 157.184.209.101.in-addr.arpa udp
US 8.8.8.8:53 233.184.83.195.in-addr.arpa udp
US 8.8.8.8:53 124.173.69.234.in-addr.arpa udp
US 8.8.8.8:53 160.194.187.136.in-addr.arpa udp
US 8.8.8.8:53 14.68.172.193.in-addr.arpa udp
US 8.8.8.8:53 145.50.145.51.in-addr.arpa udp
US 8.8.8.8:53 67.206.166.141.in-addr.arpa udp
US 8.8.8.8:53 226.68.190.34.in-addr.arpa udp
US 8.8.8.8:53 152.147.153.227.in-addr.arpa udp
US 8.8.8.8:53 184.71.199.234.in-addr.arpa udp
US 8.8.8.8:53 155.136.106.10.in-addr.arpa udp
US 8.8.8.8:53 113.51.245.123.in-addr.arpa udp
US 8.8.8.8:53 129.59.231.234.in-addr.arpa udp
US 8.8.8.8:53 254.16.4.72.in-addr.arpa udp
US 8.8.8.8:53 85.209.125.27.in-addr.arpa udp
US 8.8.8.8:53 26.207.212.201.in-addr.arpa udp
US 8.8.8.8:53 34.159.102.65.in-addr.arpa udp
US 8.8.8.8:53 205.214.238.154.in-addr.arpa udp
US 8.8.8.8:53 85.198.80.66.in-addr.arpa udp
US 8.8.8.8:53 46.197.158.247.in-addr.arpa udp
US 8.8.8.8:53 21.239.82.109.in-addr.arpa udp
US 8.8.8.8:53 65.188.147.188.in-addr.arpa udp
US 8.8.8.8:53 156.99.245.184.in-addr.arpa udp
US 8.8.8.8:53 30.144.191.216.in-addr.arpa udp
US 8.8.8.8:53 210.109.153.69.in-addr.arpa udp
US 8.8.8.8:53 80.228.86.103.in-addr.arpa udp
US 8.8.8.8:53 66.120.216.130.in-addr.arpa udp
US 8.8.8.8:53 20.150.136.77.in-addr.arpa udp
US 8.8.8.8:53 9.234.238.103.in-addr.arpa udp
US 8.8.8.8:53 225.206.7.15.in-addr.arpa udp
US 8.8.8.8:53 68.16.186.151.in-addr.arpa udp
US 8.8.8.8:53 206.243.111.195.in-addr.arpa udp
US 8.8.8.8:53 206.151.67.149.in-addr.arpa udp
US 8.8.8.8:53 114.26.122.33.in-addr.arpa udp
US 8.8.8.8:53 203.14.76.116.in-addr.arpa udp
US 8.8.8.8:53 242.243.151.199.in-addr.arpa udp
US 8.8.8.8:53 121.48.9.114.in-addr.arpa udp
US 8.8.8.8:53 106.18.89.247.in-addr.arpa udp
US 8.8.8.8:53 15.186.35.7.in-addr.arpa udp
US 8.8.8.8:53 100.61.190.228.in-addr.arpa udp
US 8.8.8.8:53 101.179.133.195.in-addr.arpa udp
US 8.8.8.8:53 169.117.168.52.in-addr.arpa udp
US 8.8.8.8:53 121.3.237.154.in-addr.arpa udp
US 8.8.8.8:53 146.145.65.252.in-addr.arpa udp
US 8.8.8.8:53 42.113.88.126.in-addr.arpa udp

Files

memory/872-0-0x0000000000400000-0x0000000000429000-memory.dmp

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\black cumshot sperm masturbation .mpeg.exe

MD5 29566948ee742078cb92f1cf0fd9257e
SHA1 b3aa3633744339a9a73d179c613802b17dd7f512
SHA256 d05696d962feeb0083b71b64d8e84bb50536ba57693d68d5de0cd5eccfb42dff
SHA512 c953ad1ff51e6d6f83671f0063ee117e7d1853b616508e8c73549d218c3bc8fbf963730ffad0a1d8f1365f8468ff60240094f6c05a4977c49d3859f34f56ee5b

memory/2872-57-0x0000000000400000-0x0000000000429000-memory.dmp

memory/4456-160-0x0000000000400000-0x0000000000429000-memory.dmp

memory/3520-162-0x0000000000400000-0x0000000000429000-memory.dmp

C:\debug.txt

MD5 ce7829619cff0a564e8381aff64b253f
SHA1 9c79fd3bd2e7181b81ba9f5194e537735410fc1b
SHA256 a40388b90ea274b0f0a2a613733817ca54016aac344d68591eaf17fee78ae82b
SHA512 3902e2a300e94e62e9c408f57dfef0bdc2deee9e7c0dc1131d744eb7000cfbb2d3d32c178b8f1ab0936c469de1effc69050744b7df4804122c2f202221a64f49

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-06 22:26

Reported

2024-04-06 22:28

Platform

win7-20240215-en

Max time kernel

150s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe"

Signatures

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\asian cum public shower .rar.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\sperm girls girly .mpg.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Windows\SysWOW64\IME\shared\asian nude cum several models titts .mpg.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\beast nude voyeur stockings (Janette).mpg.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\russian action hardcore masturbation pregnant (Janette).rar.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Windows\SysWOW64\IME\shared\french gang bang gang bang [free] .mpg.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Windows\System32\LogFiles\Fax\Incoming\fetish voyeur shower (Britney,Britney).zip.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\trambling public nipples hairy .rar.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\danish fetish lesbian cock penetration .zip.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Windows\System32\DriverStore\Temp\german action action sleeping black hairunshaved .mpeg.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\russian cumshot uncut latex .rar.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\british lesbian public mistress .avi.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Program Files (x86)\Google\Update\Download\indian gang bang porn catfight granny (Sylvia).avi.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\black trambling public shoes .zip.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\gay fetish voyeur cock beautyfull .mpeg.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\russian animal full movie leather .mpeg.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\russian porn licking black hairunshaved (Britney).avi.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\swedish cum cum full movie young .mpg.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Program Files\DVD Maker\Shared\lingerie trambling full movie .rar.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Program Files\Windows Journal\Templates\canadian gay horse uncut granny .mpeg.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Program Files\Windows Sidebar\Shared Gadgets\animal action uncut bedroom .mpeg.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\french bukkake girls bedroom (Britney,Sonja).zip.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Program Files (x86)\Google\Temp\bukkake hidden .mpeg.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\beast fucking hot (!) cock penetration .rar.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\nude fetish public .mpg.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_7f84cd98a7a56fd8\fucking lesbian .rar.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\Downloads\brasilian bukkake beast hidden .avi.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_d81c96999f75bd77\american cumshot full movie upskirt .rar.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5d9f7d70ed4643fd\nude public .mpg.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0af98f1835676d1b\fucking several models .zip.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5d6ada54ed6d35a2\swedish horse catfight traffic .rar.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Windows\winsxs\Temp\cumshot gang bang big hotel .avi.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_79642285ffd2a388\nude porn several models 50+ (Liz).zip.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_387a16fe7addf3b6\norwegian trambling beast hidden glans (Gina).mpeg.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Windows\winsxs\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_a945e2c500c90142\spanish gay fucking public ejaculation .rar.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_664dbffec8693dfe\french sperm [bangbus] hotel .avi.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\japanese nude voyeur latex .rar.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\black trambling masturbation glans .avi.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Windows\winsxs\InstallTemp\black action voyeur .avi.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ac16749b75335680\lesbian [free] ìï .mpeg.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8d9f242de8497d58\british beastiality xxx big .rar.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_it-it_18a6fde3093acac7\malaysia kicking public .mpg.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_7bfdfb15e7184c41\animal girls upskirt .zip.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_ddab3bcb3a4ffb45\cum trambling [bangbus] .mpg.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Windows\winsxs\amd64_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_c26c5b8280c6af34\malaysia blowjob xxx uncut .avi.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_3863e9ef3f804dd9\british horse nude uncut boobs ìï .mpeg.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_05ea1d9b8e2bf020\nude [bangbus] hotel .rar.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_515dc677700303ec\sperm [bangbus] black hairunshaved .rar.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Windows\assembly\temp\horse sperm [milf] leather .mpeg.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Windows\security\templates\russian gay [milf] .mpeg.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\norwegian beastiality blowjob public glans shoes .mpeg.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_99b74194b7347cab\russian handjob horse licking sm .mpeg.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_bcc167434bb9b3ea\bukkake sperm full movie boobs penetration (Janette).rar.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_657d9a203abeb154\norwegian kicking fetish hot (!) .zip.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_4d274741486b900c\horse [free] redhair .mpg.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0835101f2d90c7b6\canadian action uncut traffic .mpg.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b4aea777fe683838\spanish action uncut boobs pregnant (Janette,Jenna).rar.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_00225053e03f4c04\malaysia gay horse [milf] legs upskirt (Christine).mpeg.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0993a1b8823a4e79\cumshot girls bedroom .rar.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_f3c374fc18118ca2\american sperm gang bang lesbian shower (Kathrin).mpeg.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\asian nude full movie black hairunshaved .avi.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\action horse hot (!) leather (Liz).mpeg.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8bfc34b93f0fdd42\french cumshot gang bang masturbation (Kathrin,Sandy).rar.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_97a45841ff925aa0\fucking nude [bangbus] stockings .zip.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\animal [bangbus] sm (Gina).avi.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\japanese beastiality cum [bangbus] bondage (Sandy).mpeg.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_6.1.7600.16385_none_49dd84a06c7c8863\canadian kicking masturbation hole penetration .mpeg.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\asian trambling [milf] .zip.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\gang bang several models (Liz,Gina).mpeg.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\german bukkake action voyeur femdom (Sylvia,Sarah).avi.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_6f0f7833cb71e18d\indian porn licking ash upskirt .avi.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\hardcore voyeur legs blondie .zip.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\italian xxx beastiality full movie nipples .zip.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\danish trambling porn voyeur .rar.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Windows\SoftwareDistribution\Download\black sperm catfight .mpeg.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0ac4ebfc358e5ec0\horse beast girls .avi.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_6.1.7600.16385_none_5499606faffb3f9f\tyrkish xxx handjob public vagina .mpg.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_3d98a610fed70b75\brasilian blowjob animal [bangbus] shower .mpg.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_94ab98ac6d213009\cum lesbian leather .avi.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\malaysia handjob horse [free] sweet .avi.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\cumshot horse masturbation legs traffic .mpeg.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\horse catfight hotel .mpg.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_6.1.7600.16385_none_6377027f0030a06a\danish animal [bangbus] cock .avi.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a3772de7111797da\danish sperm blowjob hot (!) (Britney,Britney).avi.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e30b5ec05031d17d\chinese blowjob cumshot voyeur feet .zip.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Windows\winsxs\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_39374e2435a71b47\tyrkish porn [bangbus] (Kathrin).zip.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-m..-temptable-provider_31bf3856ad364e35_6.1.7600.16385_none_1dd3ce8d1e7524cd\indian gang bang porn several models legs gorgeoushorny (Sandy,Sonja).zip.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_f0ca3430257ea13f\japanese gay bukkake voyeur gorgeoushorny .avi.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_aedaf3947d09fbe5\japanese blowjob [bangbus] traffic .zip.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2108 wrote to memory of 2460 N/A C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe
PID 2108 wrote to memory of 2460 N/A C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe
PID 2108 wrote to memory of 2460 N/A C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe
PID 2108 wrote to memory of 2460 N/A C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe
PID 2460 wrote to memory of 2528 N/A C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe
PID 2460 wrote to memory of 2528 N/A C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe
PID 2460 wrote to memory of 2528 N/A C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe
PID 2460 wrote to memory of 2528 N/A C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe

Processes

C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe

"C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe"

C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe

"C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe"

C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe

"C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 158.69.11.29.in-addr.arpa udp
US 8.8.8.8:53 131.44.18.174.in-addr.arpa udp
US 8.8.8.8:53 48.124.146.251.in-addr.arpa udp
US 8.8.8.8:53 148.197.204.125.in-addr.arpa udp
US 8.8.8.8:53 65.194.2.42.in-addr.arpa udp
US 8.8.8.8:53 18.27.150.118.in-addr.arpa udp
US 8.8.8.8:53 219.209.250.172.in-addr.arpa udp
US 8.8.8.8:53 129.25.253.47.in-addr.arpa udp
US 8.8.8.8:53 194.133.76.95.in-addr.arpa udp
US 8.8.8.8:53 60.139.183.177.in-addr.arpa udp
US 8.8.8.8:53 105.164.27.18.in-addr.arpa udp
US 8.8.8.8:53 70.214.221.35.in-addr.arpa udp
US 8.8.8.8:53 210.18.217.115.in-addr.arpa udp
US 8.8.8.8:53 199.24.140.59.in-addr.arpa udp
US 8.8.8.8:53 215.10.22.182.in-addr.arpa udp
US 8.8.8.8:53 88.104.244.19.in-addr.arpa udp
US 8.8.8.8:53 118.72.252.23.in-addr.arpa udp
US 8.8.8.8:53 180.219.183.123.in-addr.arpa udp
US 8.8.8.8:53 156.167.239.251.in-addr.arpa udp
US 8.8.8.8:53 238.121.75.129.in-addr.arpa udp
US 8.8.8.8:53 195.130.5.118.in-addr.arpa udp
US 8.8.8.8:53 255.192.98.122.in-addr.arpa udp
US 8.8.8.8:53 24.243.210.4.in-addr.arpa udp
US 8.8.8.8:53 238.35.110.94.in-addr.arpa udp
US 8.8.8.8:53 33.151.134.46.in-addr.arpa udp
US 8.8.8.8:53 206.170.90.146.in-addr.arpa udp
US 8.8.8.8:53 71.55.253.172.in-addr.arpa udp
US 8.8.8.8:53 75.135.52.232.in-addr.arpa udp

Files

memory/2108-0-0x0000000000400000-0x0000000000429000-memory.dmp

C:\Program Files\Windows Sidebar\Shared Gadgets\animal action uncut bedroom .mpeg.exe

MD5 db44cfbdf7ba005614aa977f4ab1c6a3
SHA1 060fc9b046f0960b1d9b0e5704d2771e44628c5e
SHA256 f7bf17aa7db74e225fee2d62ca9cbc11ebaf23904927f0a7a927695b74c7cd34
SHA512 c7c1c1720306326e619524742c3630cc5635329dba33ffe0dbd17ff7a526ea1d6fe16d72ae2d55405ef46b224bc2a6535c5a558eb0b0eb3ed216dab519242fbd

memory/2108-62-0x0000000005DD0000-0x0000000005DF9000-memory.dmp

memory/2460-63-0x0000000000400000-0x0000000000429000-memory.dmp