Malware Analysis Report

2024-11-30 02:48

Sample ID 240407-wwac3aag3x
Target 055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00
SHA256 055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00
Tags
upx persistence spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00

Threat Level: Known bad

The file 055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00 was found to be: Known bad.

Malicious Activity Summary

upx persistence spyware stealer

UPX dump on OEP (original entry point)

Detects executables containing possible sandbox analysis VM usernames

UPX dump on OEP (original entry point)

Reads user/profile data of web browsers

Checks computer location settings

UPX packed file

Enumerates connected drives

Adds Run key to start application

Drops file in System32 directory

Drops file in Program Files directory

Drops file in Windows directory

Enumerates physical storage devices

Unsigned PE

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-07 18:15

Signatures

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-07 18:15

Reported

2024-04-07 18:18

Platform

win7-20240221-en

Max time kernel

150s

Max time network

154s

Command Line

"C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe"

Signatures

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\DriverStore\Temp\fucking [free] hole shower .mpeg.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Windows\SysWOW64\IME\shared\brasilian action lingerie licking boots .mpg.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\gay [bangbus] (Jade).mpeg.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\brasilian cumshot beast several models cock .mpg.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Windows\SysWOW64\IME\shared\trambling masturbation glans .mpg.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\indian horse blowjob uncut feet (Sandy,Sarah).rar.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\sperm catfight glans latex (Sarah).avi.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\horse fucking sleeping .mpg.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Windows\System32\LogFiles\Fax\Incoming\lesbian [bangbus] glans .avi.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\beast lesbian feet circumcision .rar.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\danish horse blowjob full movie girly (Jenna,Sylvia).mpg.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\hardcore lesbian high heels .mpeg.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Program Files\Windows Journal\Templates\lingerie big blondie .mpg.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Program Files\Windows Sidebar\Shared Gadgets\xxx girls titts .zip.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\hardcore big (Samantha).avi.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\american handjob fucking full movie penetration .zip.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\swedish fetish fucking girls balls .mpeg.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\fucking hidden fishy (Sandy,Tatjana).avi.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Program Files (x86)\Google\Update\Download\tyrkish nude lesbian [bangbus] traffic .avi.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\american animal gay full movie feet .rar.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\swedish kicking beast [free] hole 50+ (Sylvia).avi.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\black action hardcore masturbation stockings .mpeg.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Program Files\DVD Maker\Shared\italian gang bang beast uncut young (Britney,Karin).avi.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\beast big bondage (Anniston,Curtney).mpg.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Program Files (x86)\Google\Temp\russian fetish horse [bangbus] .zip.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\ServiceProfiles\NetworkService\Downloads\sperm hot (!) feet black hairunshaved .avi.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0ac4ebfc358e5ec0\canadian gay licking (Melissa).rar.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_963e6ae24c653bfe\malaysia horse several models titts bedroom .rar.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\blowjob masturbation YEâPSè& .mpg.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_4fe2107fd06efdd8\swedish kicking fucking [bangbus] hole swallow (Sarah).mpeg.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a3772de7111797da\lingerie hidden mistress .mpeg.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_6.1.7600.16385_none_a727eb798dcfb185\german sperm catfight .mpeg.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-m..-temptable-provider_31bf3856ad364e35_6.1.7600.16385_none_1dd3ce8d1e7524cd\indian fetish beast hot (!) balls .avi.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_ddab3bcb3a4ffb45\fetish fucking masturbation hairy (Sonja,Janette).avi.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_94ab98ac6d213009\indian cumshot gay voyeur blondie .zip.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0af98f1835676d1b\kicking xxx public (Curtney).rar.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_d81c96999f75bd77\cumshot blowjob girls mistress (Kathrin,Sylvia).mpeg.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5d9f7d70ed4643fd\porn blowjob catfight (Janette).avi.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5d6ada54ed6d35a2\animal bukkake hidden swallow .mpeg.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_6.1.7600.16385_none_6377027f0030a06a\malaysia blowjob licking sweet .avi.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Windows\winsxs\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_39374e2435a71b47\cumshot trambling [free] hole bondage .mpeg.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Windows\mssrv.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_657d9a203abeb154\spanish horse full movie feet bondage .avi.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_3c93ac15fd731acf\asian trambling voyeur castration (Sonja,Curtney).zip.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8bfc34b93f0fdd42\nude blowjob [free] titts ash (Janette).mpeg.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\bukkake big titts castration .mpeg.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_515dc677700303ec\italian horse trambling big ash .mpg.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\fucking big feet sweet .rar.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_6f0f7833cb71e18d\japanese fetish horse [milf] cock shoes .avi.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8d9f242de8497d58\lesbian full movie (Karin).rar.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_f3c374fc18118ca2\fucking licking balls (Christine,Sylvia).avi.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\indian cum horse masturbation (Sarah).rar.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_f27c4f066f5c6701\bukkake hot (!) titts .mpeg.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0835101f2d90c7b6\horse bukkake [bangbus] redhair .zip.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e30b5ec05031d17d\sperm [free] titts lady .rar.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_6208b91f46896156\lesbian full movie mistress (Jenna,Tatjana).rar.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_4d274741486b900c\spanish lingerie catfight balls .rar.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\xxx licking granny (Sandy,Curtney).mpeg.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_65b23d3c3a97bfaf\german gay sleeping .mpeg.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_en-us_00f45b041e1e8fd3\tyrkish action horse girls feet leather (Janette).mpg.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_b7f38afb92de484f\malaysia trambling big (Melissa).zip.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_6.1.7600.16385_none_2958d4a31d2ec64f\fetish lesbian masturbation (Sarah).avi.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\american gang bang xxx masturbation hole pregnant (Curtney).rar.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Windows\winsxs\InstallTemp\cum blowjob several models .rar.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Windows\winsxs\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_5e4ff1f4cf2dee9b\japanese porn trambling full movie .zip.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Windows\SoftwareDistribution\Download\indian animal gay hot (!) feet girly .mpg.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\brasilian nude beast public titts .rar.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Windows\winsxs\amd64_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_c26c5b8280c6af34\black action horse catfight feet beautyfull (Tatjana).rar.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_387a16fe7addf3b6\fetish horse public balls .mpg.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\sperm girls ash .rar.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Windows\security\templates\lesbian big hotel (Kathrin,Liz).avi.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\trambling several models lady .rar.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\russian nude sperm sleeping (Tatjana).mpeg.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Windows\assembly\tmp\lingerie masturbation titts leather .zip.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_bcc167434bb9b3ea\african hardcore public .mpeg.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b4aea777fe683838\porn hardcore girls glans sweet .zip.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_it-it_18a6fde3093acac7\horse horse uncut wifey .rar.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\tyrkish action trambling licking mature .mpeg.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\hardcore sleeping .avi.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ea4a469ab7713182\sperm uncut feet shoes (Curtney).zip.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_1412267f4b3bb985\british fucking big cock boots .rar.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_f0ca3430257ea13f\animal gay masturbation (Samantha).mpg.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\horse hot (!) .mpeg.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_3863e9ef3f804dd9\cumshot hardcore licking cock .rar.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\hardcore licking cock .zip.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Windows\assembly\temp\blowjob big titts sweet .rar.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\japanese kicking fucking [bangbus] cock .mpg.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_2e7f079c3208e549\handjob xxx full movie titts hotel .mpg.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_bacc7ceffc55dca2\hardcore catfight bondage .mpeg.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2168 wrote to memory of 2804 N/A C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe
PID 2168 wrote to memory of 2804 N/A C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe
PID 2168 wrote to memory of 2804 N/A C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe
PID 2168 wrote to memory of 2804 N/A C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe
PID 2804 wrote to memory of 2660 N/A C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe
PID 2804 wrote to memory of 2660 N/A C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe
PID 2804 wrote to memory of 2660 N/A C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe
PID 2804 wrote to memory of 2660 N/A C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe

Processes

C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe

"C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe"

C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe

"C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe"

C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe

"C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 69.22.78.100.in-addr.arpa udp
US 8.8.8.8:53 81.84.21.220.in-addr.arpa udp
US 8.8.8.8:53 85.101.83.73.in-addr.arpa udp
US 8.8.8.8:53 77.172.99.250.in-addr.arpa udp
US 8.8.8.8:53 95.30.215.182.in-addr.arpa udp
US 8.8.8.8:53 143.96.195.44.in-addr.arpa udp
US 8.8.8.8:53 56.6.164.61.in-addr.arpa udp
US 8.8.8.8:53 96.37.142.230.in-addr.arpa udp
US 8.8.8.8:53 225.145.106.43.in-addr.arpa udp
US 8.8.8.8:53 245.52.78.13.in-addr.arpa udp
US 8.8.8.8:53 42.7.184.57.in-addr.arpa udp
US 8.8.8.8:53 152.81.46.240.in-addr.arpa udp
US 8.8.8.8:53 87.34.31.52.in-addr.arpa udp
US 8.8.8.8:53 201.118.207.18.in-addr.arpa udp
US 8.8.8.8:53 16.55.113.235.in-addr.arpa udp
US 8.8.8.8:53 253.67.196.96.in-addr.arpa udp
US 8.8.8.8:53 90.244.134.89.in-addr.arpa udp
US 8.8.8.8:53 105.229.181.167.in-addr.arpa udp
US 8.8.8.8:53 226.112.75.93.in-addr.arpa udp
US 8.8.8.8:53 37.213.183.49.in-addr.arpa udp
US 8.8.8.8:53 110.225.32.43.in-addr.arpa udp
US 8.8.8.8:53 83.177.58.173.in-addr.arpa udp

Files

memory/2168-0-0x0000000000400000-0x000000000041E000-memory.dmp

C:\Program Files\Windows Sidebar\Shared Gadgets\xxx girls titts .zip.exe

MD5 167852c0c369cf2bde5b19757a00e8de
SHA1 6592aca08accbb1c1ec6cf70f4855f7767af8153
SHA256 48ef67d0e875796e248758413d9be39a6ead9cfbaf48e3f2fb78dad84eb3a138
SHA512 55d723a9c36219535d17f6bad14703acb33e2f5a81559d5f2d49ba0124c2211cc2e4a1486dabef01be3ad4293d4c71d6633ab86e42a7d3da24b6faed903de50a

memory/2168-19-0x0000000004D20000-0x0000000004D3E000-memory.dmp

memory/2804-20-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2804-58-0x00000000047D0000-0x00000000047EE000-memory.dmp

memory/2660-60-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2168-94-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2168-96-0x0000000004D20000-0x0000000004D3E000-memory.dmp

memory/2804-97-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2804-99-0x00000000047D0000-0x00000000047EE000-memory.dmp

C:\debug.txt

MD5 08b76d76a6f50d3e2a7ceacc3650973a
SHA1 263cecf2a8327097d8343e6699acfb480011942d
SHA256 e9913b7d57a125fc1e8291347af09eaf2258dba1d2cac07dd77a94ac025a2fa8
SHA512 39b7af5c550af8cad607a6160f9c3db1fbff417addd861c923d5ddd54fd371bfa9db4330e7ed35ef0e0b198443082535fac76f571d90a0037342d6cf992825e6

Analysis: behavioral2

Detonation Overview

Submitted

2024-04-07 18:15

Reported

2024-04-07 18:18

Platform

win10v2004-20240226-en

Max time kernel

151s

Max time network

158s

Command Line

"C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe"

Signatures

Detects executables containing possible sandbox analysis VM usernames

Description Indicator Process Target
N/A N/A N/A N/A

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\config\systemprofile\german lesbian catfight cock circumcision (Karin).mpg.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Windows\System32\LogFiles\Fax\Incoming\british sperm masturbation sm .rar.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\tyrkish fetish fucking catfight glans boots (Jenna,Sonja).rar.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Windows\SysWOW64\IME\SHARED\action public stockings .avi.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\asian gang bang kicking big feet beautyfull .mpg.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\horse hidden ejaculation (Jade,Christine).mpeg.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\danish cumshot fetish uncut (Samantha).avi.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Windows\System32\DriverStore\Temp\asian handjob kicking [milf] feet ash .mpeg.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\blowjob lesbian sweet .mpeg.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Windows\SysWOW64\IME\SHARED\tyrkish xxx uncut fishy .mpg.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\hardcore horse public .avi.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\japanese hardcore porn big black hairunshaved .rar.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\tyrkish gang bang lesbian public boobs girly (Kathrin,Sarah).rar.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\horse full movie boobs .avi.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\indian fetish masturbation legs wifey .avi.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\indian lesbian cum lesbian cock leather .mpeg.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Program Files\Windows Sidebar\Shared Gadgets\trambling lingerie voyeur hotel .mpg.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\cumshot cum girls vagina 40+ .avi.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\fucking [milf] traffic .mpg.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\lesbian cumshot full movie upskirt .mpg.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Program Files (x86)\Google\Update\Download\fetish animal full movie vagina .zip.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Program Files\Common Files\microsoft shared\hardcore gang bang big .avi.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Program Files\dotnet\shared\american beast [milf] nipples sm .rar.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Program Files\Microsoft Office\Updates\Download\danish handjob masturbation nipples (Anniston,Liz).mpg.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\nude hardcore masturbation high heels .mpeg.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\porn uncut .mpeg.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\sperm blowjob full movie bedroom .mpg.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\danish blowjob nude several models feet hairy .zip.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Program Files (x86)\Google\Temp\canadian beastiality licking .zip.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.572_none_d9e58b774d1b6e80\asian cum full movie mature .zip.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Windows\SystemResources\Windows.ShellCommon.SharedResources\african porn sperm girls young (Melissa).zip.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_10.0.19041.746_none_e2c6a972a81b8d2c\german animal beast hidden hole hairy .mpg.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.1_none_abfc9db6c377b91f\german horse horse lesbian black hairunshaved (Gina,Gina).mpeg.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_de-de_16bd831fd16633be\brasilian beastiality hidden glans Ôï (Tatjana,Sonja).avi.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1202_none_d8a1416ab7cccdcf\indian handjob gang bang hot (!) legs redhair (Britney).rar.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.1_none_d12f2a9a88909fc2\american cum full movie hole ejaculation .avi.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.572_none_cf90e12518baac85\malaysia porn [milf] .mpeg.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_10.0.19041.1_none_ae957c4c35a7bf73\lingerie public balls .zip.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.1_none_a80cea873b2a6772\french lesbian catfight pregnant .mpeg.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.867_none_c29826784f9429f8\tyrkish handjob hidden (Karin,Sylvia).avi.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_en-us_8dd6053a0a5910eb\swedish porn fucking masturbation YEâPSè& (Jenna,Sylvia).mpg.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_d58d4747b1d5988c\italian cumshot full movie .mpg.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\xxx fucking several models leather (Christine).mpg.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_it-it_bdb6c49fcea35732\spanish kicking catfight titts (Sylvia).mpg.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_62312bfbb33d478a\animal nude uncut young (Jade,Gina).rar.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_5b152a8d329397ec\swedish animal action uncut boots (Samantha,Sonja).avi.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_9aa486d790131d4e\norwegian fetish cum [milf] feet .rar.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedpc-sharedpccsp_31bf3856ad364e35_10.0.19041.746_none_4cfe603abbcbfd86\spanish sperm big vagina black hairunshaved .avi.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_10.0.19041.1_none_551afa5edf8be30e\lingerie beastiality sleeping girly .mpeg.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Windows\SoftwareDistribution\Download\bukkake voyeur circumcision .rar.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_ab42fb092bda9182\tyrkish animal masturbation nipples .avi.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedpc-sharedpccsp_31bf3856ad364e35_10.0.19041.1_none_24f622f1fc5a3f3c\african porn bukkake sleeping (Karin).mpeg.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..ces-ime-eashared-lm_31bf3856ad364e35_10.0.19041.1_none_4756d423b091d10b\russian gay catfight sm .mpeg.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_2610450c30b37cc4\russian xxx public (Ashley,Sonja).mpg.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-security-ntlmshared_31bf3856ad364e35_10.0.19041.1_none_7d9dab4e456449b1\fucking beast full movie .avi.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1_none_3cfd44d351b1a8ab\american horse nude full movie .mpeg.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_887b2378b7b5651d\beast gay [bangbus] nipples wifey .avi.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..-kf-commondownloads_31bf3856ad364e35_10.0.19041.1_none_a914e3e3f19ceda1\german lingerie horse [bangbus] penetration .zip.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Windows\WinSxS\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_10.0.19041.1_none_0341fea186758116\brasilian xxx [milf] (Sandy).mpeg.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Windows\assembly\temp\italian fucking horse several models legs shoes .mpeg.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\italian kicking cum big 40+ .rar.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.84_none_81616275259e37fe\nude cum public legs swallow .zip.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_it-it_1a80ce63d483fe70\xxx fucking uncut titts hotel .mpg.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_ca03036af4a5017e\italian blowjob horse full movie glans fishy .rar.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\horse bukkake lesbian (Jade).rar.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\norwegian beast several models 40+ .mpeg.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_de-de_bc04d4fbcc35e12a\kicking hot (!) gorgeoushorny .avi.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.1_none_c6da8048542fddc7\spanish trambling animal [bangbus] .mpeg.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_b1ffa0e7b4ed03e2\spanish hardcore hot (!) stockings .zip.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_de-de_3d077a9cd5de5151\french cumshot porn voyeur hairy .zip.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_93c5f32b7859ec4f\porn full movie hotel (Karin).zip.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Windows\SoftwareDistribution\Download\SharedFileCache\horse porn voyeur ash .mpg.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_4c786ae2f508e6d5\italian beast [milf] hairy .zip.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_855aff45853749ef\french cum lesbian femdom .mpeg.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_10.0.19041.1_none_bd731e5b85dd203e\american animal beastiality girls feet mistress .mpeg.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.84_none_cee95e04c201c860\sperm licking upskirt .avi.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\templates\italian fetish sperm public (Sonja,Sonja).rar.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_it-it_56adcc94becfef03\japanese kicking lesbian mistress .zip.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.1_none_0bc0f3d4cd7dc8fd\italian xxx uncut castration (Anniston,Sonja).rar.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.1_none_6e0e425bd0e83959\swedish cum uncut .mpg.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_833abdc06c68d338\animal lesbian licking feet bondage .zip.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_6242879b1c08046f\canadian lesbian cum several models redhair (Sonja).mpeg.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\beast full movie (Sonja,Anniston).rar.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_es-es_30d7585a049f5b52\bukkake beastiality [free] fishy .mpeg.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_10.0.19041.1_none_4ac6500cab2b2113\cumshot horse girls mature (Curtney).avi.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_bca64d70c79f104b\blowjob xxx several models .mpeg.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\danish kicking several models ash ¼ë .mpeg.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_10.0.19041.1_none_8c0b126c198fcf70\tyrkish beastiality licking (Sonja,Sonja).mpg.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.746_none_96167fa49059f7a3\brasilian horse [bangbus] circumcision (Sonja,Sylvia).avi.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.1_none_4a03fd12cb3f16c2\spanish sperm hidden upskirt (Sonja).rar.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Windows\PLA\Templates\danish action public (Sarah,Sonja).avi.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_bfae5918c0443f83\norwegian porn action masturbation .mpeg.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.928_none_33e0d5558cdd7c61\cum masturbation 40+ .mpeg.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1080 wrote to memory of 3752 N/A C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe
PID 1080 wrote to memory of 3752 N/A C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe
PID 1080 wrote to memory of 3752 N/A C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe
PID 1080 wrote to memory of 4792 N/A C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe
PID 1080 wrote to memory of 4792 N/A C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe
PID 1080 wrote to memory of 4792 N/A C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe
PID 3752 wrote to memory of 4512 N/A C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe
PID 3752 wrote to memory of 4512 N/A C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe
PID 3752 wrote to memory of 4512 N/A C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe

Processes

C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe

"C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe"

C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe

"C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe"

C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe

"C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe"

C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe

"C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 241.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 159.113.53.23.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 249.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 91.16.208.104.in-addr.arpa udp

Files

memory/1080-0-0x0000000000400000-0x000000000041E000-memory.dmp

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\indian fetish masturbation legs wifey .avi.exe

MD5 70f849b6f7414ed5e17e85e2737f498e
SHA1 288d57ca8973f8438e16a8ef208cbb4d5ce4270a
SHA256 e548866f48ddc10f0e800fa894e343e500a82b4bdae68b0d4adf84e88967949a
SHA512 edbe9445009b32d639bf03a62bf0a497cfd410df72c20dbd915b814a45378c242777ec52142fd246e05c47aeb41ed0e195b9ff3d314174d96f31e0cc4d722924

memory/3752-12-0x0000000000400000-0x000000000041E000-memory.dmp

memory/4792-13-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1080-25-0x0000000000400000-0x000000000041E000-memory.dmp

memory/3752-34-0x0000000000400000-0x000000000041E000-memory.dmp

memory/4792-37-0x0000000000400000-0x000000000041E000-memory.dmp

memory/4512-38-0x0000000000400000-0x000000000041E000-memory.dmp