Malware Analysis Report

2024-11-13 14:01

Sample ID 240407-21nn5shc96
Target 883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1
SHA256 883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1
Tags
upx persistence spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1

Threat Level: Known bad

The file 883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1 was found to be: Known bad.

Malicious Activity Summary

upx persistence spyware stealer

UPX dump on OEP (original entry point)

Detects executables containing possible sandbox analysis VM usernames

UPX dump on OEP (original entry point)

UPX packed file

Checks computer location settings

Reads user/profile data of web browsers

Enumerates connected drives

Adds Run key to start application

Drops file in System32 directory

Drops file in Windows directory

Drops file in Program Files directory

Unsigned PE

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-07 23:03

Signatures

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-07 23:03

Reported

2024-04-07 23:05

Platform

win7-20240221-en

Max time kernel

154s

Max time network

155s

Command Line

"C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe"

Signatures

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\IME\shared\indian nude sperm full movie feet .avi.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Windows\System32\LogFiles\Fax\Incoming\russian kicking lesbian sleeping .avi.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\bukkake big .avi.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\american horse fucking [milf] hole .zip.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Windows\SysWOW64\IME\shared\swedish horse blowjob [bangbus] hotel .mpg.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\american cumshot gay several models feet (Kathrin,Tatjana).rar.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Windows\System32\DriverStore\Temp\black fetish hardcore catfight (Melissa).mpg.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\chinese trambling big cock (Gina,Jade).mpg.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\italian cum beast several models latex .rar.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\fucking catfight .mpeg.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\sperm [free] .mpeg.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\japanese beastiality bukkake sleeping glans .mpeg.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\sperm public hairy .mpg.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Program Files\Windows Sidebar\Shared Gadgets\tyrkish porn trambling licking (Melissa).mpg.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Program Files (x86)\Google\Update\Download\lesbian licking .rar.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\black cumshot bukkake voyeur .zip.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Program Files\DVD Maker\Shared\gay big wifey .mpeg.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\italian cumshot gay sleeping .mpeg.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Program Files (x86)\Google\Temp\japanese handjob horse masturbation .mpg.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\trambling hot (!) hole girly (Curtney).zip.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\american cum beast catfight titts latex .mpeg.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Program Files\Windows Journal\Templates\beast hidden hole 50+ .mpeg.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\american action lesbian full movie .mpeg.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\sperm [bangbus] high heels .avi.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\indian beastiality trambling girls cock stockings .mpg.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\lingerie hidden Ôë .avi.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8c6fc5a7aa8c435d\lesbian big hole black hairunshaved .mpg.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_aea650787d30ed8a\fucking licking beautyfull .zip.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Windows\PLA\Templates\swedish horse fucking full movie 50+ .rar.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_657d9a203abeb154\gang bang blowjob public titts mature (Melissa).mpeg.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_d8216ed3d8746200\gay voyeur swallow .zip.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\italian porn xxx public (Sarah).mpeg.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0af98f1835676d1b\canadian lingerie [free] mistress .mpg.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Windows\winsxs\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_39374e2435a71b47\animal lingerie full movie (Karin).zip.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_3863e9ef3f804dd9\lingerie voyeur titts (Kathrin,Melissa).zip.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_b7f38afb92de484f\gay [bangbus] cock .mpg.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_94ab98ac6d213009\swedish handjob fucking lesbian glans .mpeg.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\indian nude lingerie licking blondie .rar.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_f27c4f066f5c6701\tyrkish cum fucking several models cock castration (Curtney).avi.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_bcc167434bb9b3ea\cum sperm licking feet high heels (Samantha).rar.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a3772de7111797da\british hardcore catfight glans gorgeoushorny .avi.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_7f84cd98a7a56fd8\cumshot hardcore [milf] latex .avi.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\beast several models .zip.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\bukkake hot (!) fishy .zip.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Windows\security\templates\horse masturbation feet high heels (Jade).zip.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8bfc34b93f0fdd42\handjob lingerie uncut feet pregnant .mpeg.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Windows\winsxs\amd64_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_c26c5b8280c6af34\british xxx several models glans penetration .avi.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_6b16fa9f975e1109\chinese horse voyeur glans .rar.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Windows\winsxs\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_5e4ff1f4cf2dee9b\german gay girls (Samantha).zip.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\xxx [free] cock gorgeoushorny (Liz).mpeg.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Windows\Downloaded Program Files\indian handjob trambling uncut (Tatjana).avi.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\german xxx licking (Tatjana).avi.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Windows\winsxs\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_a945e2c500c90142\spanish lesbian full movie .zip.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\indian beastiality beast hidden (Sylvia).avi.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_d81c96999f75bd77\lesbian hot (!) .zip.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e30b5ec05031d17d\russian gang bang lesbian girls glans (Christine,Melissa).rar.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_bacc7ceffc55dca2\hardcore several models .rar.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_515dc677700303ec\swedish gang bang horse masturbation granny (Anniston,Liz).mpeg.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\brasilian gang bang lingerie uncut gorgeoushorny .zip.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_6.1.7600.16385_none_49dd84a06c7c8863\beast catfight traffic .avi.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_it-it_18a6fde3093acac7\american cum sperm [bangbus] balls .zip.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_9498b282333b64ec\gang bang lingerie lesbian hole sweet (Janette).avi.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_f0ca3430257ea13f\action lingerie public girly .mpg.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_05ea1d9b8e2bf020\african xxx voyeur .mpg.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_99b74194b7347cab\gang bang gay sleeping glans .avi.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_65b23d3c3a97bfaf\porn xxx hot (!) feet balls (Liz).mpeg.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f25d066604c2ad34\canadian bukkake hidden shower .zip.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5d6ada54ed6d35a2\tyrkish porn beast sleeping hole blondie .mpg.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_00225053e03f4c04\asian hardcore lesbian shoes .mpeg.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_en-us_00f45b041e1e8fd3\danish porn hardcore lesbian leather .avi.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\Downloads\xxx voyeur stockings .mpeg.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0ac4ebfc358e5ec0\bukkake [bangbus] .mpeg.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_aedaf3947d09fbe5\chinese fucking lesbian wifey .zip.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Windows\winsxs\x86_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_dd18b2a07d49aa11\blowjob public (Samantha).mpeg.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_4d274741486b900c\lingerie sleeping (Samantha).mpeg.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\black animal hardcore sleeping young .zip.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\indian gang bang lesbian catfight titts .avi.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_293ea1e3e6bc5364\gang bang hardcore masturbation hole gorgeoushorny .mpeg.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8bc7919d3f36cee7\cum beast girls .mpeg.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_39c9d74ef2ad6c7b\german fucking voyeur .avi.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_387a16fe7addf3b6\russian fetish bukkake big ìï .rar.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_4fe2107fd06efdd8\black animal beast several models (Janette).rar.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\brasilian kicking hardcore [bangbus] granny .mpeg.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\italian fetish gay licking .rar.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Windows\assembly\temp\lingerie voyeur 40+ .mpeg.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b4aea777fe683838\canadian xxx masturbation cock pregnant .zip.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_6208b91f46896156\danish fetish sperm girls .rar.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Windows\winsxs\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_dba3691c6002e10e\french bukkake big titts shoes .avi.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_3c93ac15fd731acf\german trambling [milf] upskirt .rar.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2976 wrote to memory of 2640 N/A C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe
PID 2976 wrote to memory of 2640 N/A C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe
PID 2976 wrote to memory of 2640 N/A C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe
PID 2976 wrote to memory of 2640 N/A C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe
PID 2640 wrote to memory of 2612 N/A C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe
PID 2640 wrote to memory of 2612 N/A C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe
PID 2640 wrote to memory of 2612 N/A C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe
PID 2640 wrote to memory of 2612 N/A C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe

Processes

C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe

"C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe"

C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe

"C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe"

C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe

"C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 167.231.249.126.in-addr.arpa udp
US 8.8.8.8:53 79.74.243.41.in-addr.arpa udp
US 8.8.8.8:53 196.160.208.117.in-addr.arpa udp
US 8.8.8.8:53 67.195.247.237.in-addr.arpa udp
US 8.8.8.8:53 192.117.149.104.in-addr.arpa udp
US 8.8.8.8:53 110.250.44.211.in-addr.arpa udp
US 8.8.8.8:53 87.188.53.28.in-addr.arpa udp
US 8.8.8.8:53 31.134.229.198.in-addr.arpa udp
US 8.8.8.8:53 34.170.21.243.in-addr.arpa udp
US 8.8.8.8:53 232.57.92.213.in-addr.arpa udp
US 8.8.8.8:53 197.220.218.193.in-addr.arpa udp
US 8.8.8.8:53 40.135.57.192.in-addr.arpa udp
US 8.8.8.8:53 117.19.60.30.in-addr.arpa udp
US 8.8.8.8:53 249.48.59.137.in-addr.arpa udp
US 8.8.8.8:53 213.96.192.10.in-addr.arpa udp
US 8.8.8.8:53 236.7.118.103.in-addr.arpa udp
US 8.8.8.8:53 94.101.249.180.in-addr.arpa udp
US 8.8.8.8:53 30.112.48.188.in-addr.arpa udp
US 8.8.8.8:53 250.192.166.5.in-addr.arpa udp
US 8.8.8.8:53 83.164.66.70.in-addr.arpa udp

Files

memory/2976-0-0x0000000000400000-0x0000000000429000-memory.dmp

memory/2976-3-0x0000000004750000-0x0000000004779000-memory.dmp

memory/2640-4-0x0000000000400000-0x0000000000429000-memory.dmp

C:\Program Files\Windows Sidebar\Shared Gadgets\tyrkish porn trambling licking (Melissa).mpg.exe

MD5 c93cf4afaa3329e7cda4765538d2c5fa
SHA1 53e7f106131b348e54e9544438e71be824ef1b51
SHA256 c78b5d8ea1561bf1b5c313e34284e7b4dcfcb61e6251d719b1c93f60ad74f3ef
SHA512 4ba5f468be6212f059a6866ceb49a379b4e9d36cbd6c261ad89511b390de41a40aadd346483ef4ecc33b844178edea7703e1a746e4e262dfc4a620bb203e1ed9

memory/2640-30-0x0000000004920000-0x0000000004949000-memory.dmp

memory/2612-35-0x0000000000400000-0x0000000000429000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-04-07 23:03

Reported

2024-04-07 23:05

Platform

win10v2004-20240226-en

Max time kernel

150s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe"

Signatures

Detects executables containing possible sandbox analysis VM usernames

Description Indicator Process Target
N/A N/A N/A N/A

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\DriverStore\Temp\japanese fetish hardcore public cock femdom .rar.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\malaysia horse [free] .rar.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\lingerie [bangbus] .rar.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\american beastiality bukkake big swallow .mpg.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\american animal lesbian [bangbus] hotel .mpg.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\brasilian cum trambling voyeur mistress .mpg.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\tyrkish animal beast uncut 40+ .mpg.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\fucking hidden hole pregnant .mpeg.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Windows\SysWOW64\IME\SHARED\danish beastiality hardcore girls ¼ë .mpg.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Windows\System32\LogFiles\Fax\Incoming\swedish cum beast uncut cock femdom .mpeg.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\sperm licking feet shower .mpg.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Windows\SysWOW64\IME\SHARED\japanese animal gay sleeping titts pregnant (Janette).mpeg.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Windows Sidebar\Shared Gadgets\sperm sleeping wifey .mpg.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\swedish kicking gay [bangbus] glans balls .zip.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\horse licking (Curtney).mpg.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\lesbian sleeping feet (Gina,Curtney).rar.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\fucking several models .mpeg.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\sperm full movie .avi.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Program Files\Common Files\microsoft shared\hardcore full movie feet high heels .mpeg.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\italian horse gay several models hole bedroom .mpeg.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Program Files (x86)\Google\Update\Download\lingerie licking bondage (Kathrin,Samantha).mpeg.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Program Files\dotnet\shared\japanese porn fucking hidden 50+ .zip.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Program Files\Microsoft Office\Updates\Download\beast catfight 50+ .rar.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\lesbian uncut 40+ .zip.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Program Files (x86)\Google\Temp\gay big shoes (Kathrin,Curtney).rar.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\lingerie sleeping (Jade).mpg.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\italian handjob horse full movie latex .mpeg.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\brasilian fetish beast [bangbus] .avi.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\trambling sleeping granny .rar.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\hardcore public feet (Kathrin,Samantha).mpg.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.1_none_0bc0f3d4cd7dc8fd\norwegian trambling licking feet .avi.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_887b2378b7b5651d\gay [milf] glans black hairunshaved .mpeg.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_es-es_30d7585a049f5b52\african xxx hidden femdom .zip.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d38ece58f77171b4\hardcore [milf] .avi.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_f07d4fae3e8e883f\american horse lingerie [milf] stockings .zip.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_es-es_64c107d8bb3ade94\fucking big .rar.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_10.0.19041.1_none_01240756137c3159\italian porn lesbian [milf] .rar.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_fe0807c37141be7a\spanish fucking [bangbus] glans .rar.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Windows\WinSxS\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_10.0.19041.1_none_15ba23b7f1e2b81b\asian hardcore [milf] 40+ .avi.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_es-es_bf79b5fcc06b3128\brasilian handjob beast public (Tatjana).mpg.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_5af076e0a3cb0fa7\french lesbian voyeur YEâPSè& (Sonja,Curtney).avi.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedpc-sharedpccsp_31bf3856ad364e35_10.0.19041.746_none_4cfe603abbcbfd86\chinese lingerie hot (!) YEâPSè& (Sonja,Sylvia).avi.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_b597a55b603b537d\bukkake uncut hotel .rar.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5fdc43acc1be690d\indian horse lingerie [free] titts (Sonja,Janette).avi.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.789_en-us_58ebf9ecc407e3c0\beastiality gay masturbation (Sarah).zip.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.1_none_fa09f84703cb02c5\brasilian gang bang fucking lesbian bedroom .avi.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedpc-sharedpccsp_31bf3856ad364e35_10.0.19041.1_none_24f622f1fc5a3f3c\lesbian hidden latex (Kathrin,Tatjana).mpg.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..ervices-tsfairshare_31bf3856ad364e35_10.0.19041.1_none_e32b64807ab11fd2\cumshot beast [bangbus] cock .zip.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Windows\WinSxS\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_10.0.19041.1_none_359f84f8e5af60e2\canadian lingerie [free] feet .avi.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Windows\WinSxS\amd64_netfx4-installsqlstatetemplate_sql_b03f5f7f11d50a3a_4.0.15805.0_none_7636d1cd418015c8\gay sleeping granny .zip.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_211cf1c632a13851\swedish horse fucking masturbation glans .avi.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_en-us_e5f85095c4bc5d16\porn fucking [free] hole .avi.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.746_none_d01527cffa9c25bc\black kicking fucking several models shower .zip.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_57eddd48e7a74274\swedish nude trambling hot (!) circumcision .mpg.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_fd7349c396c417ae\german fucking hot (!) (Tatjana).mpg.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_07787dd7ae0cf4f6\asian bukkake licking young .rar.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-security-ntlmshared_31bf3856ad364e35_10.0.19041.1_none_7d9dab4e456449b1\lingerie [free] feet stockings .mpg.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_10.0.19041.1_none_8c0b126c198fcf70\blowjob [bangbus] titts latex .rar.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-m..ineshared.resources_31bf3856ad364e35_10.0.19041.1_en-us_99ddc8ce8d3d6dac\norwegian gay catfight stockings .rar.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_es-es_8da1621e0a800290\handjob blowjob hidden titts .mpeg.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_6242879b1c08046f\spanish hardcore public (Karin).mpeg.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_f8d34ba1b1eb00de\tyrkish animal beast full movie glans wifey .mpeg.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_de-de_881b257d159a5de8\horse [free] (Melissa).avi.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ces-ime-eashared-lm_31bf3856ad364e35_10.0.19041.1_none_3d0229d17c310f10\horse lesbian girls cock wifey (Sarah).mpg.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_bfae5918c0443f83\asian hardcore uncut circumcision .zip.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.1_none_6e0e425bd0e83959\norwegian gay several models glans sweet .rar.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\templates\hardcore [free] titts sm .zip.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1288_none_56c05939711f0938\beastiality trambling [bangbus] .mpg.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.746_none_96167fa49059f7a3\cum blowjob hidden upskirt .zip.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_6c6bd34f082a97f1\fetish fucking [milf] circumcision .mpg.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Windows\WinSxS\x86_microsoft-windows-m..-temptable-provider_31bf3856ad364e35_10.0.19041.1_none_77cfea69a421a4a1\porn sperm girls titts beautyfull .zip.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.928_none_33e0d5558cdd7c61\indian fetish blowjob catfight glans .rar.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.906_none_ef0e010d1381269b\spanish hardcore public feet .avi.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Windows\WinSxS\x86_netfx4-installsqlstatetemplate_sql_b03f5f7f11d50a3a_4.0.15805.0_none_bde408a455fc3ece\blowjob girls bedroom .zip.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\american gang bang gay hot (!) hole young .mpg.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_10.0.19041.746_none_e2c6a972a81b8d2c\tyrkish handjob beast public gorgeoushorny .mpeg.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\american cumshot hardcore hot (!) cock swallow (Liz).mpg.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_it-it_bdb6c49fcea35732\malaysia trambling uncut 40+ .mpeg.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Windows\SystemResources\Windows.UI.ShellCommon\SharePickerUI\russian horse lingerie licking feet young .zip.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_it-it_72a319bf8ee74a9b\cumshot lesbian catfight balls (Kathrin,Liz).mpg.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c3d467c525734eb3\horse full movie beautyfull .mpeg.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5021dd18efc0460c\french bukkake hidden glans castration .avi.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_89c0bf1761110f07\russian cum sperm [milf] titts .avi.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_10.0.19041.746_none_292c449ed2edefa3\british fucking several models .mpg.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Windows\InputMethod\SHARED\swedish gang bang bukkake sleeping hole lady (Sylvia).zip.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Windows\SoftwareDistribution\Download\russian beastiality horse full movie YEâPSè& .rar.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..se-shared-datafiles_31bf3856ad364e35_10.0.19041.1_none_2f5f00d280dce9f6\asian beast uncut cock .rar.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_3058d81cfd5218f2\russian gang bang hardcore public wifey .avi.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_it-it_56adcc94becfef03\tyrkish animal bukkake public femdom .mpeg.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\japanese cumshot fucking [milf] .mpeg.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.867_en-us_49453482f1fb5356\asian lesbian licking beautyfull (Ashley,Melissa).mpg.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_4c786ae2f508e6d5\lesbian full movie castration (Jenna,Janette).avi.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_62312bfbb33d478a\spanish bukkake sleeping castration .zip.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-m..ineshared.resources_31bf3856ad364e35_10.0.19041.1_en-us_a4327320c19e2fa7\british trambling catfight wifey .avi.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1336 wrote to memory of 460 N/A C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe
PID 1336 wrote to memory of 460 N/A C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe
PID 1336 wrote to memory of 460 N/A C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe
PID 460 wrote to memory of 2252 N/A C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe
PID 460 wrote to memory of 2252 N/A C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe
PID 460 wrote to memory of 2252 N/A C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe

Processes

C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe

"C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe"

C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe

"C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe"

C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe

"C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 76.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 159.113.53.23.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 84.166.61.253.in-addr.arpa udp
US 8.8.8.8:53 121.118.77.104.in-addr.arpa udp
US 8.8.8.8:53 94.51.68.205.in-addr.arpa udp
US 8.8.8.8:53 143.155.57.162.in-addr.arpa udp
US 8.8.8.8:53 204.190.232.170.in-addr.arpa udp
US 8.8.8.8:53 141.66.216.236.in-addr.arpa udp
US 8.8.8.8:53 56.26.204.202.in-addr.arpa udp
US 8.8.8.8:53 54.31.159.151.in-addr.arpa udp
US 8.8.8.8:53 63.118.66.254.in-addr.arpa udp
US 8.8.8.8:53 158.102.51.80.in-addr.arpa udp
US 8.8.8.8:53 9.59.141.77.in-addr.arpa udp
US 8.8.8.8:53 138.102.22.191.in-addr.arpa udp
US 8.8.8.8:53 170.139.185.224.in-addr.arpa udp
US 8.8.8.8:53 4.185.176.112.in-addr.arpa udp
US 8.8.8.8:53 141.146.223.125.in-addr.arpa udp
US 8.8.8.8:53 224.223.6.204.in-addr.arpa udp
US 8.8.8.8:53 152.239.169.187.in-addr.arpa udp
US 8.8.8.8:53 26.216.212.94.in-addr.arpa udp
US 8.8.8.8:53 126.238.207.110.in-addr.arpa udp
US 8.8.8.8:53 222.36.217.76.in-addr.arpa udp
US 8.8.8.8:53 25.30.9.204.in-addr.arpa udp
US 8.8.8.8:53 108.179.42.65.in-addr.arpa udp
US 8.8.8.8:53 9.54.143.231.in-addr.arpa udp
US 8.8.8.8:53 204.100.85.132.in-addr.arpa udp
US 8.8.8.8:53 144.248.117.239.in-addr.arpa udp
US 8.8.8.8:53 114.95.122.193.in-addr.arpa udp
US 8.8.8.8:53 101.138.180.57.in-addr.arpa udp
US 8.8.8.8:53 185.157.93.232.in-addr.arpa udp
US 8.8.8.8:53 223.255.133.19.in-addr.arpa udp
US 8.8.8.8:53 128.173.12.72.in-addr.arpa udp
US 8.8.8.8:53 183.176.32.217.in-addr.arpa udp
US 8.8.8.8:53 68.100.92.24.in-addr.arpa udp
US 8.8.8.8:53 74.65.99.120.in-addr.arpa udp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 171.82.184.49.in-addr.arpa udp
US 8.8.8.8:53 231.137.252.228.in-addr.arpa udp
US 8.8.8.8:53 139.170.147.38.in-addr.arpa udp
US 8.8.8.8:53 40.229.79.84.in-addr.arpa udp
US 8.8.8.8:53 105.6.127.223.in-addr.arpa udp
US 8.8.8.8:53 217.167.187.139.in-addr.arpa udp
US 8.8.8.8:53 72.35.228.183.in-addr.arpa udp
US 8.8.8.8:53 71.125.236.4.in-addr.arpa udp
US 8.8.8.8:53 8.79.52.131.in-addr.arpa udp
US 8.8.8.8:53 88.122.33.157.in-addr.arpa udp
US 8.8.8.8:53 171.176.69.142.in-addr.arpa udp
US 8.8.8.8:53 103.239.76.86.in-addr.arpa udp
US 8.8.8.8:53 62.65.98.163.in-addr.arpa udp
US 8.8.8.8:53 23.176.117.95.in-addr.arpa udp
US 8.8.8.8:53 59.248.154.198.in-addr.arpa udp
US 8.8.8.8:53 220.110.52.166.in-addr.arpa udp
US 8.8.8.8:53 101.91.182.154.in-addr.arpa udp
US 8.8.8.8:53 184.140.31.81.in-addr.arpa udp
US 8.8.8.8:53 92.152.239.12.in-addr.arpa udp
US 8.8.8.8:53 97.182.90.226.in-addr.arpa udp
US 8.8.8.8:53 88.55.173.78.in-addr.arpa udp
US 8.8.8.8:53 119.39.168.40.in-addr.arpa udp
US 8.8.8.8:53 78.168.218.60.in-addr.arpa udp
US 8.8.8.8:53 219.157.207.135.in-addr.arpa udp
US 8.8.8.8:53 213.224.106.103.in-addr.arpa udp
US 8.8.8.8:53 84.217.242.26.in-addr.arpa udp
US 8.8.8.8:53 166.15.226.91.in-addr.arpa udp
US 8.8.8.8:53 106.21.3.10.in-addr.arpa udp
US 8.8.8.8:53 239.145.59.16.in-addr.arpa udp
US 8.8.8.8:53 176.7.154.229.in-addr.arpa udp
US 8.8.8.8:53 110.208.191.17.in-addr.arpa udp
US 8.8.8.8:53 243.16.49.178.in-addr.arpa udp
US 8.8.8.8:53 202.29.91.125.in-addr.arpa udp
US 8.8.8.8:53 123.176.169.190.in-addr.arpa udp
US 8.8.8.8:53 91.104.141.99.in-addr.arpa udp
US 8.8.8.8:53 112.34.85.65.in-addr.arpa udp
US 8.8.8.8:53 212.7.173.52.in-addr.arpa udp
US 8.8.8.8:53 211.222.166.214.in-addr.arpa udp
US 8.8.8.8:53 177.84.166.179.in-addr.arpa udp
US 8.8.8.8:53 78.239.69.13.in-addr.arpa udp

Files

memory/1336-0-0x0000000000400000-0x0000000000429000-memory.dmp

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\italian handjob horse full movie latex .mpeg.exe

MD5 d1e12c6134952efb5cb0382cc0cde7a6
SHA1 009ce6d4b49f6efc3137179bff10c7db9970db49
SHA256 6befc9b157f101a07f6d655418b373d38b2970337c880ff2d0229334eccbb28f
SHA512 13f5c4e086361784b41e2e301aba85007da824a19aeec7764751aa20c95e4b65b4ab526bb1f87ea1add966719af9a992941217653b77d3e96022679c67c95c1e

memory/460-53-0x0000000000400000-0x0000000000429000-memory.dmp

memory/2252-165-0x0000000000400000-0x0000000000429000-memory.dmp