Malware Analysis Report

2024-11-15 06:07

Sample ID 240407-x15kfacd99
Target 223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd
SHA256 223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd
Tags
persistence spyware stealer upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd

Threat Level: Known bad

The file 223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd was found to be: Known bad.

Malicious Activity Summary

persistence spyware stealer upx

UPX dump on OEP (original entry point)

UPX dump on OEP (original entry point)

Detects executables containing possible sandbox analysis VM usernames

Reads user/profile data of web browsers

UPX packed file

Checks computer location settings

Adds Run key to start application

Enumerates connected drives

Drops file in System32 directory

Drops file in Program Files directory

Drops file in Windows directory

Unsigned PE

Enumerates physical storage devices

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-07 19:20

Signatures

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-04-07 19:20

Reported

2024-04-07 19:23

Platform

win10v2004-20240226-en

Max time kernel

168s

Max time network

174s

Command Line

"C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe"

Signatures

Detects executables containing possible sandbox analysis VM usernames

Description Indicator Process Target
N/A N/A N/A N/A

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\IME\SHARED\lesbian animal [bangbus] cock hairy .mpg.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\fetish kicking [free] (Jade).rar.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\fucking blowjob voyeur nipples sweet .mpg.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\fetish blowjob licking .avi.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Windows\SysWOW64\IME\SHARED\african fucking girls 50+ .avi.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\nude action sleeping hairy .mpg.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\american horse uncut (Sandy,Ashley).avi.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\horse full movie young (Christine).mpg.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Windows\System32\DriverStore\Temp\porn action hot (!) circumcision .mpeg.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\lesbian trambling lesbian .mpg.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Windows\System32\LogFiles\Fax\Incoming\asian blowjob horse catfight penetration .avi.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\chinese animal bukkake [free] .zip.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\danish lesbian [milf] legs .mpeg.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\spanish xxx porn catfight traffic (Christine).zip.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Program Files\Common Files\microsoft shared\cumshot [free] upskirt (Britney,Curtney).rar.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\malaysia beast animal masturbation redhair .mpg.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\norwegian gang bang sleeping boobs granny (Sonja).mpg.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\malaysia xxx lesbian nipples ejaculation (Jenna,Sarah).avi.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\beast full movie (Karin,Kathrin).mpeg.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\asian beast fetish big circumcision .zip.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Program Files\Microsoft Office\Updates\Download\danish lesbian lesbian uncut circumcision .mpeg.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\horse gay lesbian penetration .avi.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Program Files (x86)\Google\Update\Download\japanese sperm beastiality public feet .avi.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\brasilian bukkake masturbation circumcision (Jenna).zip.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Program Files\dotnet\shared\gay cumshot girls glans circumcision (Ashley).mpeg.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\american nude masturbation (Christine).zip.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\porn beastiality masturbation granny .avi.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Program Files\Windows Sidebar\Shared Gadgets\french cum animal [bangbus] .rar.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\french horse blowjob [free] ash hotel (Gina,Britney).avi.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Program Files (x86)\Google\Temp\lesbian licking .mpeg.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedrealitysvc_31bf3856ad364e35_10.0.19041.1_none_5a23b464e1e0b15e\american kicking sleeping .rar.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Windows\WinSxS\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_10.0.19041.1_none_0341fea186758116\tyrkish horse sperm [milf] fishy .zip.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_f8d34ba1b1eb00de\tyrkish hardcore voyeur (Janette).mpeg.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Windows\SoftwareDistribution\Download\porn girls castration .avi.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-m..ineshared.resources_31bf3856ad364e35_10.0.19041.1_en-us_99ddc8ce8d3d6dac\horse animal [bangbus] nipples leather (Sonja).mpg.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_57eddd48e7a74274\gay kicking [free] cock 40+ (Sylvia,Gina).zip.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_10.0.19041.1_none_4ac6500cab2b2113\lingerie porn girls ash boots .avi.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Windows\InputMethod\SHARED\british cumshot kicking girls circumcision (Christine).mpeg.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\indian beastiality masturbation .avi.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.867_none_c29826784f9429f8\american action fetish [free] feet .mpg.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_89c0bf1761110f07\brasilian hardcore horse licking .mpeg.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_es-es_8da1621e0a800290\sperm licking shower .avi.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\gay hot (!) cock leather .mpg.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Windows\SoftwareDistribution\Download\SharedFileCache\italian sperm catfight legs ash (Kathrin).rar.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-m..ineshared.resources_31bf3856ad364e35_10.0.19041.1_en-us_a4327320c19e2fa7\russian nude several models YEâPSè& .zip.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-security-ntlmshared_31bf3856ad364e35_10.0.19041.1_none_7d9dab4e456449b1\lesbian sperm [bangbus] boobs .zip.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_5abbd3c4a3f2014c\animal horse uncut .mpg.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_10.0.19041.1_none_91025638be651781\indian beastiality several models .rar.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_6c6bd34f082a97f1\beastiality [bangbus] circumcision .mpg.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.844_none_67b5915b5651dd8a\black blowjob public nipples .zip.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_5af076e0a3cb0fa7\cumshot [free] high heels (Sonja).avi.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_it-it_bdb6c49fcea35732\bukkake full movie circumcision .avi.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Windows\WinSxS\amd64_netfx4-installsqlstatetemplate_sql_b03f5f7f11d50a3a_4.0.15805.0_none_7636d1cd418015c8\danish gang bang xxx public .mpg.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_8d8f6812a0c99533\hardcore kicking masturbation boots .mpeg.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\african trambling trambling big shower .avi.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\porn [bangbus] redhair .mpeg.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.746_none_a06b29f6c4bab99e\tyrkish gay voyeur .rar.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Windows\WinSxS\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_10.0.19041.1_none_15ba23b7f1e2b81b\brasilian beastiality uncut ash .rar.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_833abdc06c68d338\danish horse lesbian pregnant (Tatjana,Ashley).zip.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_10.0.19041.1_none_8c0b126c198fcf70\beast cumshot masturbation (Gina,Britney).rar.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedrealitysvc_31bf3856ad364e35_10.0.19041.746_none_822bf1ada1526fa8\black hardcore girls high heels .avi.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_7860bee9439c3ae7\danish handjob girls black hairunshaved .zip.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_2fe79eae2833b9b1\malaysia animal girls young .rar.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.1_none_fa09f84703cb02c5\swedish porn public .zip.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..acejoin-gptemplates_31bf3856ad364e35_10.0.19041.1_none_609f27436445f4da\animal horse [bangbus] lady (Ashley,Britney).mpg.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_67a96afcfa248327\brasilian hardcore gay sleeping sm (Ashley,Kathrin).mpg.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-composable-sharepicker_31bf3856ad364e35_10.0.19041.1_none_c87e96327faffd0e\action horse licking .zip.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d38ece58f77171b4\danish lingerie lesbian nipples 50+ (Karin).avi.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_10.0.19041.1_none_c513167c1d0a90dd\handjob animal sleeping balls .rar.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Windows\WinSxS\msil_microsoft.powershel..filedownloadmanager_31bf3856ad364e35_10.0.19041.1_none_cb69bad627df9263\black fucking catfight circumcision (Tatjana).mpeg.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_6c85d64de79e0985\tyrkish blowjob catfight mistress .mpg.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_de-de_e4e52f411b7b0526\canadian horse blowjob hidden boobs .mpg.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_ca03036af4a5017e\american nude bukkake masturbation blondie (Anniston).rar.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5021dd18efc0460c\british beast [bangbus] YEâPSè& (Sarah,Melissa).mpeg.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_f3b35d713ce0fc7f\beastiality big hairy .avi.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_it-it_4c5922428a6f2d08\spanish cumshot horse hidden nipples hotel .zip.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_de-de_881b257d159a5de8\british hardcore gang bang uncut feet shoes .rar.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ces-ime-eashared-lm_31bf3856ad364e35_10.0.19041.1_none_3d0229d17c310f10\xxx kicking licking .mpeg.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..mon-sharedresources_31bf3856ad364e35_10.0.19041.1_none_5417ea1f38dbb76b\action kicking full movie ash hotel (Gina,Curtney).mpg.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1288_none_6115038ba57fcb33\spanish xxx big castration .avi.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\russian sperm bukkake public sm (Gina,Melissa).mpg.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Windows\SystemResources\Windows.UI.ShellCommon\SharePickerUI\trambling [milf] (Sonja).zip.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..ces-ime-eashared-lm_31bf3856ad364e35_10.0.19041.1_none_4756d423b091d10b\canadian fucking trambling lesbian (Ashley).mpeg.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_fad1fa0072ef4a3a\british lingerie sleeping cock boots (Curtney,Ashley).avi.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.1_none_b201c2e68d8dbc0d\beast public ash .zip.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_10.0.19041.1_none_de1581e9a275faf8\fetish lesbian licking legs fishy .mpg.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_10.0.19041.1_none_bd731e5b85dd203e\canadian hardcore [milf] .rar.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_a4f93129c473df49\black porn licking ash .mpg.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.906_none_f962ab5f47e1e896\asian cum masturbation blondie .avi.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1_none_0b596e2a33be7d4c\lingerie girls glans (Melissa).mpg.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_8fafa997b9980bea\italian lesbian licking .avi.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_d58d4747b1d5988c\black fucking licking .zip.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_07787dd7ae0cf4f6\porn beast [bangbus] .mpeg.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Windows\WinSxS\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_10.0.19041.1_none_359f84f8e5af60e2\british kicking hot (!) (Tatjana,Tatjana).mpg.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2964 wrote to memory of 1088 N/A C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe
PID 2964 wrote to memory of 1088 N/A C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe
PID 2964 wrote to memory of 1088 N/A C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe
PID 2964 wrote to memory of 3328 N/A C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe
PID 2964 wrote to memory of 3328 N/A C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe
PID 2964 wrote to memory of 3328 N/A C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe
PID 1088 wrote to memory of 3804 N/A C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe
PID 1088 wrote to memory of 3804 N/A C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe
PID 1088 wrote to memory of 3804 N/A C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe

Processes

C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe

"C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe"

C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe

"C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe"

C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe

"C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe"

C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe

"C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe"

Network

Country Destination Domain Proto
US 138.91.171.81:80 tcp
US 8.8.8.8:53 79.121.231.20.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 68.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 121.118.77.104.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 159.113.53.23.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 93.65.42.20.in-addr.arpa udp
US 8.8.8.8:53 240.167.197.111.in-addr.arpa udp
US 8.8.8.8:53 67.238.38.70.in-addr.arpa udp
US 8.8.8.8:53 50.32.61.110.in-addr.arpa udp
US 8.8.8.8:53 175.167.46.11.in-addr.arpa udp
US 8.8.8.8:53 3.196.71.239.in-addr.arpa udp
US 8.8.8.8:53 226.151.37.18.in-addr.arpa udp
US 8.8.8.8:53 209.87.143.120.in-addr.arpa udp
US 8.8.8.8:53 109.142.69.40.in-addr.arpa udp
US 8.8.8.8:53 66.60.131.224.in-addr.arpa udp

Files

memory/2964-0-0x0000000000400000-0x0000000000429000-memory.dmp

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\malaysia beast animal masturbation redhair .mpg.exe

MD5 8239647316019ec99ad75e72025105e4
SHA1 afe81005e0b64aaead84f7d5dc4032e05d95db24
SHA256 572e50a68aaa63d5433f4a8675590487722a8926eb21c185de6d21f1d1f9cacb
SHA512 c5dc8879105d6348c302df75d8276f55e45dacba2a6b151d3b9793fbbd6ed30675f17ef342add3cf96e33f7d0b0056fd38c01b42775a90c8fb54a2071b8b4e67

memory/1088-12-0x0000000000400000-0x0000000000429000-memory.dmp

memory/3328-33-0x0000000000400000-0x0000000000429000-memory.dmp

memory/3804-35-0x0000000000400000-0x0000000000429000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-07 19:20

Reported

2024-04-07 19:22

Platform

win7-20231129-en

Max time kernel

150s

Max time network

146s

Command Line

"C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe"

Signatures

Detects executables containing possible sandbox analysis VM usernames

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\config\systemprofile\japanese cumshot blowjob several models pregnant (Sonja,Sarah).rar.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\indian cumshot beast [free] (Melissa).mpg.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Windows\SysWOW64\IME\shared\tyrkish fetish horse full movie castration .avi.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\tyrkish animal fucking public 50+ .rar.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Windows\System32\DriverStore\Temp\beast big sweet .rar.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\hardcore hidden (Janette).mpeg.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Windows\System32\LogFiles\Fax\Incoming\beast sleeping sm (Sandy,Sarah).zip.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\japanese gang bang blowjob full movie (Jade).avi.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\beast hot (!) glans bondage (Sarah).zip.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Windows\SysWOW64\IME\shared\brasilian cumshot trambling lesbian .zip.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\DVD Maker\Shared\swedish beastiality lesbian uncut .mpg.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Program Files (x86)\Google\Update\Download\danish gang bang horse [bangbus] (Tatjana).mpeg.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\sperm full movie glans (Gina,Curtney).mpg.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Program Files\Windows Sidebar\Shared Gadgets\lingerie [free] wifey .zip.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\american gang bang sperm full movie redhair .avi.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\fucking several models redhair .mpg.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\american nude fucking [milf] .mpeg.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\brasilian porn trambling hidden 50+ .mpeg.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\black kicking blowjob licking traffic .avi.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\hardcore licking beautyfull .zip.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\lesbian licking shoes (Gina,Janette).mpeg.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Program Files\Windows Journal\Templates\italian beastiality blowjob lesbian hotel .rar.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\indian horse fucking [free] hole .mpeg.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Program Files (x86)\Google\Temp\japanese animal lingerie masturbation .zip.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\gay [bangbus] .avi.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\trambling big granny (Sonja,Karin).rar.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_6f0f7833cb71e18d\british lingerie girls titts ash (Melissa).rar.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_en-us_00f45b041e1e8fd3\canadian hardcore several models stockings .zip.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_es-es_00bfb7e81e458178\japanese handjob lesbian sleeping hole sm .avi.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0ac4ebfc358e5ec0\brasilian animal blowjob masturbation hotel .avi.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Windows\winsxs\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_dba3691c6002e10e\british fucking public hole .avi.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_7bfdfb15e7184c41\cum xxx several models cock latex .rar.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Windows\PLA\Templates\brasilian porn bukkake several models hole (Christine,Liz).mpg.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_aea650787d30ed8a\swedish porn sperm lesbian feet (Jenna,Curtney).rar.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_05ea1d9b8e2bf020\malaysia fucking licking cock (Jenna,Tatjana).zip.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\fucking hot (!) glans wifey .mpg.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8c6fc5a7aa8c435d\beast licking feet upskirt (Melissa).mpeg.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8d9f242de8497d58\nude gay sleeping .avi.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_9498b282333b64ec\porn xxx voyeur 40+ .rar.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\hardcore several models latex .avi.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-m..-temptable-provider_31bf3856ad364e35_6.1.7600.16385_none_1dd3ce8d1e7524cd\fucking [bangbus] traffic (Kathrin,Liz).avi.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Windows\winsxs\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_16a2bb1dbab1c595\kicking horse girls .mpg.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_657d9a203abeb154\british sperm several models feet sweet (Karin).avi.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_94828572f7ddbf0f\horse blowjob catfight ìï .mpeg.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\trambling girls cock .mpg.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\horse lesbian .zip.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\fucking lesbian cock stockings (Curtney).rar.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\gay masturbation titts .rar.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_293ea1e3e6bc5364\hardcore [milf] feet ejaculation (Curtney).zip.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_99b74194b7347cab\malaysia lesbian full movie fishy (Britney,Tatjana).avi.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_095efe9c8261401e\italian cum beast hot (!) titts fishy .mpeg.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\fucking hot (!) cock Ôë (Karin).mpeg.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Windows\assembly\tmp\tyrkish beastiality blowjob [milf] (Curtney).rar.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\hardcore lesbian .rar.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_d81c96999f75bd77\german xxx voyeur upskirt (Jenna,Jade).zip.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ea4a469ab7713182\kicking sperm girls hole .rar.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Windows\winsxs\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_a945e2c500c90142\black nude gay lesbian YEâPSè& .mpg.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Windows\assembly\temp\trambling licking black hairunshaved (Britney,Liz).mpeg.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_1412267f4b3bb985\cumshot trambling hot (!) hole redhair (Liz).mpeg.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_60a2cbbf935c42b4\african sperm [bangbus] (Tatjana).zip.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_39c9d74ef2ad6c7b\german trambling uncut (Janette).avi.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8bc7919d3f36cee7\chinese horse catfight mature .rar.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_60c2504d62fd4f0e\fetish gay lesbian .rar.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Windows\winsxs\InstallTemp\horse masturbation black hairunshaved (Sonja,Sylvia).mpeg.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_6.1.7600.16385_none_2958d4a31d2ec64f\german lingerie sleeping cock shoes .mpeg.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\Downloads\brasilian animal xxx [milf] .zip.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Windows\security\templates\japanese cumshot bukkake hidden hole .zip.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b4aea777fe683838\nude fucking [bangbus] redhair .zip.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_f0ca3430257ea13f\american cum hardcore hot (!) glans .mpg.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\danish animal xxx masturbation glans boots .mpeg.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_387a16fe7addf3b6\lesbian uncut cock .rar.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_6.1.7600.16385_none_49dd84a06c7c8863\trambling catfight feet ash .avi.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_it-it_18a6fde3093acac7\asian horse catfight titts ejaculation .zip.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_6.1.7600.16385_none_5499606faffb3f9f\chinese xxx girls feet balls .zip.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\tyrkish animal hardcore [bangbus] gorgeoushorny .mpeg.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0993a1b8823a4e79\chinese trambling hidden beautyfull .rar.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Windows\SoftwareDistribution\Download\japanese cumshot blowjob catfight (Tatjana).avi.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5d9f7d70ed4643fd\sperm full movie hole (Jenna,Samantha).zip.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_de-de_5803850b2f40840e\tyrkish cumshot lesbian licking .mpeg.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ac16749b75335680\kicking lesbian masturbation blondie .avi.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\danish handjob sperm big cock circumcision (Tatjana).mpg.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_6.1.7600.16385_none_a727eb798dcfb185\swedish cum horse uncut lady .avi.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_79642285ffd2a388\animal lingerie catfight (Sarah).mpg.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_3c93ac15fd731acf\hardcore sleeping shoes (Anniston,Sarah).mpeg.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Windows\winsxs\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_5e4ff1f4cf2dee9b\canadian sperm [milf] cock redhair .avi.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\Downloads\fucking hot (!) glans blondie .zip.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e30b5ec05031d17d\porn hardcore voyeur hole .zip.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\tyrkish fetish beast lesbian cock (Jenna,Jade).avi.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_00225053e03f4c04\beast girls .avi.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 836 wrote to memory of 2516 N/A C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe
PID 836 wrote to memory of 2516 N/A C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe
PID 836 wrote to memory of 2516 N/A C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe
PID 836 wrote to memory of 2516 N/A C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe
PID 2516 wrote to memory of 2904 N/A C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe
PID 2516 wrote to memory of 2904 N/A C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe
PID 2516 wrote to memory of 2904 N/A C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe
PID 2516 wrote to memory of 2904 N/A C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe

Processes

C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe

"C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe"

C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe

"C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe"

C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe

"C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 66.193.31.103.in-addr.arpa udp
US 8.8.8.8:53 12.2.14.197.in-addr.arpa udp
US 8.8.8.8:53 94.254.1.220.in-addr.arpa udp
US 8.8.8.8:53 24.6.102.85.in-addr.arpa udp
US 8.8.8.8:53 59.3.64.165.in-addr.arpa udp
US 8.8.8.8:53 7.112.132.200.in-addr.arpa udp
US 8.8.8.8:53 250.162.217.176.in-addr.arpa udp
US 8.8.8.8:53 173.227.40.212.in-addr.arpa udp
US 8.8.8.8:53 243.218.204.15.in-addr.arpa udp
US 8.8.8.8:53 100.213.8.71.in-addr.arpa udp
US 8.8.8.8:53 134.85.72.92.in-addr.arpa udp
US 8.8.8.8:53 53.15.186.213.in-addr.arpa udp
US 8.8.8.8:53 93.56.148.146.in-addr.arpa udp
US 8.8.8.8:53 13.82.210.41.in-addr.arpa udp
US 8.8.8.8:53 222.194.165.152.in-addr.arpa udp
US 8.8.8.8:53 39.151.124.110.in-addr.arpa udp
US 8.8.8.8:53 203.210.81.69.in-addr.arpa udp
US 8.8.8.8:53 152.197.160.253.in-addr.arpa udp
US 8.8.8.8:53 116.106.54.194.in-addr.arpa udp
US 8.8.8.8:53 44.196.123.101.in-addr.arpa udp
US 8.8.8.8:53 254.104.62.113.in-addr.arpa udp
US 8.8.8.8:53 99.219.177.151.in-addr.arpa udp
US 8.8.8.8:53 62.246.68.37.in-addr.arpa udp
US 8.8.8.8:53 165.160.105.140.in-addr.arpa udp
US 8.8.8.8:53 229.134.218.55.in-addr.arpa udp
US 8.8.8.8:53 207.4.191.25.in-addr.arpa udp
US 8.8.8.8:53 233.210.8.170.in-addr.arpa udp
US 8.8.8.8:53 177.6.69.58.in-addr.arpa udp

Files

memory/836-0-0x0000000000400000-0x0000000000429000-memory.dmp

C:\Program Files\Windows Sidebar\Shared Gadgets\lingerie [free] wifey .zip.exe

MD5 4ab761d5e57ed38d44c6041f0127e58e
SHA1 8e1fbe6d54bd32d52c4633cb534bdff5eedf5058
SHA256 4fe9220b5ac9b953e54adf91dd54476c68bd21a43e1853619ef0d9f31d7fafe5
SHA512 57eedfadfab19014760336afa920aa4080b984bcc3c1e3fa5ec77741ca1e65bb54f167f1e4c95c99f3e7fa5742ab4e05d4f8bfe4c258ab08c76f40212e46fa83

memory/836-77-0x0000000004CD0000-0x0000000004CF9000-memory.dmp

memory/2516-78-0x0000000000400000-0x0000000000429000-memory.dmp

memory/2516-87-0x00000000045D0000-0x00000000045F9000-memory.dmp

memory/2904-88-0x0000000000400000-0x0000000000429000-memory.dmp