Malware Analysis Report

2024-11-15 06:11

Sample ID 240407-3rdy1sac85
Target 9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c
SHA256 9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c
Tags
persistence spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c

Threat Level: Known bad

The file 9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c was found to be: Known bad.

Malicious Activity Summary

persistence spyware stealer

Detects executables containing possible sandbox analysis VM usernames

Detects executables containing possible sandbox analysis VM usernames

Reads user/profile data of web browsers

Checks computer location settings

Enumerates connected drives

Adds Run key to start application

Drops file in System32 directory

Drops file in Program Files directory

Drops file in Windows directory

Enumerates physical storage devices

Program crash

Unsigned PE

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-07 23:44

Signatures

Detects executables containing possible sandbox analysis VM usernames

Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-07 23:44

Reported

2024-04-07 23:47

Platform

win7-20240220-en

Max time kernel

150s

Max time network

121s

Command Line

"C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe"

Signatures

Detects executables containing possible sandbox analysis VM usernames

Description Indicator Process Target
N/A N/A N/A N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\LogFiles\Fax\Incoming\japanese hardcore lesbian vagina YEâPSè& (Anniston).avi.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\gang bang handjob sleeping .zip.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\sperm licking ash .avi.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\japanese lesbian hot (!) ash redhair .zip.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\blowjob animal hidden glans .avi.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\gay public circumcision .rar.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Windows\System32\DriverStore\Temp\tyrkish porn big .avi.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Windows\SysWOW64\IME\shared\chinese hardcore gang bang hot (!) shower .zip.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\handjob voyeur hole leather (Sandy).zip.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Windows\SysWOW64\IME\shared\beastiality blowjob several models black hairunshaved .zip.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Common Files\microsoft shared\lesbian sleeping traffic .zip.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Program Files (x86)\Google\Update\Download\indian gay action [free] vagina shoes .zip.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\italian gang bang horse [milf] titts girly .rar.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\hardcore lesbian hidden castration (Sandy).zip.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Program Files\DVD Maker\Shared\canadian lesbian beast hot (!) nipples pregnant (Sonja,Karin).mpeg.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Program Files\Windows Sidebar\Shared Gadgets\chinese horse gang bang girls (Melissa,Jenna).avi.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\lesbian uncut vagina mature .zip.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Program Files\Windows Journal\Templates\black sperm sleeping legs .rar.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\bukkake nude [milf] .zip.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\malaysia xxx action masturbation .mpg.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\german handjob sleeping (Janette,Britney).mpg.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\fetish handjob full movie hole .avi.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\spanish cumshot nude [bangbus] feet .zip.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\kicking licking circumcision .mpg.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Program Files (x86)\Google\Temp\gay bukkake licking young .rar.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\horse full movie .rar.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-m..-temptable-provider_31bf3856ad364e35_6.1.7600.16385_none_1dd3ce8d1e7524cd\black sperm public hole upskirt .mpeg.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_6.1.7600.16385_none_a727eb798dcfb185\malaysia cum hardcore several models cock stockings (Samantha,Melissa).avi.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_39374e2435a71b47\african horse public hole .zip.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Windows\winsxs\InstallTemp\kicking sperm [bangbus] titts castration .rar.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_095efe9c8261401e\spanish action [bangbus] latex .mpg.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\porn sleeping high heels (Samantha).mpeg.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\animal lingerie [free] (Christine,Curtney).mpg.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_bcc167434bb9b3ea\brasilian horse fetish [free] cock redhair (Samantha).zip.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_d8216ed3d8746200\russian blowjob cum public .mpg.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a3772de7111797da\beastiality gay voyeur boobs shower .zip.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e30b5ec05031d17d\brasilian blowjob girls feet YEâPSè& (Jenna,Sonja).mpg.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_f0ca3430257ea13f\xxx [bangbus] pregnant (Liz,Christine).rar.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_cd2006602e5ee22e\handjob gang bang [bangbus] ash .rar.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Windows\SoftwareDistribution\Download\tyrkish kicking gay sleeping .avi.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05\chinese gang bang big 40+ .mpg.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_34400a5790d1d336\handjob horse licking hotel .mpg.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Windows\winsxs\amd64_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_c26c5b8280c6af34\sperm hidden .avi.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Windows\winsxs\Temp\tyrkish fetish handjob [free] (Curtney).avi.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\beastiality bukkake [milf] .mpg.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_6.1.7600.16385_none_49dd84a06c7c8863\black gang bang horse masturbation gorgeoushorny (Britney).zip.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_963e6ae24c653bfe\french sperm beast [milf] feet 40+ (Samantha).rar.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ea4a469ab7713182\black action horse uncut vagina .avi.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_6.1.7600.16385_none_6377027f0030a06a\bukkake lesbian hot (!) mature .zip.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_2e7f079c3208e549\danish xxx [free] .rar.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Windows\winsxs\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_dba3691c6002e10e\indian beast several models nipples .mpeg.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0993a1b8823a4e79\swedish handjob [bangbus] 50+ .avi.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\cumshot horse lesbian .mpg.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_60a2cbbf935c42b4\american fetish trambling [free] titts bondage (Anniston,Janette).mpeg.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_aedaf3947d09fbe5\gay blowjob voyeur ìï .avi.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_65b23d3c3a97bfaf\japanese kicking [bangbus] hotel .mpg.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5d6ada54ed6d35a2\russian cumshot masturbation young .avi.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_515dc677700303ec\japanese blowjob hidden circumcision .mpeg.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\italian lesbian sleeping nipples 40+ .mpg.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\beast hidden hairy (Sandy,Jade).mpg.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_6208b91f46896156\kicking gang bang [milf] (Sarah).rar.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_97a45841ff925aa0\swedish nude horse big (Tatjana,Jade).avi.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\african lingerie licking vagina 40+ (Anniston).avi.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\italian lingerie trambling [milf] .mpeg.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\russian trambling kicking lesbian ash .zip.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_6f0f7833cb71e18d\malaysia trambling cum [bangbus] circumcision .zip.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0af98f1835676d1b\canadian gang bang gay several models 40+ (Curtney).avi.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\black trambling bukkake public (Janette,Sylvia).mpeg.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\Downloads\japanese beastiality cumshot masturbation lady .zip.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_94828572f7ddbf0f\british lesbian hardcore licking ash ejaculation .avi.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2fc4a33adb648f33\british lingerie licking stockings (Samantha).mpeg.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Windows\mssrv.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\cum sperm [bangbus] .zip.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8bc7919d3f36cee7\trambling lesbian .mpeg.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Windows\winsxs\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_a945e2c500c90142\british sperm public vagina black hairunshaved (Tatjana,Tatjana).mpg.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\brasilian fetish girls .avi.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\german porn public .mpeg.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8d9f242de8497d58\fucking public titts .mpg.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_6.1.7600.16385_none_af6f98ff87b0e3cc\chinese action fucking licking (Melissa).avi.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0835101f2d90c7b6\animal full movie boots (Karin).mpg.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_00225053e03f4c04\indian sperm hardcore public shower .mpeg.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Windows\security\templates\chinese action catfight ash penetration .mpeg.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\danish blowjob xxx catfight glans (Melissa).avi.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_f27c4f066f5c6701\asian sperm horse [milf] (Sonja,Sylvia).mpeg.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_4fe2107fd06efdd8\brasilian hardcore [free] YEâPSè& .mpeg.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Windows\winsxs\x86_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_dd18b2a07d49aa11\gay hot (!) gorgeoushorny .mpeg.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\fetish girls boobs hairy .zip.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_1412267f4b3bb985\handjob horse lesbian balls .zip.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_9498b282333b64ec\tyrkish action hot (!) .mpg.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2552 wrote to memory of 2388 N/A C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe
PID 2552 wrote to memory of 2388 N/A C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe
PID 2552 wrote to memory of 2388 N/A C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe
PID 2552 wrote to memory of 2388 N/A C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe
PID 2388 wrote to memory of 2672 N/A C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe
PID 2388 wrote to memory of 2672 N/A C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe
PID 2388 wrote to memory of 2672 N/A C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe
PID 2388 wrote to memory of 2672 N/A C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe
PID 2552 wrote to memory of 1568 N/A C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe C:\Windows\SysWOW64\WerFault.exe
PID 2552 wrote to memory of 1568 N/A C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe C:\Windows\SysWOW64\WerFault.exe
PID 2552 wrote to memory of 1568 N/A C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe C:\Windows\SysWOW64\WerFault.exe
PID 2552 wrote to memory of 1568 N/A C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe C:\Windows\SysWOW64\WerFault.exe

Processes

C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe

"C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe"

C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe

"C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe"

C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe

"C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2552 -s 600

Network

N/A

Files

C:\Program Files\Windows Sidebar\Shared Gadgets\chinese horse gang bang girls (Melissa,Jenna).avi.exe

MD5 70744fe97e63c94d8a75a27fdcb1456b
SHA1 ec274d9a2707e1bcdf7f8cb978fd8946c3bd890a
SHA256 591b08af06e66b38f393a89ce2de1484a95ad3cd8c32ed73a62808fea4c4b2f4
SHA512 70c3e96872e381e3b1802637e542b502f1b59a25b0492fdf860835cfa70398c2cb7ea4c4f8eea8e621f79ef888638d424908858f90345c797564e8fe99bd7165

Analysis: behavioral2

Detonation Overview

Submitted

2024-04-07 23:44

Reported

2024-04-07 23:47

Platform

win10v2004-20240226-en

Max time kernel

150s

Max time network

152s

Command Line

"C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe"

Signatures

Detects executables containing possible sandbox analysis VM usernames

Description Indicator Process Target
N/A N/A N/A N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\config\systemprofile\brasilian animal gay girls YEâPSè& .mpeg.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\british hardcore uncut penetration .avi.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Windows\System32\LogFiles\Fax\Incoming\american action xxx big hole ash .rar.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\bukkake sleeping sm .mpeg.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Windows\SysWOW64\IME\SHARED\brasilian nude hardcore [milf] feet (Sonja,Liz).zip.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\italian animal fucking voyeur hairy (Jenna,Curtney).zip.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Windows\System32\DriverStore\Temp\horse hot (!) titts girly (Liz).rar.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Windows\SysWOW64\IME\SHARED\indian cumshot beast full movie swallow .rar.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\xxx big .rar.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\swedish handjob sperm licking penetration .mpeg.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\italian gang bang sperm hidden (Karin).mpg.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\hardcore big (Liz).mpg.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\microsoft shared\brasilian cumshot bukkake girls cock YEâPSè& .zip.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Program Files\Microsoft Office\Updates\Download\lingerie full movie feet redhair .mpeg.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\canadian lingerie [bangbus] young .avi.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\gay public hole (Sonja,Janette).mpg.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\lesbian uncut gorgeoushorny (Britney,Karin).mpg.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\blowjob big feet bedroom .mpg.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\blowjob hot (!) hole (Gina,Sarah).rar.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\tyrkish beastiality horse masturbation stockings (Britney,Tatjana).avi.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\american handjob fucking uncut beautyfull .avi.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\blowjob [milf] (Karin).avi.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\black cumshot horse public latex .avi.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\fucking sleeping feet .mpg.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\brasilian gang bang xxx hot (!) .zip.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Program Files\dotnet\shared\malaysia hardcore sleeping .mpeg.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Program Files\Windows Sidebar\Shared Gadgets\american gang bang hardcore big cock .avi.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Program Files (x86)\Google\Temp\japanese action blowjob public feet .zip.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Program Files (x86)\Google\Update\Download\lingerie [free] .zip.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\italian horse fucking full movie ash (Anniston,Sarah).rar.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\WinSxS\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_10.0.19041.1_none_15ba23b7f1e2b81b\danish nude fucking catfight cock shower .rar.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\Downloads\fucking masturbation (Sarah).avi.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_10.0.19041.746_none_e2c6a972a81b8d2c\italian fetish blowjob [free] .mpg.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.746_none_b53f8b98f2b3a373\nude lesbian hidden hole wifey .zip.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Windows\SoftwareDistribution\Download\danish fetish lesbian [bangbus] hole pregnant .mpg.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_es-es_bf79b5fcc06b3128\asian trambling licking ejaculation .zip.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_10.0.19041.1_none_8c0b126c198fcf70\brasilian cumshot bukkake public cock .mpeg.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..ervices-tsfairshare_31bf3856ad364e35_10.0.19041.1_none_e32b64807ab11fd2\russian animal fucking public ejaculation .avi.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..ervices-tsfairshare_31bf3856ad364e35_10.0.19041.746_none_0b33a1c93a22de1c\hardcore [milf] feet hotel .mpg.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_ee7ea14f7d8a3ee3\british horse hot (!) (Curtney).rar.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.1_none_d12f2a9a88909fc2\fetish blowjob big (Sarah).mpg.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_10.0.19041.1_none_de1581e9a275faf8\cumshot beast public glans .zip.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.906_none_f962ab5f47e1e896\german blowjob catfight hole hotel (Janette).zip.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1_none_a23e6a858fad9595\lingerie uncut pregnant (Sandy,Tatjana).mpg.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Windows\InputMethod\SHARED\bukkake sleeping sm (Sonja,Tatjana).mpg.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\black gang bang beast public .mpg.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\horse several models hotel .mpg.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_de-de_16bd831fd16633be\african beast [milf] black hairunshaved (Britney,Sarah).zip.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_de-de_e4e52f411b7b0526\malaysia xxx lesbian glans .mpeg.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_67a96afcfa248327\canadian lingerie catfight glans shoes .rar.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Windows\WinSxS\InstallTemp\lesbian licking titts penetration .mpeg.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\japanese action fucking big beautyfull .avi.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d38ece58f77171b4\lingerie licking .avi.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..se-shared-datafiles_31bf3856ad364e35_10.0.19041.1_none_2f5f00d280dce9f6\norwegian fucking catfight redhair (Jenna,Sarah).zip.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_bfae5918c0443f83\chinese fucking voyeur .rar.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedpc-sharedpccsp_31bf3856ad364e35_10.0.19041.746_none_4cfe603abbcbfd86\fucking girls cock .mpeg.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.867_en-us_49453482f1fb5356\german hardcore voyeur glans hairy (Samantha).avi.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_5b152a8d329397ec\nude gay masturbation femdom .avi.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.746_none_d01527cffa9c25bc\spanish lingerie hidden stockings .mpeg.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1202_none_d8a1416ab7cccdcf\handjob horse full movie glans gorgeoushorny (Janette).mpeg.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.746_none_d404daff82e97769\beastiality lingerie sleeping .mpg.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1288_none_ca3007304990b2ea\trambling sleeping (Melissa).zip.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_10.0.19041.746_none_292c449ed2edefa3\asian fucking [bangbus] .avi.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Windows\WinSxS\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_10.0.19041.1_none_03040a328f65b761\tyrkish horse horse masturbation .avi.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Windows\PLA\Templates\danish nude beast full movie YEâPSè& .zip.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_cb389cf57d74d691\horse bukkake big titts .mpeg.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.572_none_cf90e12518baac85\handjob gay sleeping (Liz).avi.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_5abbd3c4a3f2014c\swedish beastiality horse hidden hairy .rar.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_07787dd7ae0cf4f6\japanese nude gay voyeur ejaculation .mpg.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Windows\WinSxS\msil_microsoft.powershel..filedownloadmanager_31bf3856ad364e35_10.0.19041.1_none_cb69bad627df9263\danish kicking blowjob girls hole (Ashley,Samantha).rar.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_215194e2327a46ac\german beast girls titts black hairunshaved (Liz).mpeg.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.1_none_fa09f84703cb02c5\danish gang bang trambling catfight hole .mpeg.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_fd7349c396c417ae\black nude sperm sleeping beautyfull .rar.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-security-ntlmshared_31bf3856ad364e35_10.0.19041.1_none_734900fc110387b6\malaysia xxx lesbian hole beautyfull .mpg.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Windows\WinSxS\amd64_netfx4-installsqlstatetemplate_sql_b03f5f7f11d50a3a_4.0.15805.0_none_7636d1cd418015c8\beastiality sperm sleeping .zip.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_7860bee9439c3ae7\lingerie lesbian feet bondage (Karin).zip.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_5d54c0aac5c3c12c\brasilian action trambling uncut hole hairy (Sarah).avi.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_855aff45853749ef\handjob blowjob voyeur glans .mpg.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_57eddd48e7a74274\french lesbian [bangbus] swallow .avi.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_e79b400a6df5fd2c\russian horse beast [milf] .zip.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_10.0.19041.1_none_bd731e5b85dd203e\russian action xxx girls feet .rar.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_en-us_8dd6053a0a5910eb\american cumshot gay hot (!) hole pregnant .rar.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-update-upshared_31bf3856ad364e35_10.0.19041.84_none_85259eff919b7c9e\swedish animal lingerie voyeur glans .mpeg.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1202_none_e2f5ebbcec2d8fca\canadian hardcore girls hairy (Britney,Jade).mpeg.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_adfc5e0bfca53431\beast sleeping shoes .mpeg.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_en-us_e5f85095c4bc5d16\indian fetish sperm lesbian glans blondie (Sylvia).rar.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_es-es_64c107d8bb3ade94\bukkake big redhair .mpeg.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-u..tyvm-sysprep-shared_31bf3856ad364e35_10.0.19041.1_none_3ba048793ab5eb3f\african hardcore masturbation cock penetration .mpg.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_f8d34ba1b1eb00de\french horse uncut cock (Ashley,Jade).mpg.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\danish fetish lingerie public titts upskirt .mpeg.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.1_none_4a03fd12cb3f16c2\malaysia bukkake uncut hole .avi.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Windows\mssrv.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5fdc43acc1be690d\cumshot trambling [free] hole (Christine,Samantha).rar.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.1266_none_7916f7558927ae23\norwegian horse hot (!) titts .rar.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2008 wrote to memory of 2348 N/A C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe
PID 2008 wrote to memory of 2348 N/A C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe
PID 2008 wrote to memory of 2348 N/A C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe
PID 2008 wrote to memory of 1456 N/A C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe
PID 2008 wrote to memory of 1456 N/A C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe
PID 2008 wrote to memory of 1456 N/A C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe
PID 2348 wrote to memory of 3652 N/A C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe
PID 2348 wrote to memory of 3652 N/A C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe
PID 2348 wrote to memory of 3652 N/A C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe

Processes

C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe

"C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe"

C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe

"C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe"

C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe

"C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe"

C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe

"C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 2008 -ip 2008

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2008 -s 1192

Network

Country Destination Domain Proto
US 8.8.8.8:53 178.223.142.52.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 75.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 130.118.77.104.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 13.179.89.13.in-addr.arpa udp

Files

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\blowjob [milf] (Karin).avi.exe

MD5 d718057c0b53f398b56fe0c7aa81e365
SHA1 c3a5ef31f69f91ccd700779d781e9a5177570a50
SHA256 5d1ce9ae0b2727ce91008d24a98ad3e2642998f316e24792cda52767ac21b989
SHA512 c7e68d2ec8d345faedd85c40f3e4d97dc5ff75d77d23fbdd6c56553a707bbd04b68ded5f2ed7d9ee4ff4679fadbee6424bfa63d0deb2b3f5f6ba2285dacaf0a6