Malware Analysis Report

2024-11-13 13:58

Sample ID 240407-y729bsdf3y
Target 41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41
SHA256 41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41
Tags
persistence spyware stealer upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41

Threat Level: Known bad

The file 41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41 was found to be: Known bad.

Malicious Activity Summary

persistence spyware stealer upx

UPX dump on OEP (original entry point)

UPX dump on OEP (original entry point)

Detects executables containing possible sandbox analysis VM usernames

Checks computer location settings

Reads user/profile data of web browsers

UPX packed file

Adds Run key to start application

Enumerates connected drives

Drops file in System32 directory

Drops file in Program Files directory

Drops file in Windows directory

Unsigned PE

Enumerates physical storage devices

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-07 20:26

Signatures

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-04-07 20:26

Reported

2024-04-07 20:29

Platform

win10v2004-20240226-en

Max time kernel

151s

Max time network

155s

Command Line

"C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe"

Signatures

Detects executables containing possible sandbox analysis VM usernames

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\action kicking public .mpg.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\french beast sleeping boots (Sarah,Ashley).rar.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\porn full movie hole shoes .mpeg.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Windows\System32\DriverStore\Temp\indian action gang bang masturbation cock stockings (Janette,Curtney).avi.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\fucking beast catfight .mpeg.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\gang bang catfight young .rar.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\indian beast sleeping (Samantha).rar.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\beastiality gay voyeur .rar.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Windows\SysWOW64\IME\SHARED\beastiality [bangbus] traffic .mpg.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Windows\System32\LogFiles\Fax\Incoming\hardcore animal several models vagina 40+ .mpeg.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\fetish hot (!) .avi.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Windows\SysWOW64\IME\SHARED\gay several models .rar.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Common Files\Microsoft Shared\cumshot action masturbation high heels .avi.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Program Files (x86)\Google\Temp\hardcore lingerie uncut young .rar.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\gay cumshot [bangbus] mature .rar.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\kicking cumshot uncut cock latex .mpg.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Program Files\Windows Sidebar\Shared Gadgets\african action xxx uncut fishy .mpg.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\danish gang bang big pregnant (Melissa,Liz).avi.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\japanese fetish masturbation boobs hairy .mpeg.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\indian animal catfight .rar.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\chinese beast cum full movie lady (Sonja).zip.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Program Files\Microsoft Office\Updates\Download\british handjob trambling public ash sm (Janette).rar.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Program Files (x86)\Google\Update\Download\hardcore fucking uncut (Ashley).mpeg.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Program Files\dotnet\shared\bukkake porn girls feet femdom .zip.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\african trambling voyeur (Christine,Janette).zip.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\cum licking .rar.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\hardcore public .zip.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Program Files\Common Files\microsoft shared\asian hardcore uncut swallow (Sandy).mpg.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\sperm licking femdom (Tatjana).rar.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\fetish kicking voyeur hole 50+ .mpg.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\swedish trambling cum full movie (Gina).zip.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Windows\InputMethod\SHARED\kicking full movie titts fishy (Samantha,Sonja).avi.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\handjob lesbian lesbian boobs (Britney,Sandy).mpg.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.867_en-us_49453482f1fb5356\russian cum animal hot (!) wifey (Britney,Britney).rar.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\indian blowjob fetish hidden .zip.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_1bbb9ab9fc52bac9\brasilian horse [bangbus] mistress .avi.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.1_none_fa09f84703cb02c5\swedish lesbian handjob masturbation shower .mpeg.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\tyrkish fetish [free] granny .mpg.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Windows\SoftwareDistribution\Download\SharedFileCache\chinese nude full movie .rar.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..se-shared-datafiles_31bf3856ad364e35_10.0.19041.1_none_2f5f00d280dce9f6\beastiality sleeping boobs .mpg.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Windows\CbsTemp\spanish porn public (Anniston).mpg.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\swedish horse gang bang [milf] .rar.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-composable-sharepicker_31bf3856ad364e35_10.0.19041.1_none_c87e96327faffd0e\lesbian [milf] vagina bedroom .zip.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5fdc43acc1be690d\asian sperm lesbian masturbation titts ejaculation .mpg.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\Downloads\german kicking [bangbus] redhair .mpeg.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_2fe79eae2833b9b1\spanish gang bang lesbian girls bedroom (Jade).rar.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\japanese lingerie several models bedroom .mpg.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_215194e2327a46ac\beastiality masturbation shoes (Gina).mpg.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_211cf1c632a13851\kicking nude [milf] mature .mpeg.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-a..gement-uevtemplates_31bf3856ad364e35_10.0.19041.1_none_0d66b54875835a49\russian horse hot (!) boobs stockings (Curtney,Jade).avi.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_ab42fb092bda9182\danish gay animal hot (!) legs femdom .zip.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.746_none_d01527cffa9c25bc\hardcore horse masturbation .mpeg.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\canadian horse xxx several models vagina granny .avi.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_en-us_310bfb76047869ad\indian gay girls ash fishy .avi.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_es-es_30d7585a049f5b52\cumshot cumshot girls gorgeoushorny .rar.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_855aff45853749ef\russian lesbian uncut gorgeoushorny .mpg.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\Downloads\spanish blowjob girls .zip.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Windows\SystemResources\Windows.ShellCommon.SharedResources\horse animal [milf] feet .avi.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Windows\SystemResources\Windows.UI.ShellCommon\SharePickerUI\hardcore bukkake several models .avi.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.1_none_0bc0f3d4cd7dc8fd\chinese cumshot nude voyeur legs .zip.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_it-it_bdb6c49fcea35732\danish lingerie trambling [bangbus] boobs 40+ .rar.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_cb389cf57d74d691\african hardcore [free] (Samantha,Sonja).mpg.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_57eddd48e7a74274\lingerie blowjob [free] latex .mpg.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Windows\Downloaded Program Files\norwegian lingerie girls nipples .avi.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Windows\security\templates\swedish gay girls penetration (Sandy,Gina).rar.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.84_none_81616275259e37fe\swedish gay catfight penetration (Britney,Gina).zip.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.746_none_2212358fc33cc10f\american sperm several models hotel .avi.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Windows\mssrv.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c3d467c525734eb3\indian porn girls nipples 50+ (Curtney,Anniston).mpg.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d38ece58f77171b4\malaysia fucking gang bang catfight 50+ .rar.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.789_en-us_58ebf9ecc407e3c0\beastiality public .rar.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.867_none_c29826784f9429f8\norwegian animal public stockings .rar.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\fetish sleeping boobs wifey .mpeg.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\danish beast [free] (Melissa).mpeg.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\german porn lesbian [milf] .zip.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_4c786ae2f508e6d5\animal animal sleeping .mpeg.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_f3b35d713ce0fc7f\lingerie sleeping nipples .rar.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_f07d4fae3e8e883f\british handjob girls hole traffic .rar.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..s-ime-eashared-ihds_31bf3856ad364e35_10.0.19041.1_none_e8996b7d3512363f\french horse action full movie boobs circumcision .avi.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Windows\PLA\Templates\beast uncut bondage .rar.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_adfc5e0bfca53431\sperm girls .mpg.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_5b152a8d329397ec\canadian handjob several models wifey .mpg.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.1_none_a80cea873b2a6772\italian cumshot bukkake hot (!) titts .rar.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_621728fcd3c9d5f6\german horse gang bang big latex .avi.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_7860bee9439c3ae7\lesbian lingerie voyeur (Gina).mpg.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_de-de_881b257d159a5de8\asian horse hot (!) penetration .zip.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_9aa486d790131d4e\swedish animal cumshot uncut ejaculation .mpeg.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\american sperm cumshot [milf] .mpeg.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\japanese gay licking .mpeg.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\templates\norwegian handjob licking legs redhair (Liz).mpeg.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\templates\japanese blowjob xxx big (Christine,Liz).zip.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.928_none_33e0d5558cdd7c61\tyrkish handjob horse masturbation ejaculation .zip.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.844_none_67b5915b5651dd8a\bukkake horse full movie hotel .mpg.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_5d54c0aac5c3c12c\kicking nude girls ash .mpg.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 320 wrote to memory of 2184 N/A C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe
PID 320 wrote to memory of 2184 N/A C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe
PID 320 wrote to memory of 2184 N/A C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe
PID 320 wrote to memory of 4588 N/A C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe
PID 320 wrote to memory of 4588 N/A C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe
PID 320 wrote to memory of 4588 N/A C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe
PID 2184 wrote to memory of 4352 N/A C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe
PID 2184 wrote to memory of 4352 N/A C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe
PID 2184 wrote to memory of 4352 N/A C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe

Processes

C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe

"C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe"

C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe

"C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe"

C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe

"C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe"

C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe

"C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 159.113.53.23.in-addr.arpa udp
US 8.8.8.8:53 134.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 121.118.77.104.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 240.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 91.16.208.104.in-addr.arpa udp

Files

memory/320-0-0x0000000000400000-0x000000000041F000-memory.dmp

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\kicking cumshot uncut cock latex .mpg.exe

MD5 e31d440e733f160b1608c143b96a45ae
SHA1 d4cce6f97508583d0e2305ec23e88b7b4b4677d0
SHA256 eeffe2986f7c9b2600d9cdddb58c15f94419fcb210b026439143066875c1be48
SHA512 52ec223b93a99f88ec9ed3d87308fff855dbf375b7b13ec9c2d55aca6562a6234303950f13fa19e662f43531d3542e35d32291260450fbe68a165f741f3802a2

memory/2184-11-0x0000000000400000-0x000000000041F000-memory.dmp

memory/4588-13-0x0000000000400000-0x000000000041F000-memory.dmp

memory/4352-14-0x0000000000400000-0x000000000041F000-memory.dmp

memory/320-16-0x0000000000400000-0x000000000041F000-memory.dmp

memory/2184-25-0x0000000000400000-0x000000000041F000-memory.dmp

memory/4588-30-0x0000000000400000-0x000000000041F000-memory.dmp

memory/4352-108-0x0000000000400000-0x000000000041F000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-07 20:26

Reported

2024-04-07 20:29

Platform

win7-20240215-en

Max time kernel

150s

Max time network

149s

Command Line

"C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe"

Signatures

Detects executables containing possible sandbox analysis VM usernames

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\danish kicking horse catfight cock femdom (Samantha).avi.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Windows\System32\LogFiles\Fax\Incoming\swedish gang bang fucking hidden YEâPSè& .mpg.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\horse lesbian 50+ .mpg.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\american porn lingerie hidden (Tatjana).mpg.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\fucking lesbian .avi.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Windows\SysWOW64\IME\shared\tyrkish kicking horse big (Jade).zip.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\brasilian nude blowjob catfight 50+ (Kathrin,Jade).rar.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Windows\System32\DriverStore\Temp\japanese porn hardcore licking .zip.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\british hardcore lesbian cock .mpg.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Windows\SysWOW64\IME\shared\danish cum gay uncut mistress (Anniston,Curtney).zip.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\japanese porn bukkake masturbation cock young (Sarah).zip.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\danish porn xxx hot (!) hole leather .zip.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\xxx hot (!) redhair .mpeg.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\black kicking gay big feet .mpeg.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Program Files\Windows Sidebar\Shared Gadgets\swedish cumshot lingerie voyeur feet femdom .mpeg.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\horse [free] .rar.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\fucking voyeur hole 40+ (Samantha).zip.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\gay [free] hole gorgeoushorny (Liz).mpg.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\lesbian voyeur glans upskirt (Jade).mpg.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\american fetish lesbian girls lady (Britney,Tatjana).zip.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\danish animal xxx [bangbus] .mpg.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Program Files\DVD Maker\Shared\japanese nude trambling sleeping glans bedroom .mpg.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Program Files (x86)\Google\Update\Download\japanese beastiality gay lesbian bedroom .mpg.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Program Files\Windows Journal\Templates\swedish fetish beast [bangbus] feet 40+ .mpeg.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Program Files (x86)\Google\Temp\russian cumshot bukkake public (Tatjana).zip.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ad7c61fb28607522\black action fucking masturbation bondage .avi.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Windows\SoftwareDistribution\Download\indian fetish xxx public cock balls (Sylvia).rar.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b4aea777fe683838\porn blowjob public .rar.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_bacc7ceffc55dca2\cumshot horse voyeur .rar.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_b7f38afb92de484f\fetish xxx girls ejaculation .mpeg.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Windows\Downloaded Program Files\black action trambling [milf] hole mature .zip.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_6.1.7600.16385_none_5499606faffb3f9f\german xxx big hole sweet .rar.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_515dc677700303ec\russian cum hardcore licking hole (Britney,Liz).zip.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_6b16fa9f975e1109\british lingerie lesbian femdom (Kathrin,Liz).mpg.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05\spanish hardcore hidden lady .avi.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f25d066604c2ad34\gay lesbian (Sylvia).mpg.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_en-us_00f45b041e1e8fd3\handjob lingerie lesbian hole hairy .avi.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_7f84cd98a7a56fd8\swedish handjob lingerie [free] lady .rar.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Windows\winsxs\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_16a2bb1dbab1c595\fetish bukkake public 40+ .avi.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_cd2006602e5ee22e\animal hardcore public cock fishy (Curtney).zip.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Windows\winsxs\x86_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_dd18b2a07d49aa11\horse hot (!) (Janette).avi.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_6.1.7600.16385_none_af6f98ff87b0e3cc\action fucking several models YEâPSè& .avi.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Windows\winsxs\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_39374e2435a71b47\french hardcore big titts 50+ .rar.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_963e6ae24c653bfe\brasilian porn trambling licking boots .mpg.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_d8216ed3d8746200\black animal horse several models (Samantha).rar.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Windows\mssrv.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_6.1.7600.16385_none_6377027f0030a06a\chinese lingerie masturbation (Sarah).mpeg.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_97a45841ff925aa0\trambling girls hole YEâPSè& .rar.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\blowjob full movie .mpg.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\gay sleeping glans YEâPSè& (Liz).mpg.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_293ea1e3e6bc5364\british bukkake sleeping (Janette).mpeg.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_60a2cbbf935c42b4\brasilian porn trambling masturbation cock sweet (Curtney).mpeg.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\canadian blowjob lesbian sweet .mpg.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Windows\winsxs\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_dba3691c6002e10e\russian action sperm [milf] titts granny .avi.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_3c93ac15fd731acf\asian fucking [bangbus] (Liz).zip.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Windows\winsxs\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_a945e2c500c90142\beastiality xxx public feet lady (Jade).mpeg.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_79642285ffd2a388\fucking uncut .zip.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\hardcore uncut hole wifey (Karin).mpeg.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Windows\assembly\tmp\japanese porn blowjob sleeping latex .rar.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_94828572f7ddbf0f\porn xxx public hole sm .avi.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_6.1.7600.16385_none_2958d4a31d2ec64f\gang bang trambling girls feet .zip.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0835101f2d90c7b6\cum beast girls ejaculation .mpeg.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8bc7919d3f36cee7\beastiality beast hot (!) hotel .avi.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_39c9d74ef2ad6c7b\french gay [free] 50+ .zip.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\danish kicking beast licking upskirt .avi.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Windows\winsxs\amd64_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_c26c5b8280c6af34\german trambling voyeur cock shower .mpg.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_94ab98ac6d213009\bukkake public latex .mpeg.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_6.1.7600.16385_none_a727eb798dcfb185\hardcore girls beautyfull (Sonja,Janette).mpeg.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Windows\winsxs\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_5e4ff1f4cf2dee9b\handjob lingerie voyeur cock lady .avi.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\tyrkish kicking trambling lesbian YEâPSè& (Britney,Sylvia).mpeg.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\lesbian catfight gorgeoushorny .zip.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Windows\winsxs\InstallTemp\british bukkake masturbation .mpeg.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_f3c374fc18118ca2\bukkake uncut ejaculation .rar.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_4d274741486b900c\fucking lesbian .mpeg.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\swedish nude bukkake [bangbus] .zip.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\japanese action horse lesbian (Melissa).rar.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8c6fc5a7aa8c435d\indian beastiality sperm hot (!) glans (Anniston,Sylvia).mpg.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_3d98a610fed70b75\malaysia bukkake hot (!) hole high heels (Karin).mpg.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\russian porn blowjob several models .zip.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2fc4a33adb648f33\canadian sperm [free] hole sweet (Samantha).mpg.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_05ea1d9b8e2bf020\french fucking sleeping glans pregnant .mpeg.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Windows\assembly\temp\black porn blowjob big (Melissa).zip.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5d9f7d70ed4643fd\cum lingerie uncut .mpg.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0af98f1835676d1b\beast catfight feet gorgeoushorny (Jade).rar.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\Downloads\norwegian gay voyeur .rar.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_4fe2107fd06efdd8\french lesbian several models cock pregnant .avi.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_3b85bcbe4734e96a\porn beast full movie titts pregnant .avi.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\japanese handjob sperm hot (!) titts .mpg.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\fucking hot (!) 40+ .zip.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2904 wrote to memory of 2112 N/A C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe
PID 2904 wrote to memory of 2112 N/A C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe
PID 2904 wrote to memory of 2112 N/A C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe
PID 2904 wrote to memory of 2112 N/A C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe
PID 2112 wrote to memory of 2628 N/A C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe
PID 2112 wrote to memory of 2628 N/A C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe
PID 2112 wrote to memory of 2628 N/A C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe
PID 2112 wrote to memory of 2628 N/A C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe

Processes

C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe

"C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe"

C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe

"C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe"

C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe

"C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 254.80.203.5.in-addr.arpa udp
US 8.8.8.8:53 129.49.204.32.in-addr.arpa udp
US 8.8.8.8:53 139.79.227.157.in-addr.arpa udp
US 8.8.8.8:53 250.96.131.241.in-addr.arpa udp
US 8.8.8.8:53 19.76.34.130.in-addr.arpa udp
US 8.8.8.8:53 7.253.85.239.in-addr.arpa udp
US 8.8.8.8:53 215.188.40.213.in-addr.arpa udp
US 8.8.8.8:53 15.180.229.146.in-addr.arpa udp
US 8.8.8.8:53 183.196.230.78.in-addr.arpa udp
US 8.8.8.8:53 154.48.60.22.in-addr.arpa udp
US 8.8.8.8:53 173.111.239.189.in-addr.arpa udp
US 8.8.8.8:53 6.157.118.216.in-addr.arpa udp
US 8.8.8.8:53 232.143.13.81.in-addr.arpa udp
US 8.8.8.8:53 40.1.111.208.in-addr.arpa udp
US 8.8.8.8:53 182.200.225.242.in-addr.arpa udp
US 8.8.8.8:53 253.116.150.51.in-addr.arpa udp
US 8.8.8.8:53 101.115.34.21.in-addr.arpa udp
US 8.8.8.8:53 121.50.208.3.in-addr.arpa udp
US 8.8.8.8:53 123.104.76.156.in-addr.arpa udp
US 8.8.8.8:53 164.51.181.70.in-addr.arpa udp
US 8.8.8.8:53 230.25.181.139.in-addr.arpa udp
US 8.8.8.8:53 176.5.249.53.in-addr.arpa udp
US 8.8.8.8:53 32.116.19.176.in-addr.arpa udp
US 8.8.8.8:53 225.170.181.182.in-addr.arpa udp
US 8.8.8.8:53 115.229.88.43.in-addr.arpa udp
US 8.8.8.8:53 12.155.137.187.in-addr.arpa udp
US 8.8.8.8:53 132.226.109.105.in-addr.arpa udp
US 8.8.8.8:53 15.252.130.99.in-addr.arpa udp
US 8.8.8.8:53 156.212.110.253.in-addr.arpa udp

Files

memory/2904-0-0x0000000000400000-0x000000000041F000-memory.dmp

C:\Program Files\Windows Sidebar\Shared Gadgets\swedish cumshot lingerie voyeur feet femdom .mpeg.exe

MD5 c1b228c83e7d6a7fe1a6f7d01e13c8e9
SHA1 27066bbb7445e0a619d0b251398fdbc6f2132b4f
SHA256 219762dd18e578ab22efd2540e416fde2f2a4a19802d2b0e3ecae513835a419b
SHA512 cf825946edd37b247c0def046cd394321b3b53e3d05defb70a40b0373999e03b507dfe86870868b8fe8612527f099cf39feb11d7c0c7039b56074b351595ed89

memory/2904-77-0x00000000050E0000-0x00000000050FF000-memory.dmp

memory/2112-78-0x0000000000400000-0x000000000041F000-memory.dmp

memory/2628-87-0x0000000000400000-0x000000000041F000-memory.dmp

memory/2112-86-0x0000000004CD0000-0x0000000004CEF000-memory.dmp

C:\debug.txt

MD5 53ba4ab99140914bbea8f39da178406b
SHA1 46185c8e68f6150e281b20206d27bd11e2c7135c
SHA256 3b661ad29bc6db4766ad9ec97f95043f949f6ebd487d9d13460285f68522fa9b
SHA512 eb415f5622242de4613504ce7290ecb47d92901880a61e108344c1a30aaf675e54a4c64665a93d769e372eb41d2e1f12f683ea4c24147c3ea6b1e0545e7d6ffd

memory/2904-104-0x0000000000400000-0x000000000041F000-memory.dmp

memory/2904-106-0x00000000050E0000-0x00000000050FF000-memory.dmp

memory/2112-107-0x0000000000400000-0x000000000041F000-memory.dmp

memory/2112-108-0x0000000004CD0000-0x0000000004CEF000-memory.dmp

memory/2628-109-0x0000000000400000-0x000000000041F000-memory.dmp