Malware Analysis Report

2024-11-13 13:57

Sample ID 240407-y7g86aea46
Target 415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3
SHA256 415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3
Tags
upx persistence spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3

Threat Level: Known bad

The file 415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3 was found to be: Known bad.

Malicious Activity Summary

upx persistence spyware stealer

UPX dump on OEP (original entry point)

UPX dump on OEP (original entry point)

Detects executables containing possible sandbox analysis VM usernames

UPX packed file

Checks computer location settings

Reads user/profile data of web browsers

Adds Run key to start application

Enumerates connected drives

Drops file in System32 directory

Drops file in Windows directory

Drops file in Program Files directory

Unsigned PE

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-07 20:25

Signatures

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-07 20:25

Reported

2024-04-07 20:28

Platform

win7-20240221-en

Max time kernel

150s

Max time network

153s

Command Line

"C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe"

Signatures

Detects executables containing possible sandbox analysis VM usernames

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\config\systemprofile\hardcore xxx masturbation .rar.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Windows\SysWOW64\IME\shared\sperm animal big .avi.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Windows\System32\LogFiles\Fax\Incoming\trambling several models (Sonja).mpg.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\norwegian animal full movie .mpeg.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Windows\SysWOW64\IME\shared\american gay several models (Sonja).zip.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\lingerie porn [bangbus] .rar.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Windows\System32\DriverStore\Temp\hardcore horse masturbation 50+ (Sarah).rar.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\action sleeping titts circumcision (Janette).mpeg.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\japanese handjob voyeur lady (Sandy).rar.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\nude gang bang [free] (Jenna,Curtney).avi.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\DVD Maker\Shared\swedish action blowjob masturbation swallow .mpeg.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Program Files\Windows Journal\Templates\asian sperm fetish catfight swallow .mpg.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Program Files\Windows Sidebar\Shared Gadgets\african beastiality uncut swallow .avi.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\norwegian horse [milf] mature .avi.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nude handjob girls sm .mpeg.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Program Files (x86)\Google\Temp\fucking [milf] boobs black hairunshaved .mpeg.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\german fucking gay several models titts mistress .rar.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\french beast bukkake full movie (Sonja).zip.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\british animal cumshot [free] .zip.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\horse lesbian .rar.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\swedish action porn big cock hotel .zip.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Program Files (x86)\Google\Update\Download\hardcore voyeur gorgeoushorny .zip.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\canadian gang bang fucking several models hole swallow (Britney).mpg.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\beast gang bang sleeping sm .zip.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\horse girls .mpg.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ea4a469ab7713182\malaysia gang bang hot (!) lady (Tatjana).zip.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Windows\winsxs\Temp\action beast catfight boots .zip.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\xxx masturbation legs .mpg.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\Downloads\russian cum voyeur cock .mpg.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_3863e9ef3f804dd9\african hardcore public swallow .mpg.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-m..-temptable-provider_31bf3856ad364e35_6.1.7600.16385_none_1dd3ce8d1e7524cd\malaysia gang bang [bangbus] black hairunshaved .zip.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_515dc677700303ec\beastiality handjob [milf] cock granny .avi.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_4d274741486b900c\blowjob licking cock ejaculation .zip.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Windows\Downloaded Program Files\nude blowjob masturbation ash (Samantha,Sonja).mpeg.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\asian beastiality trambling catfight traffic .mpg.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_65b23d3c3a97bfaf\spanish blowjob sleeping hairy .rar.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_3b85bcbe4734e96a\canadian animal handjob hidden .mpg.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\canadian xxx beast masturbation .avi.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5d6ada54ed6d35a2\british handjob sleeping 40+ .mpeg.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_9498b282333b64ec\malaysia trambling gay uncut shoes .zip.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\indian sperm [free] boots .zip.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Windows\winsxs\InstallTemp\gay uncut circumcision .mpeg.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0835101f2d90c7b6\japanese blowjob uncut .zip.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_bcc167434bb9b3ea\german fetish big .zip.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b4aea777fe683838\horse xxx voyeur glans young .rar.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_6.1.7600.16385_none_a727eb798dcfb185\porn [free] bondage .mpg.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\malaysia trambling lesbian .zip.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_60c2504d62fd4f0e\swedish trambling lesbian boobs wifey .mpeg.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_7bfdfb15e7184c41\sperm [milf] boobs bedroom .mpeg.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_d8216ed3d8746200\animal sperm [free] nipples (Sonja,Curtney).avi.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_94ab98ac6d213009\russian cumshot full movie young .mpg.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\canadian cum [free] (Karin,Anniston).avi.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_f3c374fc18118ca2\indian lingerie kicking lesbian blondie .mpeg.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_963e6ae24c653bfe\french action [bangbus] granny (Sarah).zip.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_6.1.7600.16385_none_5499606faffb3f9f\american cum action hot (!) vagina shoes .mpg.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_aea650787d30ed8a\porn lingerie uncut .zip.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_6.1.7600.16385_none_6377027f0030a06a\japanese cumshot sleeping redhair .mpeg.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8bc7919d3f36cee7\american nude big .rar.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_39c9d74ef2ad6c7b\african trambling fetish [milf] legs (Sylvia,Sylvia).mpg.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_b7f38afb92de484f\french kicking girls mature .zip.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\cumshot gay girls .avi.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\Downloads\trambling [bangbus] .mpeg.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_f27c4f066f5c6701\gay fetish girls .avi.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_1412267f4b3bb985\french gay big swallow (Tatjana).mpeg.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\bukkake full movie .zip.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_387a16fe7addf3b6\blowjob sleeping pregnant .mpeg.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_99b74194b7347cab\british kicking several models mistress (Tatjana).zip.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Windows\winsxs\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_dba3691c6002e10e\swedish beast animal lesbian femdom .avi.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_7f84cd98a7a56fd8\beastiality kicking sleeping (Curtney).avi.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\handjob public granny .mpeg.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Windows\assembly\temp\tyrkish horse hot (!) penetration .mpeg.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\blowjob fucking full movie feet .rar.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_6f0f7833cb71e18d\cum [milf] hole bedroom .zip.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_664dbffec8693dfe\beast full movie boobs upskirt (Sandy).avi.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\british lingerie sleeping pregnant .mpg.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f25d066604c2ad34\swedish lingerie hidden nipples .zip.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8bfc34b93f0fdd42\action beast girls .mpeg.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_60a2cbbf935c42b4\handjob sleeping boobs young .avi.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Windows\winsxs\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_5e4ff1f4cf2dee9b\norwegian trambling beastiality several models hole pregnant .rar.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_d81c96999f75bd77\bukkake catfight cock gorgeoushorny .rar.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_97a45841ff925aa0\spanish cumshot [free] circumcision .zip.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_it-it_18a6fde3093acac7\lesbian voyeur glans .mpeg.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_6b16fa9f975e1109\hardcore [milf] hole .avi.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_aedaf3947d09fbe5\brasilian nude fetish licking .avi.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e30b5ec05031d17d\bukkake bukkake lesbian .mpeg.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8d9f242de8497d58\beast several models (Melissa).mpg.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_f0ca3430257ea13f\russian hardcore uncut vagina bondage .mpg.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Windows\winsxs\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_a945e2c500c90142\hardcore licking girly .avi.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_ddab3bcb3a4ffb45\french xxx xxx sleeping 40+ (Sandy,Sarah).mpg.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2860 wrote to memory of 2672 N/A C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe
PID 2860 wrote to memory of 2672 N/A C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe
PID 2860 wrote to memory of 2672 N/A C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe
PID 2860 wrote to memory of 2672 N/A C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe
PID 2672 wrote to memory of 2436 N/A C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe
PID 2672 wrote to memory of 2436 N/A C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe
PID 2672 wrote to memory of 2436 N/A C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe
PID 2672 wrote to memory of 2436 N/A C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe

Processes

C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe

"C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe"

C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe

"C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe"

C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe

"C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 97.192.225.2.in-addr.arpa udp
US 8.8.8.8:53 210.243.141.176.in-addr.arpa udp
US 8.8.8.8:53 59.132.87.113.in-addr.arpa udp
US 8.8.8.8:53 66.90.85.178.in-addr.arpa udp
US 8.8.8.8:53 29.214.212.13.in-addr.arpa udp
US 8.8.8.8:53 26.6.65.153.in-addr.arpa udp
US 8.8.8.8:53 120.131.20.194.in-addr.arpa udp
US 8.8.8.8:53 98.61.149.74.in-addr.arpa udp
US 8.8.8.8:53 110.50.10.3.in-addr.arpa udp
US 8.8.8.8:53 16.21.25.81.in-addr.arpa udp
US 8.8.8.8:53 198.167.223.159.in-addr.arpa udp
US 8.8.8.8:53 84.141.208.49.in-addr.arpa udp
US 8.8.8.8:53 192.194.92.51.in-addr.arpa udp
US 8.8.8.8:53 149.26.120.43.in-addr.arpa udp
US 8.8.8.8:53 232.13.136.86.in-addr.arpa udp
US 8.8.8.8:53 24.233.154.196.in-addr.arpa udp
US 8.8.8.8:53 146.153.225.201.in-addr.arpa udp
US 8.8.8.8:53 77.116.205.41.in-addr.arpa udp
US 8.8.8.8:53 38.13.251.157.in-addr.arpa udp
US 8.8.8.8:53 245.189.165.122.in-addr.arpa udp
US 8.8.8.8:53 152.249.34.120.in-addr.arpa udp
US 8.8.8.8:53 240.181.29.164.in-addr.arpa udp
US 8.8.8.8:53 220.116.168.65.in-addr.arpa udp
US 8.8.8.8:53 181.214.61.40.in-addr.arpa udp

Files

memory/2860-0-0x0000000000400000-0x000000000041F000-memory.dmp

C:\Program Files\Windows Sidebar\Shared Gadgets\african beastiality uncut swallow .avi.exe

MD5 186253aaee72846f70a5e40fdc69c530
SHA1 f8d60dfa9ca9576d17453ae787533827a5c131c8
SHA256 a09acdba087b0b77c33e8b241e8ae9c55da64e6f697db03a2176f403963e8fab
SHA512 40543dad3c8ed87a725ea0d2623a15c6464c56d411616f466740ae5e2a56f0643dab9f504c05598c29f1d1ee1b08221206afb2ff3557367af6690b99816a6c5a

memory/2860-36-0x0000000004AA0000-0x0000000004ABF000-memory.dmp

memory/2672-39-0x0000000000400000-0x000000000041F000-memory.dmp

memory/2672-66-0x00000000047C0000-0x00000000047DF000-memory.dmp

memory/2436-67-0x0000000000400000-0x000000000041F000-memory.dmp

memory/2860-95-0x0000000000400000-0x000000000041F000-memory.dmp

memory/2860-96-0x0000000004AA0000-0x0000000004ABF000-memory.dmp

memory/2672-99-0x0000000000400000-0x000000000041F000-memory.dmp

memory/2672-103-0x00000000047C0000-0x00000000047DF000-memory.dmp

memory/2436-104-0x0000000000400000-0x000000000041F000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-04-07 20:25

Reported

2024-04-07 20:28

Platform

win10v2004-20240226-en

Max time kernel

150s

Max time network

155s

Command Line

"C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe"

Signatures

Detects executables containing possible sandbox analysis VM usernames

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\FxsTmp\asian beast public YEâPSè& .mpg.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Windows\SysWOW64\IME\SHARED\swedish animal xxx big mistress (Anniston,Samantha).rar.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Windows\System32\LogFiles\Fax\Incoming\black horse xxx hot (!) hole ¤ç .avi.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\beastiality hardcore licking hotel (Gina,Jade).rar.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\american handjob xxx big titts bedroom .avi.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\french trambling voyeur feet .zip.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\japanese porn xxx hidden glans (Sonja,Tatjana).mpg.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Windows\System32\DriverStore\Temp\brasilian gang bang trambling catfight glans ash .zip.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Windows\SysWOW64\IME\SHARED\russian cum hardcore several models glans ¼ë .zip.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\italian handjob beast hidden hole mistress (Jade).mpeg.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\lesbian lesbian hole wifey .mpeg.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\brasilian porn blowjob catfight (Liz).mpg.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\microsoft shared\indian porn blowjob [milf] glans hairy .zip.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\brasilian handjob bukkake uncut castration .zip.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Program Files\Windows Sidebar\Shared Gadgets\bukkake uncut .avi.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\swedish animal beast big ejaculation .mpg.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\brasilian beastiality lesbian big cock traffic (Sarah).mpeg.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\african gay big castration .mpeg.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Program Files (x86)\Google\Temp\bukkake catfight glans .avi.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Program Files (x86)\Google\Update\Download\swedish kicking gay lesbian 40+ .avi.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\american animal blowjob lesbian glans femdom (Curtney).zip.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\italian fetish fucking sleeping glans penetration (Sarah).rar.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\black nude hardcore hidden high heels .zip.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Program Files\dotnet\shared\trambling licking granny .mpg.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\fucking [bangbus] feet .mpg.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\danish nude lesbian uncut cock beautyfull .mpeg.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\trambling public cock (Christine,Karin).avi.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Program Files\Microsoft Office\Updates\Download\swedish gang bang beast public .zip.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\lesbian [free] traffic .avi.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\fucking sleeping feet .mpeg.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.1_none_fa09f84703cb02c5\british lesbian several models (Janette).rar.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_ee7ea14f7d8a3ee3\kicking lingerie big .mpg.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.1266_none_7916f7558927ae23\fucking [free] .mpeg.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Windows\WinSxS\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_10.0.19041.1_none_0341fea186758116\fucking public titts lady (Melissa).rar.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\lesbian [free] cock castration .rar.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1_none_0b596e2a33be7d4c\lesbian lesbian .mpg.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.1_none_b201c2e68d8dbc0d\canadian horse several models .zip.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_10.0.19041.1_none_c513167c1d0a90dd\black kicking hardcore lesbian .zip.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5021dd18efc0460c\british xxx voyeur feet .rar.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_8d8f6812a0c99533\italian cum sperm girls black hairunshaved .rar.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_ca03036af4a5017e\hardcore [bangbus] .mpeg.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\Downloads\horse catfight balls .rar.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_es-es_64c107d8bb3ade94\brasilian action horse sleeping balls (Christine,Curtney).mpeg.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_93c5f32b7859ec4f\beastiality hardcore girls cock (Jenna,Curtney).avi.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.746_none_96167fa49059f7a3\spanish beast voyeur boots (Jenna,Tatjana).mpeg.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Windows\WinSxS\amd64_netfx4-_dataperfcou.._shared12_neutral_h_b03f5f7f11d50a3a_4.0.15805.0_none_24ed4511dcc3019e\spanish sperm hidden fishy .zip.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Windows\WinSxS\msil_microsoft.powershel..filedownloadmanager_31bf3856ad364e35_10.0.19041.1_none_cb69bad627df9263\horse girls feet black hairunshaved (Melissa).zip.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..ces-ime-eashared-lm_31bf3856ad364e35_10.0.19041.1_none_4756d423b091d10b\handjob lingerie hidden titts girly .mpeg.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.1_none_7862ecae0548fb54\norwegian beast [free] (Samantha).rar.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.789_en-us_58ebf9ecc407e3c0\russian nude xxx sleeping lady (Anniston,Sarah).avi.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_fad1fa0072ef4a3a\african gay voyeur mistress .mpg.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-u..ell-sharedutilities_31bf3856ad364e35_10.0.19041.546_none_a93e4a2569276206\brasilian porn bukkake full movie (Janette).avi.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_67a96afcfa248327\black cum bukkake full movie ejaculation .rar.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_8fafa997b9980bea\black cum bukkake [free] .avi.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Windows\WinSxS\x86_microsoft-windows-m..-temptable-provider_31bf3856ad364e35_10.0.19041.1_none_77cfea69a421a4a1\canadian bukkake [free] girly .rar.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_5b152a8d329397ec\swedish handjob fucking public feet .zip.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_19d22204a1f3fcaf\canadian fucking masturbation blondie .mpg.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\russian nude horse [bangbus] glans ash .mpg.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\Downloads\fucking catfight (Karin).zip.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.1_none_0bc0f3d4cd7dc8fd\brasilian kicking gay several models glans wifey (Sarah).rar.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_it-it_4c5922428a6f2d08\swedish action beast sleeping titts granny .mpg.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_de-de_3d077a9cd5de5151\horse lesbian big hole .avi.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_10.0.19041.746_none_e2c6a972a81b8d2c\chinese beast catfight glans .mpeg.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.1_none_6e0e425bd0e83959\fucking licking .avi.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_3a3c49005c947bac\hardcore licking .mpeg.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.844_none_67b5915b5651dd8a\italian fetish sperm hot (!) titts .avi.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-security-ntlmshared_31bf3856ad364e35_10.0.19041.1_none_734900fc110387b6\porn lesbian girls .mpeg.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_en-us_8dd6053a0a5910eb\malaysia bukkake girls (Sylvia).avi.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.906_none_f962ab5f47e1e896\african trambling big beautyfull .mpeg.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_es-es_30d7585a049f5b52\brasilian fetish beast [free] .mpeg.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_833abdc06c68d338\american gang bang trambling public mature .rar.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_5d54c0aac5c3c12c\beastiality trambling catfight .zip.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1288_none_ca3007304990b2ea\asian fucking sleeping penetration .mpeg.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-security-ntlmshared_31bf3856ad364e35_10.0.19041.1_none_7d9dab4e456449b1\american cumshot lingerie girls glans .mpg.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_cb389cf57d74d691\hardcore masturbation bedroom .zip.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_855aff45853749ef\cum blowjob full movie beautyfull .zip.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_10.0.19041.1_none_ae957c4c35a7bf73\malaysia blowjob public black hairunshaved .zip.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1_none_97e9c0335b4cd39a\lingerie [bangbus] feet femdom (Melissa).mpeg.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_it-it_f1a0741e853eda74\malaysia beast hidden .rar.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_de-de_e4e52f411b7b0526\african fucking uncut hole shoes .rar.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Windows\CbsTemp\italian porn beast masturbation mature (Britney,Jade).rar.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..se-shared-datafiles_31bf3856ad364e35_10.0.19041.1_none_2f5f00d280dce9f6\italian nude trambling big blondie (Ashley,Janette).avi.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.84_none_c494b3b28da10665\malaysia lesbian sleeping boots .mpeg.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.867_en-us_49453482f1fb5356\indian cumshot blowjob [milf] upskirt .avi.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_es-es_e5c3ad79c4e34ebb\cumshot lesbian hidden feet .rar.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Windows\WinSxS\amd64_netfx4-uninstallsqlstatetemplate_sql_b03f5f7f11d50a3a_4.0.15805.0_none_db70a8ec1b999dd5\chinese bukkake public redhair (Sonja,Jade).mpeg.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_2fe79eae2833b9b1\kicking sperm uncut penetration (Sonja,Curtney).avi.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.746_none_2212358fc33cc10f\chinese blowjob girls young .avi.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.867_none_c29826784f9429f8\indian animal beast full movie hole swallow .mpg.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_887b2378b7b5651d\swedish fetish lesbian uncut .mpg.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Windows\security\templates\horse uncut (Samantha).rar.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_62312bfbb33d478a\african trambling public hairy .mpeg.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Windows\assembly\temp\tyrkish action bukkake girls pregnant (Sonja,Liz).rar.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_621728fcd3c9d5f6\cum xxx hidden titts .rar.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3428 wrote to memory of 3092 N/A C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe
PID 3428 wrote to memory of 3092 N/A C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe
PID 3428 wrote to memory of 3092 N/A C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe
PID 3428 wrote to memory of 1620 N/A C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe
PID 3428 wrote to memory of 1620 N/A C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe
PID 3428 wrote to memory of 1620 N/A C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe
PID 3092 wrote to memory of 3372 N/A C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe
PID 3092 wrote to memory of 3372 N/A C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe
PID 3092 wrote to memory of 3372 N/A C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe

Processes

C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe

"C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe"

C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe

"C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe"

C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe

"C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe"

C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe

"C:\Users\Admin\AppData\Local\Temp\415f7c1031863774a36012c2fe149b5d8d2fca9ceadf31a0ea792a285bfb49b3.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 240.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 133.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 98.56.20.217.in-addr.arpa udp
US 8.8.8.8:53 70.198.139.232.in-addr.arpa udp
US 8.8.8.8:53 241.84.169.37.in-addr.arpa udp
US 8.8.8.8:53 199.75.51.52.in-addr.arpa udp
US 8.8.8.8:53 100.205.51.64.in-addr.arpa udp
US 8.8.8.8:53 199.20.204.253.in-addr.arpa udp
US 8.8.8.8:53 75.186.221.108.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 5.7.88.199.in-addr.arpa udp
US 8.8.8.8:53 251.90.16.18.in-addr.arpa udp
US 8.8.8.8:53 149.101.28.86.in-addr.arpa udp
US 8.8.8.8:53 29.20.98.137.in-addr.arpa udp
US 8.8.8.8:53 154.177.47.133.in-addr.arpa udp
US 8.8.8.8:53 95.86.16.197.in-addr.arpa udp
US 8.8.8.8:53 174.57.192.65.in-addr.arpa udp
US 8.8.8.8:53 13.3.31.37.in-addr.arpa udp
US 8.8.8.8:53 149.64.207.12.in-addr.arpa udp
US 8.8.8.8:53 162.93.229.190.in-addr.arpa udp
US 8.8.8.8:53 30.97.31.196.in-addr.arpa udp
US 8.8.8.8:53 52.244.127.183.in-addr.arpa udp
US 8.8.8.8:53 111.61.136.112.in-addr.arpa udp
US 8.8.8.8:53 226.72.2.144.in-addr.arpa udp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 55.89.106.255.in-addr.arpa udp
US 8.8.8.8:53 208.129.69.43.in-addr.arpa udp
US 8.8.8.8:53 14.163.87.150.in-addr.arpa udp
US 8.8.8.8:53 59.32.111.101.in-addr.arpa udp
US 8.8.8.8:53 33.102.144.228.in-addr.arpa udp
US 8.8.8.8:53 229.214.248.234.in-addr.arpa udp
US 8.8.8.8:53 194.232.141.253.in-addr.arpa udp
US 8.8.8.8:53 4.249.144.236.in-addr.arpa udp
US 8.8.8.8:53 235.240.141.32.in-addr.arpa udp
US 8.8.8.8:53 126.11.124.180.in-addr.arpa udp
US 8.8.8.8:53 131.198.250.81.in-addr.arpa udp
US 8.8.8.8:53 142.207.21.207.in-addr.arpa udp
US 8.8.8.8:53 47.251.199.97.in-addr.arpa udp
US 8.8.8.8:53 86.23.240.182.in-addr.arpa udp
US 8.8.8.8:53 186.120.18.24.in-addr.arpa udp
US 8.8.8.8:53 197.224.243.188.in-addr.arpa udp
US 8.8.8.8:53 125.200.151.210.in-addr.arpa udp
US 8.8.8.8:53 122.143.33.131.in-addr.arpa udp
US 8.8.8.8:53 70.216.202.96.in-addr.arpa udp
US 8.8.8.8:53 161.123.248.255.in-addr.arpa udp
US 8.8.8.8:53 27.168.151.20.in-addr.arpa udp
US 8.8.8.8:53 150.240.254.216.in-addr.arpa udp
US 8.8.8.8:53 225.46.173.113.in-addr.arpa udp

Files

memory/3428-0-0x0000000000400000-0x000000000041F000-memory.dmp

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\danish nude lesbian uncut cock beautyfull .mpeg.exe

MD5 6fd517781e891e85ad1667190bad4a3e
SHA1 b425aa7a13dc515dab601088d4ee3ee378a26470
SHA256 b2e35eae4705cd33c1d07d702b676d36481fe487ed059c890df57650897a80fa
SHA512 dc610601738fba6649fba97972be4d4d56d7960be65c0652cb9f9e7cec8752479319c2eef9cf036e1ae11f799bd179048b9cb335e404fb1b8ad0f895f72a2c83

memory/3092-12-0x0000000000400000-0x000000000041F000-memory.dmp

memory/1620-133-0x0000000000400000-0x000000000041F000-memory.dmp

memory/3372-141-0x0000000000400000-0x000000000041F000-memory.dmp

memory/3428-182-0x0000000000400000-0x000000000041F000-memory.dmp

memory/3092-185-0x0000000000400000-0x000000000041F000-memory.dmp

memory/1620-189-0x0000000000400000-0x000000000041F000-memory.dmp

memory/3372-191-0x0000000000400000-0x000000000041F000-memory.dmp