Malware Analysis Report

2024-11-30 02:37

Sample ID 240407-wnlfcsae5s
Target 00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651
SHA256 00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651
Tags
upx persistence spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651

Threat Level: Known bad

The file 00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651 was found to be: Known bad.

Malicious Activity Summary

upx persistence spyware stealer

UPX dump on OEP (original entry point)

Detects executables containing possible sandbox analysis VM usernames

UPX dump on OEP (original entry point)

Reads user/profile data of web browsers

UPX packed file

Checks computer location settings

Enumerates connected drives

Adds Run key to start application

Drops file in System32 directory

Drops file in Program Files directory

Drops file in Windows directory

Unsigned PE

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-07 18:04

Signatures

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-07 18:04

Reported

2024-04-07 18:06

Platform

win7-20240221-en

Max time kernel

150s

Max time network

148s

Command Line

"C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe"

Signatures

Detects executables containing possible sandbox analysis VM usernames

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\kicking gang bang big .mpeg.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Windows\SysWOW64\IME\shared\handjob big circumcision (Janette).zip.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\kicking beastiality licking castration .zip.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\canadian horse voyeur 40+ .mpeg.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\nude licking .avi.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Windows\System32\DriverStore\Temp\norwegian xxx beast public bedroom .zip.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\fucking several models .mpeg.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Windows\System32\LogFiles\Fax\Incoming\brasilian beastiality girls beautyfull .avi.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\danish cumshot sperm [bangbus] cock (Melissa,Tatjana).mpeg.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Windows\SysWOW64\IME\shared\porn masturbation beautyfull (Sarah,Ashley).zip.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Google\Update\Download\french horse blowjob girls girly (Gina,Anniston).rar.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\blowjob big ash .rar.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\horse beast big .avi.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\cumshot horse masturbation legs young (Sarah,Janette).mpeg.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\hardcore horse hot (!) titts circumcision (Gina).zip.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Program Files\DVD Maker\Shared\gang bang handjob hidden feet shower .avi.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\asian sperm action masturbation granny .mpeg.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\blowjob kicking hidden feet traffic .zip.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\horse handjob hidden hotel .avi.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Program Files\Windows Journal\Templates\spanish cum catfight nipples YEâPSè& (Britney,Sylvia).avi.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\tyrkish cumshot [free] penetration .mpg.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\gay lingerie [milf] .zip.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Program Files\Windows Sidebar\Shared Gadgets\italian blowjob hot (!) hole lady .zip.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Program Files (x86)\Google\Temp\russian beastiality hot (!) .mpeg.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\spanish fetish handjob girls cock beautyfull .rar.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\horse masturbation titts upskirt (Sandy,Britney).avi.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_aedaf3947d09fbe5\tyrkish nude hidden mature .avi.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_34400a5790d1d336\canadian animal fetish sleeping circumcision .mpeg.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Windows\assembly\tmp\brasilian hardcore fetish big legs (Jade,Britney).mpeg.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5d9f7d70ed4643fd\action horse hot (!) ash .mpg.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_3863e9ef3f804dd9\danish lingerie gay girls legs .mpg.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\animal full movie vagina .zip.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\indian sperm [milf] .rar.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\horse nude [milf] castration .rar.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_en-us_00f45b041e1e8fd3\beastiality hardcore hot (!) bedroom (Anniston).mpg.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_60c2504d62fd4f0e\italian handjob gay lesbian bondage .mpg.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0993a1b8823a4e79\brasilian animal [milf] lady .rar.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Windows\security\templates\xxx fetish several models .mpeg.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\action lesbian (Sandy,Sarah).mpg.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_d81c96999f75bd77\malaysia nude cum [milf] (Sylvia,Tatjana).rar.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_965db382b6fef5cb\swedish sperm lingerie uncut redhair (Sylvia).mpeg.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_4d274741486b900c\french hardcore porn hot (!) hole .zip.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_4fe2107fd06efdd8\tyrkish beastiality voyeur ejaculation .avi.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0af98f1835676d1b\japanese cum [milf] sweet .rar.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ac16749b75335680\american beast masturbation ìï .mpg.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-m..-temptable-provider_31bf3856ad364e35_6.1.7600.16385_none_1dd3ce8d1e7524cd\british gang bang porn big vagina (Kathrin).rar.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_ddab3bcb3a4ffb45\asian trambling action voyeur beautyfull .mpg.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\german cum trambling catfight .zip.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\Downloads\animal gang bang voyeur bedroom (Jade,Curtney).avi.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_6.1.7600.16385_none_a727eb798dcfb185\horse masturbation sweet (Janette).mpeg.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_963e6ae24c653bfe\norwegian horse hardcore full movie swallow .avi.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_6.1.7600.16385_none_5499606faffb3f9f\chinese fetish uncut sm .mpg.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_3b85bcbe4734e96a\french bukkake girls black hairunshaved (Sandy).rar.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\russian bukkake horse catfight bondage .mpeg.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_cd2006602e5ee22e\animal licking (Sylvia,Curtney).mpeg.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\brasilian nude [free] .mpeg.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_es-es_00bfb7e81e458178\animal trambling public high heels .mpg.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_00225053e03f4c04\british xxx blowjob catfight titts YEâPSè& .avi.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Windows\SoftwareDistribution\Download\indian kicking voyeur wifey .rar.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8bc7919d3f36cee7\fucking sleeping .zip.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ad7c61fb28607522\brasilian animal fetish several models .zip.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_f3c374fc18118ca2\gay horse sleeping .mpeg.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\french bukkake [free] .mpg.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_99b74194b7347cab\brasilian nude masturbation pregnant .zip.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_60a2cbbf935c42b4\russian hardcore licking .mpeg.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_b7f38afb92de484f\spanish porn big castration .mpg.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_387a16fe7addf3b6\malaysia cumshot porn hidden (Ashley,Christine).avi.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Windows\winsxs\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_5e4ff1f4cf2dee9b\american horse handjob big titts (Sonja,Sonja).rar.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\japanese cum catfight shoes .mpeg.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\beastiality lingerie uncut YEâPSè& .zip.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_aea650787d30ed8a\nude lesbian titts lady .zip.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_it-it_18a6fde3093acac7\beast sleeping nipples (Britney).avi.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_3d98a610fed70b75\african animal gang bang uncut shower .mpg.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Windows\mssrv.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Windows\assembly\temp\brasilian beast lesbian masturbation cock .mpg.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\lesbian [bangbus] swallow (Anniston).avi.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\Downloads\canadian horse catfight ash Ôë (Sarah,Samantha).zip.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_6.1.7600.16385_none_49dd84a06c7c8863\asian xxx action masturbation leather .mpeg.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Windows\winsxs\amd64_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_c26c5b8280c6af34\bukkake handjob big boobs .avi.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\trambling [milf] .avi.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\malaysia beast beastiality sleeping blondie .rar.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8c6fc5a7aa8c435d\chinese horse masturbation cock mistress .rar.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_79642285ffd2a388\malaysia cum kicking big .rar.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_7f84cd98a7a56fd8\blowjob sperm [free] 40+ .rar.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Windows\PLA\Templates\beastiality [milf] (Britney).zip.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05\danish lesbian [free] .zip.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_bcc167434bb9b3ea\sperm gang bang several models (Sandy,Karin).mpeg.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5d6ada54ed6d35a2\hardcore cum girls glans .avi.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_05ea1d9b8e2bf020\kicking licking ash (Tatjana,Janette).mpg.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2940 wrote to memory of 2744 N/A C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe
PID 2940 wrote to memory of 2744 N/A C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe
PID 2940 wrote to memory of 2744 N/A C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe
PID 2940 wrote to memory of 2744 N/A C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe
PID 2744 wrote to memory of 2992 N/A C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe
PID 2744 wrote to memory of 2992 N/A C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe
PID 2744 wrote to memory of 2992 N/A C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe
PID 2744 wrote to memory of 2992 N/A C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe

Processes

C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe

"C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe"

C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe

"C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe"

C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe

"C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 107.127.117.248.in-addr.arpa udp
US 8.8.8.8:53 42.205.227.247.in-addr.arpa udp
US 8.8.8.8:53 63.164.172.27.in-addr.arpa udp
US 8.8.8.8:53 181.217.26.243.in-addr.arpa udp
US 8.8.8.8:53 146.85.19.221.in-addr.arpa udp
US 8.8.8.8:53 137.222.39.86.in-addr.arpa udp
US 8.8.8.8:53 119.252.233.107.in-addr.arpa udp
US 8.8.8.8:53 209.119.53.225.in-addr.arpa udp
US 8.8.8.8:53 173.20.162.99.in-addr.arpa udp
US 8.8.8.8:53 140.123.210.175.in-addr.arpa udp
US 8.8.8.8:53 36.223.215.7.in-addr.arpa udp
US 8.8.8.8:53 191.233.133.141.in-addr.arpa udp
US 8.8.8.8:53 21.121.163.159.in-addr.arpa udp
US 8.8.8.8:53 216.7.216.173.in-addr.arpa udp
US 8.8.8.8:53 31.47.119.56.in-addr.arpa udp
US 8.8.8.8:53 199.83.168.200.in-addr.arpa udp
US 8.8.8.8:53 118.205.181.185.in-addr.arpa udp
US 8.8.8.8:53 63.114.169.112.in-addr.arpa udp
US 8.8.8.8:53 10.162.155.98.in-addr.arpa udp
US 8.8.8.8:53 86.218.160.92.in-addr.arpa udp
US 8.8.8.8:53 192.229.213.198.in-addr.arpa udp
US 8.8.8.8:53 230.203.192.14.in-addr.arpa udp
US 8.8.8.8:53 156.211.109.225.in-addr.arpa udp
US 8.8.8.8:53 10.180.207.159.in-addr.arpa udp
US 8.8.8.8:53 254.206.67.55.in-addr.arpa udp
US 8.8.8.8:53 216.48.114.233.in-addr.arpa udp
US 8.8.8.8:53 157.79.162.104.in-addr.arpa udp

Files

memory/2940-0-0x0000000000400000-0x000000000041F000-memory.dmp

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\asian sperm action masturbation granny .mpeg.exe

MD5 b19890adb7d3572a0ff7ebfaa5d99a45
SHA1 5959eb12aaed457da0444b4e9b53ca4260131dbd
SHA256 74b03d1c0c6c1725a6e0f3ffa667fb059b1b97088b0ac6a445fe623d3db6390e
SHA512 39ef04964230ca2e736f6772a869c3081485d8f384f9a7091cb05ebdb47d947c5fb88c605963344ef3755d4138807fe1c3008154fb2360ffd45bcce419c6af70

memory/2940-63-0x0000000004920000-0x000000000493F000-memory.dmp

memory/2744-64-0x0000000000400000-0x000000000041F000-memory.dmp

memory/2744-85-0x0000000004A90000-0x0000000004AAF000-memory.dmp

memory/2992-86-0x0000000000400000-0x000000000041F000-memory.dmp

memory/2940-103-0x0000000000400000-0x000000000041F000-memory.dmp

memory/2940-105-0x0000000004920000-0x000000000493F000-memory.dmp

memory/2744-106-0x0000000000400000-0x000000000041F000-memory.dmp

memory/2744-107-0x0000000004A90000-0x0000000004AAF000-memory.dmp

memory/2992-108-0x0000000000400000-0x000000000041F000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-04-07 18:04

Reported

2024-04-07 18:06

Platform

win10v2004-20240226-en

Max time kernel

150s

Max time network

156s

Command Line

"C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe"

Signatures

Detects executables containing possible sandbox analysis VM usernames

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\config\systemprofile\hardcore lingerie uncut bedroom .mpg.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Windows\System32\DriverStore\Temp\british fucking beast hidden cock .avi.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\chinese hardcore nude licking bondage .mpg.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\german animal cum catfight sm (Sandy).zip.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\german fetish lesbian cock .mpeg.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\african cumshot cum public legs hotel .mpeg.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\lingerie xxx [free] gorgeoushorny (Sonja).avi.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Windows\SysWOW64\IME\SHARED\lesbian [bangbus] .mpeg.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Windows\System32\LogFiles\Fax\Incoming\blowjob public granny .mpg.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\handjob [free] cock pregnant (Britney,Curtney).mpeg.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Windows\SysWOW64\IME\SHARED\gang bang porn lesbian 50+ .mpg.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\fetish bukkake several models mature .zip.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\norwegian fetish uncut bedroom .mpeg.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Program Files\dotnet\shared\british lesbian gay [free] hole upskirt .mpg.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Program Files\Windows Sidebar\Shared Gadgets\canadian kicking girls feet .avi.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Program Files (x86)\Google\Temp\russian porn action [bangbus] shower (Sonja,Samantha).mpeg.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\japanese handjob masturbation YEâPSè& .mpg.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\lesbian lesbian cock fishy .zip.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU5927.tmp\russian cum handjob public cock .zip.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\japanese gang bang voyeur (Sarah,Liz).mpg.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\american horse public black hairunshaved (Sonja,Liz).mpg.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\handjob lingerie lesbian ash (Gina).zip.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Program Files (x86)\Google\Update\Download\french blowjob hardcore full movie gorgeoushorny .mpeg.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\lesbian lesbian several models ejaculation .rar.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\porn blowjob girls .mpg.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Program Files\Microsoft Office\Updates\Download\handjob gay masturbation titts balls (Janette).mpg.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\handjob catfight boobs (Samantha).avi.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Program Files\Common Files\microsoft shared\norwegian fucking blowjob voyeur vagina penetration (Kathrin,Sandy).zip.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\xxx fetish lesbian (Christine,Jade).avi.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\brasilian gay full movie nipples .zip.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\norwegian nude cum masturbation traffic .zip.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5021dd18efc0460c\porn sleeping legs (Britney).zip.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_62312bfbb33d478a\swedish bukkake full movie .mpg.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_5af076e0a3cb0fa7\beast masturbation .rar.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-u..tyvm-sysprep-shared_31bf3856ad364e35_10.0.19041.1_none_3ba048793ab5eb3f\norwegian porn bukkake hidden .mpeg.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_fe0807c37141be7a\beast voyeur bondage (Christine,Gina).mpg.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_211cf1c632a13851\chinese sperm sleeping YEâPSè& (Jenna,Gina).mpeg.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-m..ineshared.resources_31bf3856ad364e35_10.0.19041.1_en-us_99ddc8ce8d3d6dac\xxx gay masturbation boobs traffic .mpeg.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_14c898cc82025c76\swedish beast lingerie girls legs shoes (Curtney,Ashley).mpg.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Windows\WinSxS\x86_netfx4-uninstallsqlstatetemplate_sql_b03f5f7f11d50a3a_4.0.15805.0_none_231ddfc33015c6db\black porn xxx several models Ôï .avi.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_93c5f32b7859ec4f\norwegian beast nude hidden ejaculation .avi.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedrealitysvc_31bf3856ad364e35_10.0.19041.1_none_5a23b464e1e0b15e\african gay animal licking legs penetration (Melissa).mpg.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_10.0.19041.1_none_4ac6500cab2b2113\animal fucking catfight glans .mpeg.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_ca03036af4a5017e\japanese beastiality lingerie voyeur nipples femdom .mpeg.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.1_none_0bc0f3d4cd7dc8fd\lesbian horse several models .mpeg.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.844_none_67b5915b5651dd8a\sperm porn girls .zip.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_b1ffa0e7b4ed03e2\german bukkake public castration (Ashley,Samantha).rar.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_e79b400a6df5fd2c\japanese hardcore lesbian licking balls (Sonja,Karin).mpg.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\german lingerie fucking masturbation \Û (Ashley).mpg.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_215194e2327a46ac\malaysia handjob handjob sleeping boobs 40+ (Sonja,Curtney).mpeg.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.1_none_fa09f84703cb02c5\trambling [milf] feet .rar.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Windows\WinSxS\x86_microsoft-windows-m..-temptable-provider_31bf3856ad364e35_10.0.19041.1_none_77cfea69a421a4a1\hardcore catfight .rar.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.867_en-us_49453482f1fb5356\beast beast licking boobs sm .mpg.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-u..ell-sharedutilities_31bf3856ad364e35_10.0.19041.546_none_a93e4a2569276206\malaysia fucking lesbian titts balls (Karin).rar.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_10.0.19041.1_none_551afa5edf8be30e\xxx [bangbus] cock (Sylvia,Britney).mpeg.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_19d22204a1f3fcaf\japanese porn big ejaculation .mpeg.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_b597a55b603b537d\italian animal voyeur redhair .zip.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_es-es_c9ce604ef4cbf323\russian bukkake uncut vagina (Jade).rar.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.1_none_7862ecae0548fb54\italian bukkake several models .mpg.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..acejoin-gptemplates_31bf3856ad364e35_10.0.19041.1_none_609f27436445f4da\kicking hot (!) swallow .zip.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_it-it_bdb6c49fcea35732\italian handjob blowjob [bangbus] .zip.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_855aff45853749ef\animal beastiality full movie .rar.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_2fe79eae2833b9b1\brasilian handjob beast [free] hole granny .mpeg.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\Downloads\russian fetish handjob voyeur penetration .zip.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Windows\SystemResources\Windows.ShellCommon.SharedResources\blowjob cumshot [milf] .zip.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Windows\WinSxS\amd64_netfx4-installsqlstatetemplate_sql_b03f5f7f11d50a3a_4.0.15805.0_none_7636d1cd418015c8\swedish hardcore uncut .mpeg.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_es-es_e5c3ad79c4e34ebb\french kicking hidden fishy .zip.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.1_none_6e0e425bd0e83959\tyrkish hardcore fucking licking 50+ .mpg.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_833abdc06c68d338\canadian beast lesbian 40+ (Janette).mpg.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1202_none_e2f5ebbcec2d8fca\swedish porn voyeur .mpeg.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.746_none_de598551b74a3964\spanish cum cum [free] .zip.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_10.0.19041.1_none_ae957c4c35a7bf73\action catfight shower (Jade).mpeg.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_10.0.19041.1_none_01240756137c3159\japanese cumshot trambling girls .mpg.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_de-de_e4e52f411b7b0526\chinese sperm animal several models legs 40+ .mpeg.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Windows\WinSxS\amd64_netfx-aspnet-sharedcomponents_b03f5f7f11d50a3a_4.0.19041.1_none_47ca94859da20b28\british sperm fucking uncut sweet (Samantha,Melissa).zip.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-composable-sharepicker_31bf3856ad364e35_10.0.19041.1_none_c87e96327faffd0e\malaysia trambling licking titts .rar.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_4c786ae2f508e6d5\horse lingerie licking boots .mpeg.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Windows\WinSxS\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_10.0.19041.1_none_03040a328f65b761\danish beastiality public nipples beautyfull .zip.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Windows\WinSxS\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_10.0.19041.1_none_a723631dce180fe0\hardcore [milf] (Jenna,Sylvia).mpg.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_89c0bf1761110f07\danish cumshot full movie sweet (Samantha,Kathrin).zip.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_de-de_3d077a9cd5de5151\japanese lesbian public .avi.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\Downloads\british blowjob catfight (Samantha,Sandy).rar.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Windows\SoftwareDistribution\Download\gay full movie high heels .rar.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\templates\spanish lingerie [bangbus] .avi.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_es-es_30d7585a049f5b52\gang bang girls mistress (Liz).mpg.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.789_en-us_58ebf9ecc407e3c0\swedish beastiality [milf] stockings (Kathrin).mpeg.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-a..gement-uevtemplates_31bf3856ad364e35_10.0.19041.1_none_0d66b54875835a49\brasilian hardcore beastiality hot (!) .avi.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_10.0.19041.1_none_91025638be651781\swedish hardcore horse full movie .avi.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Windows\SystemResources\Windows.UI.ShellCommon\SharePickerUI\xxx animal girls .mpeg.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.1266_none_7916f7558927ae23\italian animal sperm masturbation bedroom (Sandy).zip.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Windows\WinSxS\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_10.0.19041.1_none_359f84f8e5af60e2\brasilian blowjob [milf] .avi.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_it-it_56adcc94becfef03\african trambling nude voyeur legs .mpg.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_fd7349c396c417ae\kicking [free] (Anniston).mpg.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.746_none_a06b29f6c4bab99e\japanese horse nude public traffic .avi.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_f07d4fae3e8e883f\american beast [bangbus] (Karin).zip.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1648 wrote to memory of 3832 N/A C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe
PID 1648 wrote to memory of 3832 N/A C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe
PID 1648 wrote to memory of 3832 N/A C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe
PID 1648 wrote to memory of 3732 N/A C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe
PID 1648 wrote to memory of 3732 N/A C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe
PID 1648 wrote to memory of 3732 N/A C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe
PID 3832 wrote to memory of 3364 N/A C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe
PID 3832 wrote to memory of 3364 N/A C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe
PID 3832 wrote to memory of 3364 N/A C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe

Processes

C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe

"C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe"

C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe

"C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe"

C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe

"C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe"

C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe

"C:\Users\Admin\AppData\Local\Temp\00358836c019961f1a73e8f8ff705f298b2728936f58eba31e300e6f3a71f651.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 79.121.231.20.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 20.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 249.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 17.143.109.104.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 73.185.195.135.in-addr.arpa udp
US 8.8.8.8:53 32.185.98.235.in-addr.arpa udp
US 8.8.8.8:53 78.204.111.35.in-addr.arpa udp
US 8.8.8.8:53 202.190.127.194.in-addr.arpa udp
US 8.8.8.8:53 219.247.50.62.in-addr.arpa udp
US 8.8.8.8:53 107.53.11.216.in-addr.arpa udp
US 8.8.8.8:53 233.81.31.124.in-addr.arpa udp
US 8.8.8.8:53 195.53.84.109.in-addr.arpa udp
US 8.8.8.8:53 195.159.64.136.in-addr.arpa udp
US 8.8.8.8:53 2.234.231.43.in-addr.arpa udp
US 8.8.8.8:53 160.133.238.239.in-addr.arpa udp
US 8.8.8.8:53 145.89.241.100.in-addr.arpa udp
US 8.8.8.8:53 119.65.235.51.in-addr.arpa udp
US 8.8.8.8:53 149.238.93.51.in-addr.arpa udp
US 8.8.8.8:53 79.128.14.248.in-addr.arpa udp
US 8.8.8.8:53 163.173.92.224.in-addr.arpa udp
US 8.8.8.8:53 160.96.224.228.in-addr.arpa udp
US 8.8.8.8:53 77.65.137.91.in-addr.arpa udp
US 8.8.8.8:53 245.110.160.242.in-addr.arpa udp
US 8.8.8.8:53 18.28.42.227.in-addr.arpa udp
US 8.8.8.8:53 181.117.4.92.in-addr.arpa udp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 17.124.14.82.in-addr.arpa udp
US 8.8.8.8:53 245.69.229.85.in-addr.arpa udp
US 8.8.8.8:53 120.91.7.225.in-addr.arpa udp
US 8.8.8.8:53 50.110.13.21.in-addr.arpa udp
US 8.8.8.8:53 152.149.24.105.in-addr.arpa udp
US 8.8.8.8:53 14.178.185.12.in-addr.arpa udp
US 8.8.8.8:53 226.120.194.43.in-addr.arpa udp
US 8.8.8.8:53 204.132.252.71.in-addr.arpa udp
US 8.8.8.8:53 52.89.79.210.in-addr.arpa udp
US 8.8.8.8:53 95.15.99.232.in-addr.arpa udp
US 8.8.8.8:53 38.151.6.8.in-addr.arpa udp
US 8.8.8.8:53 94.107.77.23.in-addr.arpa udp
US 8.8.8.8:53 52.7.10.151.in-addr.arpa udp
US 8.8.8.8:53 93.94.52.76.in-addr.arpa udp
US 8.8.8.8:53 228.77.29.54.in-addr.arpa udp
US 8.8.8.8:53 141.77.214.180.in-addr.arpa udp
US 8.8.8.8:53 89.243.41.13.in-addr.arpa udp
US 8.8.8.8:53 52.97.90.66.in-addr.arpa udp
US 8.8.8.8:53 165.249.28.137.in-addr.arpa udp
US 8.8.8.8:53 61.206.104.78.in-addr.arpa udp
US 8.8.8.8:53 127.33.174.193.in-addr.arpa udp
US 8.8.8.8:53 208.211.57.255.in-addr.arpa udp
US 8.8.8.8:53 108.170.215.164.in-addr.arpa udp
US 8.8.8.8:53 223.6.191.156.in-addr.arpa udp
US 8.8.8.8:53 135.3.107.177.in-addr.arpa udp

Files

memory/1648-0-0x0000000000400000-0x000000000041F000-memory.dmp

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\xxx fetish lesbian (Christine,Jade).avi.exe

MD5 043ccaccce951eadb7f5ec0fb4797d21
SHA1 ec0505b8994f3a4215d9307f947a7f8c74b46c99
SHA256 7d21468f5ca9a5c2ea50adf190df11b2f0c37fe78dafdf91ccddc628e559c91d
SHA512 4d75d528990cc8c445701fb2ae57193863284fe25f4e867240d6bf4219149e1dd692b2a3f322d4051ad895f3197d3273e768a65f72e0a993856231097fc06ff3

memory/3832-12-0x0000000000400000-0x000000000041F000-memory.dmp

memory/3364-19-0x0000000000400000-0x000000000041F000-memory.dmp

memory/1648-189-0x0000000000400000-0x000000000041F000-memory.dmp

memory/3832-191-0x0000000000400000-0x000000000041F000-memory.dmp

memory/3732-194-0x0000000000400000-0x000000000041F000-memory.dmp

memory/3364-195-0x0000000000400000-0x000000000041F000-memory.dmp