Malware Analysis Report

2024-11-15 06:06

Sample ID 240407-x8ap2acc9x
Target 266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864
SHA256 266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864
Tags
persistence spyware stealer upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864

Threat Level: Known bad

The file 266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864 was found to be: Known bad.

Malicious Activity Summary

persistence spyware stealer upx

UPX dump on OEP (original entry point)

UPX dump on OEP (original entry point)

Detects executables containing possible sandbox analysis VM usernames

Checks computer location settings

UPX packed file

Reads user/profile data of web browsers

Enumerates connected drives

Adds Run key to start application

Drops file in System32 directory

Drops file in Windows directory

Drops file in Program Files directory

Enumerates physical storage devices

Unsigned PE

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-07 19:30

Signatures

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-07 19:30

Reported

2024-04-07 19:33

Platform

win7-20240221-en

Max time kernel

150s

Max time network

159s

Command Line

"C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe"

Signatures

Detects executables containing possible sandbox analysis VM usernames

Description Indicator Process Target
N/A N/A N/A N/A

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\config\systemprofile\horse sperm [bangbus] .zip.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Windows\System32\DriverStore\Temp\bukkake [bangbus] femdom (Christine).zip.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\tyrkish porn licking blondie .rar.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\norwegian beast beastiality catfight feet castration (Christine).mpeg.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Windows\SysWOW64\IME\shared\fetish xxx hidden black hairunshaved .rar.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Windows\System32\LogFiles\Fax\Incoming\norwegian trambling public glans 40+ (Sandy,Curtney).avi.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\french cumshot horse licking .zip.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\cumshot girls ash .mpeg.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\kicking girls stockings .mpg.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Windows\SysWOW64\IME\shared\hardcore beastiality hot (!) stockings (Sonja).rar.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Common Files\microsoft shared\swedish xxx gay sleeping (Jenna,Anniston).zip.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\lesbian uncut .mpg.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\french bukkake gang bang several models circumcision .zip.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\african cumshot hot (!) .mpg.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Program Files\DVD Maker\Shared\danish horse sleeping titts .zip.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\chinese hardcore hot (!) YEâPSè& (Gina,Tatjana).zip.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\canadian cumshot masturbation titts penetration .mpg.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\black lingerie cumshot [bangbus] redhair (Anniston).avi.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Program Files\Windows Sidebar\Shared Gadgets\sperm lesbian lesbian upskirt (Sylvia).mpeg.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\malaysia horse hardcore [bangbus] lady .mpeg.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\chinese lesbian animal voyeur boobs upskirt .mpeg.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\sperm gang bang full movie ¤ã .mpeg.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Program Files\Windows Journal\Templates\sperm cum several models cock .zip.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Program Files (x86)\Google\Temp\russian kicking big stockings (Liz,Sonja).avi.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Program Files (x86)\Google\Update\Download\horse full movie nipples (Sylvia,Curtney).mpg.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\mssrv.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5d9f7d70ed4643fd\brasilian porn girls legs wifey .zip.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_de-de_5803850b2f40840e\russian fucking xxx catfight ash hairy .avi.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-m..-temptable-provider_31bf3856ad364e35_6.1.7600.16385_none_1dd3ce8d1e7524cd\kicking xxx several models vagina 40+ .avi.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_ddab3bcb3a4ffb45\italian kicking girls .avi.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_387a16fe7addf3b6\horse uncut young .mpeg.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\hardcore sperm [free] 50+ (Jenna).mpeg.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\lesbian sperm full movie feet .rar.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_99b74194b7347cab\gay uncut .avi.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_bcc167434bb9b3ea\brasilian lingerie licking .mpeg.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_00225053e03f4c04\norwegian trambling kicking catfight black hairunshaved .avi.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\lingerie cumshot licking pregnant .avi.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e30b5ec05031d17d\kicking [milf] .zip.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_6.1.7600.16385_none_2958d4a31d2ec64f\american horse beastiality voyeur gorgeoushorny .mpeg.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\italian horse lesbian [milf] .avi.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_34400a5790d1d336\russian beast voyeur (Christine,Kathrin).mpeg.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_79642285ffd2a388\animal voyeur boots .rar.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Windows\assembly\tmp\fetish handjob sleeping boobs leather .rar.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2fc4a33adb648f33\gay handjob girls circumcision (Anniston).avi.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_60c2504d62fd4f0e\norwegian fetish fetish [milf] (Liz).avi.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_60a2cbbf935c42b4\japanese fucking full movie boobs .zip.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Windows\winsxs\Temp\animal cum big ash gorgeoushorny .mpeg.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_6f0f7833cb71e18d\porn kicking big cock traffic .avi.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_es-es_00bfb7e81e458178\japanese cumshot lesbian [bangbus] gorgeoushorny .zip.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_6b16fa9f975e1109\action kicking [free] (Ashley).rar.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_4d274741486b900c\horse beastiality voyeur boots .zip.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\asian handjob girls ¤ã .mpeg.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_4fe2107fd06efdd8\sperm beastiality big .rar.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b4aea777fe683838\chinese handjob porn masturbation nipples shower (Sonja).avi.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_7f84cd98a7a56fd8\german handjob [milf] feet fishy (Gina,Sandy).avi.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_9498b282333b64ec\horse fetish uncut glans (Janette,Anniston).mpg.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_515dc677700303ec\animal big glans .rar.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\black xxx lingerie licking titts lady .zip.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\Downloads\lesbian sperm big hole young .mpeg.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_en-us_00f45b041e1e8fd3\chinese animal uncut sweet .rar.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_6.1.7600.16385_none_49dd84a06c7c8863\bukkake lesbian ash (Anniston,Samantha).avi.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_6208b91f46896156\bukkake gay lesbian castration .mpg.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Windows\winsxs\amd64_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_c26c5b8280c6af34\danish kicking xxx [bangbus] (Jade,Sarah).avi.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_aea650787d30ed8a\french gay public legs bondage .mpg.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\bukkake lesbian (Liz,Gina).zip.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_657d9a203abeb154\canadian horse full movie shower (Jade,Jenna).zip.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_095efe9c8261401e\cum girls fishy .zip.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8bfc34b93f0fdd42\cumshot horse masturbation ash (Curtney,Sarah).zip.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Windows\winsxs\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_a945e2c500c90142\french hardcore beastiality hidden .mpg.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_b7f38afb92de484f\fetish girls redhair .mpg.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\fucking cum lesbian .mpeg.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ad7c61fb28607522\tyrkish cumshot horse girls girly (Britney,Janette).zip.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8c6fc5a7aa8c435d\black blowjob uncut .rar.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8bc7919d3f36cee7\canadian handjob big legs swallow (Anniston,Sonja).rar.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_d8216ed3d8746200\tyrkish beastiality hardcore voyeur redhair .mpeg.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\brasilian action hidden legs beautyfull (Sandy,Sonja).rar.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ea4a469ab7713182\blowjob nude hidden cock leather .zip.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_cd2006602e5ee22e\asian handjob sperm full movie legs .mpeg.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\german gay [free] .rar.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Windows\security\templates\spanish nude sperm full movie ash lady (Melissa).mpg.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_f3c374fc18118ca2\lesbian lesbian public (Ashley,Anniston).mpeg.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\russian cumshot gay lesbian boobs .rar.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\gang bang hot (!) swallow (Melissa).avi.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\bukkake lesbian masturbation (Curtney,Tatjana).avi.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a3772de7111797da\norwegian horse voyeur .zip.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_7bfdfb15e7184c41\american gay horse hot (!) .avi.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\danish animal cumshot hot (!) .mpeg.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0835101f2d90c7b6\african hardcore blowjob public swallow (Melissa,Tatjana).mpeg.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5d6ada54ed6d35a2\action [bangbus] (Ashley,Gina).mpg.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2488 wrote to memory of 2564 N/A C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe
PID 2488 wrote to memory of 2564 N/A C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe
PID 2488 wrote to memory of 2564 N/A C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe
PID 2488 wrote to memory of 2564 N/A C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe
PID 2564 wrote to memory of 2480 N/A C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe
PID 2564 wrote to memory of 2480 N/A C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe
PID 2564 wrote to memory of 2480 N/A C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe
PID 2564 wrote to memory of 2480 N/A C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe
PID 2488 wrote to memory of 2948 N/A C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe
PID 2488 wrote to memory of 2948 N/A C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe
PID 2488 wrote to memory of 2948 N/A C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe
PID 2488 wrote to memory of 2948 N/A C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe

Processes

C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe

"C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe"

C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe

"C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe"

C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe

"C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe"

C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe

"C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 155.70.85.230.in-addr.arpa udp
US 8.8.8.8:53 130.191.121.58.in-addr.arpa udp
US 8.8.8.8:53 229.202.11.33.in-addr.arpa udp
US 8.8.8.8:53 6.177.59.232.in-addr.arpa udp
US 8.8.8.8:53 231.95.244.10.in-addr.arpa udp
US 8.8.8.8:53 62.46.92.237.in-addr.arpa udp
US 8.8.8.8:53 212.84.7.131.in-addr.arpa udp
US 8.8.8.8:53 238.96.67.234.in-addr.arpa udp
US 8.8.8.8:53 128.136.241.102.in-addr.arpa udp
US 8.8.8.8:53 240.10.100.95.in-addr.arpa udp
US 8.8.8.8:53 202.182.78.143.in-addr.arpa udp
US 8.8.8.8:53 144.5.221.122.in-addr.arpa udp
US 8.8.8.8:53 1.195.118.23.in-addr.arpa udp
US 8.8.8.8:53 186.245.134.184.in-addr.arpa udp
US 8.8.8.8:53 51.228.151.97.in-addr.arpa udp
US 8.8.8.8:53 96.21.160.213.in-addr.arpa udp
US 8.8.8.8:53 96.104.38.49.in-addr.arpa udp
US 8.8.8.8:53 125.133.95.33.in-addr.arpa udp
US 8.8.8.8:53 57.146.204.171.in-addr.arpa udp
US 8.8.8.8:53 223.149.118.121.in-addr.arpa udp
US 8.8.8.8:53 165.226.81.53.in-addr.arpa udp
US 8.8.8.8:53 144.24.8.211.in-addr.arpa udp
US 8.8.8.8:53 19.2.180.145.in-addr.arpa udp
US 8.8.8.8:53 141.51.162.71.in-addr.arpa udp

Files

memory/2488-0-0x0000000000400000-0x0000000000429000-memory.dmp

C:\Program Files\Windows Sidebar\Shared Gadgets\sperm lesbian lesbian upskirt (Sylvia).mpeg.exe

MD5 425bf41d412edfd59d64f5aeedb4bba5
SHA1 f6c3ee1f2ca875d41d697b18bd94387051241acb
SHA256 bb62fda051c4b97260583392f7479c3410cf79d6031616ff0b9e974d61009e04
SHA512 914f5332e6bee78de4f2c78dd50d7b01b1da720126c128c722c12b8785b5a2080b23c490d2e99c7318adb3fad4d4dce15478587a8d1c3dee2a274589e515a155

memory/2564-14-0x0000000000400000-0x0000000000429000-memory.dmp

memory/2480-54-0x0000000000400000-0x0000000000429000-memory.dmp

memory/2564-53-0x0000000004910000-0x0000000004939000-memory.dmp

memory/2488-55-0x0000000005240000-0x0000000005269000-memory.dmp

memory/2948-56-0x0000000000400000-0x0000000000429000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-04-07 19:30

Reported

2024-04-07 19:33

Platform

win10v2004-20240226-en

Max time kernel

151s

Max time network

155s

Command Line

"C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe"

Signatures

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\FxsTmp\lingerie voyeur .rar.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Windows\SysWOW64\IME\SHARED\black handjob sperm sleeping gorgeoushorny .rar.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\gay public tß (Jenna,Samantha).mpeg.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\indian horse gay hidden redhair .mpg.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Windows\System32\DriverStore\Temp\japanese horse blowjob hot (!) gorgeoushorny .avi.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Windows\SysWOW64\IME\SHARED\blowjob uncut hole femdom .mpeg.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Windows\System32\LogFiles\Fax\Incoming\black gang bang lesbian sleeping swallow .mpg.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\american nude lesbian [milf] circumcision .mpeg.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\tyrkish fetish fucking several models shoes .zip.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\swedish gang bang trambling [free] beautyfull (Anniston,Samantha).zip.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\indian animal blowjob full movie traffic (Sandy,Janette).rar.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\beastiality trambling several models .zip.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\italian porn sperm public beautyfull .rar.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\brasilian porn horse licking glans girly .avi.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Program Files\Common Files\microsoft shared\sperm sleeping (Sarah).rar.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Program Files\dotnet\shared\italian horse horse public bedroom .avi.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Program Files\Microsoft Office\Updates\Download\fucking full movie 50+ .mpeg.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\tyrkish kicking sperm [free] feet (Christine,Liz).zip.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\russian action beast uncut hole 50+ .zip.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Program Files (x86)\Google\Temp\sperm full movie fishy .mpeg.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Program Files (x86)\Google\Update\Download\american nude lingerie licking YEâPSè& .avi.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\japanese action fucking masturbation hotel .zip.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\russian cumshot gay catfight castration .mpg.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\indian horse horse public cock (Kathrin,Liz).rar.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Program Files\Windows Sidebar\Shared Gadgets\fucking sleeping castration .mpeg.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\fucking sleeping traffic .mpeg.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\american cum blowjob [bangbus] pregnant .avi.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\sperm big sm .mpeg.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\russian horse fucking [bangbus] gorgeoushorny .rar.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\lingerie [bangbus] fishy .rar.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.844_none_67b5915b5651dd8a\tyrkish beastiality hardcore several models mature (Christine,Janette).rar.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..se-shared-datafiles_31bf3856ad364e35_10.0.19041.1_none_2f5f00d280dce9f6\asian fucking lesbian glans .avi.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.867_none_c29826784f9429f8\trambling big pregnant .mpg.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\american gang bang gay masturbation cock latex .avi.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.1_none_0bc0f3d4cd7dc8fd\french beast several models (Sarah).rar.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.84_none_81616275259e37fe\animal horse voyeur (Janette).mpg.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_5d54c0aac5c3c12c\american beastiality hardcore full movie girly .mpg.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.746_none_d01527cffa9c25bc\animal gay lesbian high heels .mpg.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..s-ime-eashared-ihds_31bf3856ad364e35_10.0.19041.1_none_e8996b7d3512363f\lingerie masturbation glans hotel .avi.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Windows\SoftwareDistribution\Download\SharedFileCache\japanese cumshot xxx full movie .avi.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5021dd18efc0460c\nude xxx hidden feet .rar.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.867_en-us_49453482f1fb5356\gay masturbation (Curtney).mpg.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5fdc43acc1be690d\cumshot xxx licking titts .mpeg.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\Downloads\blowjob hidden sm .mpeg.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\lesbian public hole redhair (Curtney).avi.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Windows\SystemResources\Windows.UI.ShellCommon\SharePickerUI\blowjob sleeping feet .mpeg.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_de-de_881b257d159a5de8\italian action trambling several models feet bedroom .avi.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_f3b35d713ce0fc7f\french sperm several models feet .zip.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Windows\PLA\Templates\japanese horse lingerie girls cock bondage .avi.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_adfc5e0bfca53431\malaysia beast voyeur feet (Ashley,Samantha).zip.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_ab42fb092bda9182\french hardcore hot (!) mistress .rar.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\japanese fetish bukkake girls (Jade).mpeg.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\swedish cum lesbian masturbation blondie (Sandy,Jade).mpeg.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c3d467c525734eb3\lesbian full movie feet balls (Curtney).zip.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_it-it_bdb6c49fcea35732\german fucking catfight (Tatjana).avi.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Windows\assembly\tmp\lesbian sleeping cock sm (Melissa).avi.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_211cf1c632a13851\cumshot beast [milf] cock .mpeg.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_en-us_310bfb76047869ad\spanish xxx [bangbus] hole shower (Tatjana).mpeg.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_855aff45853749ef\horse hidden hole high heels (Jade).zip.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_9aa486d790131d4e\beast full movie swallow .mpg.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_215194e2327a46ac\indian nude horse hot (!) (Jade).mpeg.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Windows\InputMethod\SHARED\bukkake public titts sweet (Samantha).rar.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_4c786ae2f508e6d5\malaysia xxx voyeur black hairunshaved (Ashley,Liz).rar.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.746_none_2212358fc33cc10f\norwegian hardcore hot (!) cock .rar.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Windows\mssrv.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\templates\lingerie uncut .zip.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_cb389cf57d74d691\spanish xxx several models (Melissa).avi.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Windows\security\templates\lesbian catfight cock latex (Curtney).mpg.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_10.0.19041.1_none_de1581e9a275faf8\fetish blowjob [bangbus] cock .zip.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\Downloads\tyrkish cumshot horse full movie feet .zip.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\italian gang bang xxx girls .mpeg.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\bukkake girls (Janette).mpg.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_7860bee9439c3ae7\american nude fucking hot (!) leather .avi.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_5b152a8d329397ec\american animal beast [milf] (Curtney).rar.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_f07d4fae3e8e883f\brasilian fetish sperm big cock .mpeg.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_2fe79eae2833b9b1\tyrkish cumshot fucking sleeping cock ejaculation (Samantha).avi.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_57eddd48e7a74274\canadian trambling uncut glans 40+ (Liz).rar.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\danish animal trambling catfight 40+ .zip.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.1_none_fa09f84703cb02c5\african lesbian masturbation glans blondie .avi.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\brasilian action beast big hole .rar.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.928_none_33e0d5558cdd7c61\nude bukkake sleeping hole ejaculation .mpeg.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.789_en-us_58ebf9ecc407e3c0\french lesbian public titts .zip.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_1bbb9ab9fc52bac9\lesbian [bangbus] sweet .avi.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Windows\assembly\temp\swedish action beast [bangbus] hole hairy .avi.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_621728fcd3c9d5f6\beast [free] (Liz).avi.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-composable-sharepicker_31bf3856ad364e35_10.0.19041.1_none_c87e96327faffd0e\chinese beast voyeur girly .rar.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_833abdc06c68d338\african xxx [bangbus] glans upskirt .avi.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ces-ime-eashared-lm_31bf3856ad364e35_10.0.19041.1_none_3d0229d17c310f10\canadian trambling licking hole blondie .zip.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Windows\SystemResources\Windows.ShellCommon.SharedResources\american cum bukkake voyeur feet .mpeg.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\gay catfight traffic (Ashley,Curtney).avi.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Windows\CbsTemp\russian horse trambling [free] titts 50+ .zip.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_es-es_30d7585a049f5b52\chinese sperm [bangbus] (Liz).mpg.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-a..gement-uevtemplates_31bf3856ad364e35_10.0.19041.1_none_0d66b54875835a49\french bukkake licking .zip.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\italian cum fucking licking hole .avi.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3684 wrote to memory of 4680 N/A C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe
PID 3684 wrote to memory of 4680 N/A C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe
PID 3684 wrote to memory of 4680 N/A C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe
PID 3684 wrote to memory of 2008 N/A C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe
PID 3684 wrote to memory of 2008 N/A C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe
PID 3684 wrote to memory of 2008 N/A C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe
PID 4680 wrote to memory of 5076 N/A C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe
PID 4680 wrote to memory of 5076 N/A C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe
PID 4680 wrote to memory of 5076 N/A C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe

Processes

C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe

"C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe"

C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe

"C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe"

C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe

"C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe"

C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe

"C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 2.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 159.113.53.23.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 249.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 74.239.69.13.in-addr.arpa udp

Files

memory/3684-0-0x0000000000400000-0x0000000000429000-memory.dmp

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\japanese action fucking masturbation hotel .zip.exe

MD5 63c0cc9974ecafe692019433da143a4a
SHA1 f23c4dd0ea277e7978eeb5a004fd959bfb018b5a
SHA256 651a7e3eccbf1d2aab7c2cc42432ed10e35bc349d87c7f4bfaa215766fe178eb
SHA512 6ca50aa1db4a2a1bb5a9e822e98e338517cbb3ff69af127c37cde67769ae9351c3f682afc8d411400f0abc024e20661d5c064fdee740894db880f4d1ab8e6bfa

memory/4680-11-0x0000000000400000-0x0000000000429000-memory.dmp

memory/2008-13-0x0000000000400000-0x0000000000429000-memory.dmp

memory/5076-14-0x0000000000400000-0x0000000000429000-memory.dmp