Malware Analysis Report

2024-11-13 13:58

Sample ID 240407-y4tg1sde2z
Target 3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7
SHA256 3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7
Tags
upx persistence spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7

Threat Level: Known bad

The file 3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7 was found to be: Known bad.

Malicious Activity Summary

upx persistence spyware stealer

UPX dump on OEP (original entry point)

Detects executables containing possible sandbox analysis VM usernames

UPX dump on OEP (original entry point)

UPX packed file

Checks computer location settings

Reads user/profile data of web browsers

Enumerates connected drives

Adds Run key to start application

Drops file in System32 directory

Drops file in Windows directory

Drops file in Program Files directory

Enumerates physical storage devices

Unsigned PE

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-07 20:20

Signatures

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-07 20:20

Reported

2024-04-07 20:23

Platform

win7-20240221-en

Max time kernel

150s

Max time network

153s

Command Line

"C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe"

Signatures

Detects executables containing possible sandbox analysis VM usernames

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\LogFiles\Fax\Incoming\norwegian xxx hardcore lesbian .avi.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\canadian cumshot lesbian glans latex .avi.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\malaysia hardcore public legs .avi.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Windows\System32\DriverStore\Temp\fetish catfight stockings .zip.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\black horse voyeur hotel .rar.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Windows\SysWOW64\IME\shared\trambling lesbian legs .mpg.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Windows\SysWOW64\IME\shared\brasilian handjob girls (Melissa).mpg.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\cumshot fucking catfight granny (Janette).zip.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\lingerie beast public (Curtney).rar.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\nude masturbation 40+ .rar.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Google\Temp\animal catfight ash balls .mpeg.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\lingerie full movie girly .zip.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\lingerie lesbian voyeur titts (Sarah).rar.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\canadian fetish horse [bangbus] femdom (Ashley).rar.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\danish nude blowjob [milf] granny (Jade).rar.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\blowjob lesbian 40+ (Jade).zip.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\german gay gay girls hole latex .mpg.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\bukkake hot (!) .zip.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\hardcore full movie boobs (Sonja).avi.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\horse action public .rar.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Program Files\DVD Maker\Shared\japanese gay beastiality licking cock pregnant (Curtney,Janette).mpeg.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Program Files\Windows Sidebar\Shared Gadgets\horse full movie boobs hairy .avi.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Program Files (x86)\Google\Update\Download\cum masturbation upskirt (Sylvia,Tatjana).rar.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Program Files\Windows Journal\Templates\asian lesbian kicking full movie (Melissa,Jade).mpeg.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\porn full movie vagina girly .zip.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ad7c61fb28607522\french horse catfight .avi.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_05ea1d9b8e2bf020\animal [bangbus] 40+ (Anniston,Janette).rar.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_4d274741486b900c\swedish horse voyeur blondie .avi.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\american gang bang cum hidden (Britney).zip.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_6.1.7600.16385_none_a727eb798dcfb185\canadian porn voyeur leather .zip.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5d6ada54ed6d35a2\porn kicking [milf] castration .rar.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_de-de_5803850b2f40840e\indian hardcore horse full movie .mpeg.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05\african action beastiality uncut titts .mpeg.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Windows\winsxs\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_5e4ff1f4cf2dee9b\beast action lesbian shoes .mpeg.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_79642285ffd2a388\animal [milf] (Melissa).mpeg.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_6.1.7600.16385_none_6377027f0030a06a\french cum fetish public cock .rar.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0ac4ebfc358e5ec0\malaysia xxx xxx several models (Sonja,Janette).zip.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_6f0f7833cb71e18d\swedish cum licking boobs (Liz,Sonja).mpg.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\Downloads\american beastiality catfight ash circumcision (Liz,Gina).mpeg.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_00225053e03f4c04\gang bang fetish [bangbus] latex (Samantha,Sonja).mpg.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_39c9d74ef2ad6c7b\asian blowjob bukkake masturbation .avi.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_60c2504d62fd4f0e\hardcore beast hot (!) .rar.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\spanish gay public .rar.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\Downloads\italian gang bang gang bang licking glans (Jenna).mpeg.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_it-it_18a6fde3093acac7\american gay [free] circumcision (Melissa).mpg.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_3d98a610fed70b75\nude voyeur .rar.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\norwegian porn masturbation (Liz,Tatjana).avi.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_ddab3bcb3a4ffb45\african fucking [milf] pregnant (Sonja).avi.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\russian gay voyeur (Gina,Britney).mpeg.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Windows\assembly\tmp\canadian cumshot fetish full movie feet pregnant .mpeg.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_9498b282333b64ec\italian animal [free] shoes (Tatjana,Kathrin).avi.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_6.1.7600.16385_none_2958d4a31d2ec64f\horse full movie (Britney,Ashley).mpg.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_664dbffec8693dfe\swedish horse licking .mpeg.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_657d9a203abeb154\cumshot public gorgeoushorny .mpg.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f25d066604c2ad34\spanish bukkake porn sleeping .zip.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8d9f242de8497d58\african fetish xxx [free] (Tatjana,Liz).mpg.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Windows\winsxs\x86_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_dd18b2a07d49aa11\handjob action full movie bondage (Christine).mpg.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\asian sperm cumshot lesbian fishy .mpg.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_60a2cbbf935c42b4\japanese porn fucking masturbation titts ash .zip.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Windows\SoftwareDistribution\Download\african xxx lesbian hidden sm .zip.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0835101f2d90c7b6\danish animal [bangbus] vagina latex (Curtney,Sarah).rar.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Windows\winsxs\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_16a2bb1dbab1c595\indian fucking horse big vagina .zip.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\spanish cumshot beastiality licking ash (Liz,Samantha).mpg.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\malaysia handjob [bangbus] sm .rar.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_es-es_00bfb7e81e458178\hardcore xxx licking bondage .mpeg.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Windows\winsxs\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_39374e2435a71b47\animal cumshot girls swallow .avi.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\sperm several models stockings .zip.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\norwegian beastiality girls high heels .rar.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_94828572f7ddbf0f\gang bang animal [bangbus] stockings .avi.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_en-us_00f45b041e1e8fd3\fetish masturbation hole .rar.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_1412267f4b3bb985\cumshot hot (!) shoes .mpg.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_aedaf3947d09fbe5\danish horse xxx several models .mpeg.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\american fetish masturbation vagina ejaculation (Karin,Liz).rar.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_97a45841ff925aa0\tyrkish animal hot (!) hole granny (Samantha).zip.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_34400a5790d1d336\kicking public glans stockings .zip.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\nude girls ash penetration .avi.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_bcc167434bb9b3ea\danish beast sleeping girly (Sonja).rar.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_6b16fa9f975e1109\norwegian fucking action licking .avi.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\canadian blowjob lesbian sm (Curtney).rar.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Windows\assembly\temp\french animal action girls hotel (Sarah).mpg.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_293ea1e3e6bc5364\malaysia porn girls (Tatjana).mpeg.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5d9f7d70ed4643fd\fetish girls vagina .mpeg.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_f3c374fc18118ca2\russian handjob animal licking .avi.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\gay sperm masturbation .mpeg.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\action sleeping (Janette,Tatjana).mpg.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_65b23d3c3a97bfaf\spanish kicking lesbian uncut ash fishy (Sylvia,Ashley).mpeg.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_6.1.7600.16385_none_49dd84a06c7c8863\danish blowjob gay several models penetration .avi.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_3c93ac15fd731acf\british sperm bukkake catfight (Jade).zip.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ac16749b75335680\brasilian porn horse girls cock ejaculation (Gina,Jade).rar.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 320 wrote to memory of 2832 N/A C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe
PID 320 wrote to memory of 2832 N/A C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe
PID 320 wrote to memory of 2832 N/A C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe
PID 320 wrote to memory of 2832 N/A C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe
PID 320 wrote to memory of 1768 N/A C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe
PID 320 wrote to memory of 1768 N/A C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe
PID 320 wrote to memory of 1768 N/A C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe
PID 320 wrote to memory of 1768 N/A C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe
PID 2832 wrote to memory of 2920 N/A C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe
PID 2832 wrote to memory of 2920 N/A C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe
PID 2832 wrote to memory of 2920 N/A C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe
PID 2832 wrote to memory of 2920 N/A C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe

Processes

C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe

"C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe"

C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe

"C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe"

C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe

"C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe"

C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe

"C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 30.74.126.24.in-addr.arpa udp
US 8.8.8.8:53 66.96.132.7.in-addr.arpa udp
US 8.8.8.8:53 213.97.13.88.in-addr.arpa udp
US 8.8.8.8:53 123.202.160.108.in-addr.arpa udp
US 8.8.8.8:53 152.165.101.238.in-addr.arpa udp
US 8.8.8.8:53 102.67.11.56.in-addr.arpa udp
US 8.8.8.8:53 16.72.108.68.in-addr.arpa udp
US 8.8.8.8:53 141.231.138.134.in-addr.arpa udp
US 8.8.8.8:53 240.176.176.114.in-addr.arpa udp
US 8.8.8.8:53 221.235.41.213.in-addr.arpa udp
US 8.8.8.8:53 76.198.225.97.in-addr.arpa udp
US 8.8.8.8:53 234.121.242.114.in-addr.arpa udp
US 8.8.8.8:53 141.74.213.235.in-addr.arpa udp
US 8.8.8.8:53 146.24.144.157.in-addr.arpa udp
US 8.8.8.8:53 74.75.46.223.in-addr.arpa udp
US 8.8.8.8:53 33.189.35.130.in-addr.arpa udp
US 8.8.8.8:53 27.213.110.144.in-addr.arpa udp
US 8.8.8.8:53 42.233.237.28.in-addr.arpa udp
US 8.8.8.8:53 234.9.94.24.in-addr.arpa udp
US 8.8.8.8:53 19.132.180.82.in-addr.arpa udp

Files

memory/320-0-0x0000000000400000-0x000000000041E000-memory.dmp

C:\Program Files\Windows Sidebar\Shared Gadgets\horse full movie boobs hairy .avi.exe

MD5 ab6a7e90246a1964ac125f96c30a26e6
SHA1 3290ca8a28f50454e5084fa89cc4c158ccebc300
SHA256 eb23d81e336316676295e05f6628cd18760b0778fd9470dbf4d4601d4e4f4f5b
SHA512 ec318e19bfbd12a6057f53940c9c85cdf1024bb97d8ade960d99bbdd3258a24c5f06390ebe7f45ad4b8492afecd55705f75c9e84d5f87f44efbcbd5532abab39

memory/320-38-0x0000000004D90000-0x0000000004DAE000-memory.dmp

memory/2832-40-0x0000000000400000-0x000000000041E000-memory.dmp

memory/320-66-0x0000000004DA0000-0x0000000004DBE000-memory.dmp

memory/2832-68-0x0000000001E90000-0x0000000001EAE000-memory.dmp

memory/1768-67-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2920-69-0x0000000000400000-0x000000000041E000-memory.dmp

memory/320-93-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1768-95-0x0000000000400000-0x000000000041E000-memory.dmp

memory/320-97-0x0000000000400000-0x000000000041E000-memory.dmp

memory/320-98-0x0000000000400000-0x000000000041E000-memory.dmp

memory/320-100-0x0000000004D90000-0x0000000004DAE000-memory.dmp

memory/320-101-0x0000000004DA0000-0x0000000004DBE000-memory.dmp

memory/320-104-0x0000000000400000-0x000000000041E000-memory.dmp

memory/320-109-0x0000000000400000-0x000000000041E000-memory.dmp

memory/320-123-0x0000000000400000-0x000000000041E000-memory.dmp

memory/320-127-0x0000000000400000-0x000000000041E000-memory.dmp

memory/320-131-0x0000000000400000-0x000000000041E000-memory.dmp

memory/320-135-0x0000000000400000-0x000000000041E000-memory.dmp

memory/320-141-0x0000000000400000-0x000000000041E000-memory.dmp

memory/320-145-0x0000000000400000-0x000000000041E000-memory.dmp

memory/320-149-0x0000000000400000-0x000000000041E000-memory.dmp

memory/320-153-0x0000000000400000-0x000000000041E000-memory.dmp

memory/320-157-0x0000000000400000-0x000000000041E000-memory.dmp

memory/320-161-0x0000000000400000-0x000000000041E000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-04-07 20:20

Reported

2024-04-07 20:23

Platform

win10v2004-20240226-en

Max time kernel

151s

Max time network

155s

Command Line

"C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe"

Signatures

Detects executables containing possible sandbox analysis VM usernames

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\IME\SHARED\trambling [free] cock sweet .rar.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\swedish cumshot blowjob girls (Tatjana).rar.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\beast lesbian cock (Sonja,Melissa).mpg.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Windows\System32\DriverStore\Temp\trambling masturbation hole .avi.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\russian porn trambling lesbian titts circumcision .zip.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\indian beastiality fucking uncut .mpg.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\beast girls swallow .zip.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\lingerie girls titts .rar.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Windows\SysWOW64\IME\SHARED\beast uncut blondie .zip.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\italian kicking bukkake masturbation stockings .rar.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\beast [milf] balls .zip.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Windows\System32\LogFiles\Fax\Incoming\danish fetish beast [milf] .rar.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Microsoft\Temp\tyrkish beastiality bukkake sleeping .mpeg.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\black gang bang blowjob girls castration .avi.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\american porn xxx [bangbus] glans stockings (Sylvia).mpg.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\fetish blowjob uncut stockings (Gina,Melissa).zip.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Program Files (x86)\Google\Update\Download\gay catfight titts latex .zip.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\italian beastiality xxx licking titts circumcision .mpg.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\japanese nude horse licking (Melissa).avi.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Program Files\Microsoft Office\Updates\Download\italian porn horse public stockings .rar.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\swedish gang bang lingerie several models hole upskirt .mpeg.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\danish porn lingerie [free] stockings .mpeg.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Program Files (x86)\Google\Temp\indian cumshot bukkake voyeur feet sm .avi.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Program Files\Common Files\microsoft shared\tyrkish animal lesbian hidden .mpg.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Program Files\dotnet\shared\lesbian masturbation (Jade).avi.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\beast sleeping ¼ë .rar.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\bukkake several models (Samantha).mpg.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\russian animal trambling masturbation .avi.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Program Files\Windows Sidebar\Shared Gadgets\sperm voyeur castration (Ashley,Curtney).rar.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\brasilian porn sperm [milf] ash .mpg.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\templates\black fetish bukkake licking .zip.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5021dd18efc0460c\spanish lesbian [milf] hairy (Jenna,Samantha).zip.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_5b152a8d329397ec\tyrkish action lesbian [bangbus] hole 40+ (Janette).mpg.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_4c786ae2f508e6d5\black cum trambling [free] fishy .avi.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\horse catfight hairy .zip.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_it-it_bdb6c49fcea35732\french gay uncut hole black hairunshaved (Melissa).mpg.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_5d54c0aac5c3c12c\beastiality lingerie public penetration .mpg.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ces-ime-eashared-lm_31bf3856ad364e35_10.0.19041.1_none_3d0229d17c310f10\british gay several models high heels (Sonja,Melissa).avi.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\indian gang bang beast [bangbus] (Jade).rar.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Windows\security\templates\russian gang bang lingerie lesbian .avi.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_adfc5e0bfca53431\chinese lesbian sleeping titts pregnant .zip.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.789_en-us_58ebf9ecc407e3c0\norwegian fucking masturbation hole upskirt .avi.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_833abdc06c68d338\american cumshot trambling hidden mistress .mpeg.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_62312bfbb33d478a\chinese lingerie catfight .mpg.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\black horse bukkake girls circumcision .mpeg.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Windows\SystemResources\Windows.ShellCommon.SharedResources\tyrkish kicking lesbian full movie hole .avi.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_cb389cf57d74d691\french trambling several models latex .zip.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.1_none_fa09f84703cb02c5\spanish lesbian [bangbus] pregnant .mpg.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1202_none_d8a1416ab7cccdcf\danish nude gay voyeur (Melissa).rar.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1288_none_ca3007304990b2ea\beastiality hardcore big hole blondie .rar.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\templates\swedish beastiality lingerie girls .avi.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Windows\PLA\Templates\indian cumshot trambling masturbation hole leather (Liz).mpg.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Windows\SoftwareDistribution\Download\SharedFileCache\italian gang bang beast full movie cock .mpg.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.1_none_0bc0f3d4cd7dc8fd\hardcore lesbian (Samantha).mpeg.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.1_none_a7ad1894592cfa12\russian cumshot gay full movie castration (Sonja,Sylvia).mpeg.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\indian animal hardcore lesbian circumcision .avi.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c3d467c525734eb3\horse beast sleeping titts traffic (Samantha).mpeg.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.84_none_81616275259e37fe\norwegian xxx big girly .avi.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..se-shared-datafiles_31bf3856ad364e35_10.0.19041.1_none_2f5f00d280dce9f6\chinese bukkake [milf] glans ejaculation (Sarah).zip.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\lesbian masturbation glans (Sonja,Samantha).zip.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_10.0.19041.1_none_de1581e9a275faf8\canadian sperm big granny .mpeg.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.844_none_67b5915b5651dd8a\blowjob girls .mpg.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.746_none_2212358fc33cc10f\tyrkish cum lingerie [free] girly .mpg.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_9aa486d790131d4e\beastiality beast voyeur (Tatjana).zip.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.153_none_e23c926e32d07dc1\sperm catfight cock hotel .mpeg.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1151_none_fbdc4c5f677dc2ec\beastiality beast full movie hairy .avi.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1_none_3cfd44d351b1a8ab\brasilian cum bukkake several models .zip.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d38ece58f77171b4\german xxx hot (!) .mpeg.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.906_none_ef0e010d1381269b\bukkake hidden leather .mpeg.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_7860bee9439c3ae7\indian horse xxx catfight cock hotel .mpg.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.928_none_33e0d5558cdd7c61\british gay full movie .rar.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.1_none_a80cea873b2a6772\nude lingerie several models YEâPSè& .zip.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.964_none_1c1a193f5bfcf136\black fetish blowjob public ash .rar.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Windows\CbsTemp\american gang bang fucking girls granny .mpg.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Windows\Downloaded Program Files\danish gang bang gay voyeur bedroom .mpg.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\Downloads\swedish cum bukkake several models high heels .mpg.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\Downloads\japanese handjob fucking sleeping titts shoes (Samantha).avi.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_215194e2327a46ac\spanish trambling girls cock young (Samantha).rar.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\swedish fetish trambling full movie swallow .zip.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Windows\assembly\tmp\gay lesbian feet traffic .rar.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\russian fetish gay [bangbus] titts femdom (Janette).mpeg.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_en-us_310bfb76047869ad\norwegian blowjob hot (!) Ôï .zip.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Windows\assembly\temp\fucking public sweet (Anniston,Samantha).rar.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-a..gement-uevtemplates_31bf3856ad364e35_10.0.19041.1_none_0d66b54875835a49\bukkake licking titts lady .avi.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_de-de_16bd831fd16633be\beastiality blowjob hidden 40+ .rar.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_ee7ea14f7d8a3ee3\gang bang horse public feet .avi.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.1_none_f42978969c79336a\japanese cum beast hot (!) hole .avi.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Windows\SystemResources\Windows.UI.ShellCommon\SharePickerUI\xxx catfight hole 50+ (Samantha).zip.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_es-es_30d7585a049f5b52\sperm masturbation titts (Britney,Sarah).rar.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_855aff45853749ef\beast big titts mistress .avi.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_f3b35d713ce0fc7f\handjob sperm several models glans circumcision .rar.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_1bbb9ab9fc52bac9\asian sperm [free] .avi.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_57eddd48e7a74274\hardcore [bangbus] .mpeg.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_10.0.19041.1_none_8c0b126c198fcf70\japanese horse bukkake hot (!) leather .rar.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2964 wrote to memory of 3336 N/A C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe
PID 2964 wrote to memory of 3336 N/A C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe
PID 2964 wrote to memory of 3336 N/A C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe
PID 2964 wrote to memory of 1292 N/A C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe
PID 2964 wrote to memory of 1292 N/A C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe
PID 2964 wrote to memory of 1292 N/A C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe
PID 3336 wrote to memory of 2676 N/A C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe
PID 3336 wrote to memory of 2676 N/A C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe
PID 3336 wrote to memory of 2676 N/A C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe

Processes

C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe

"C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe"

C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe

"C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe"

C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe

"C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe"

C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe

"C:\Users\Admin\AppData\Local\Temp\3f1410f25bf8713d59ed908f654e83ae29b4115abfb661a047f2c2bb025463b7.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 240.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 67.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 130.118.77.104.in-addr.arpa udp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 31.73.42.20.in-addr.arpa udp

Files

memory/2964-0-0x0000000000400000-0x000000000041E000-memory.dmp

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\italian beastiality xxx licking titts circumcision .mpg.exe

MD5 114afdfab6bd1ce579d3e1b5a622ecb9
SHA1 dd961b75c8f8a652f6c3bb4687e9829770fd8145
SHA256 becb15c9dd22547e72bbf0dd848912a20d82a71a9cb4c7e5a46f1cc710929739
SHA512 3c744ac79ffa4a11a01868acd0b85866c79b80efded1ef9e7d3d2605674b6712d770038d4ff48411d328602ea758f97d5a1ed71f9892d85f46223d08df4561e4

memory/2676-10-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2964-33-0x0000000000400000-0x000000000041E000-memory.dmp

memory/3336-39-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1292-145-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2676-146-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2964-147-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2964-148-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2964-152-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2964-177-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2964-187-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2964-191-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2964-195-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2964-199-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2964-204-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2964-209-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2964-223-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2964-227-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2964-231-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2964-235-0x0000000000400000-0x000000000041E000-memory.dmp