Malware Analysis Report

2024-11-15 06:05

Sample ID 240407-y8yyasea83
Target 426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4
SHA256 426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4
Tags
upx persistence spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4

Threat Level: Known bad

The file 426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4 was found to be: Known bad.

Malicious Activity Summary

upx persistence spyware stealer

UPX dump on OEP (original entry point)

UPX dump on OEP (original entry point)

Detects executables containing possible sandbox analysis VM usernames

UPX packed file

Reads user/profile data of web browsers

Checks computer location settings

Adds Run key to start application

Enumerates connected drives

Drops file in System32 directory

Drops file in Program Files directory

Drops file in Windows directory

Enumerates physical storage devices

Unsigned PE

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-07 20:28

Signatures

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-07 20:28

Reported

2024-04-07 20:30

Platform

win7-20240221-en

Max time kernel

150s

Max time network

152s

Command Line

"C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe"

Signatures

Detects executables containing possible sandbox analysis VM usernames

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\african lesbian full movie penetration (Sonja,Anniston).mpeg.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\brasilian action voyeur boobs hairy .mpeg.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Windows\SysWOW64\IME\shared\norwegian lesbian licking .mpg.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Windows\SysWOW64\IME\shared\handjob cumshot hidden feet .rar.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\british lesbian nude hidden ash (Anniston,Ashley).zip.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Windows\System32\DriverStore\Temp\handjob fucking several models (Curtney).zip.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\horse handjob [free] nipples .avi.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Windows\System32\LogFiles\Fax\Incoming\malaysia handjob [milf] .avi.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\gang bang hidden hole hotel .zip.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\swedish xxx [free] .avi.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\Microsoft Shared\lesbian several models .avi.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Program Files\Windows Sidebar\Shared Gadgets\african fucking trambling girls 40+ (Samantha).mpeg.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\spanish bukkake uncut .rar.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\cum uncut glans shower .zip.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Program Files\DVD Maker\Shared\spanish cumshot blowjob licking gorgeoushorny .mpg.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\fetish cum catfight penetration (Jenna).mpeg.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\italian blowjob gang bang sleeping penetration (Anniston,Liz).mpg.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Program Files (x86)\Google\Update\Download\norwegian kicking [milf] 40+ .mpg.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Program Files\Windows Journal\Templates\danish beast catfight nipples .avi.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Program Files (x86)\Google\Temp\hardcore fetish masturbation hole .rar.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\swedish fucking public tÛ (Liz,Sonja).avi.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\malaysia horse [free] bedroom (Sylvia,Kathrin).zip.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\french beastiality hidden titts fishy (Janette).avi.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\chinese sperm beastiality big .rar.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\porn cum hot (!) shoes (Curtney).avi.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_aedaf3947d09fbe5\fetish [milf] .zip.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\hardcore uncut .mpeg.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\Downloads\african action full movie vagina .rar.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8bc7919d3f36cee7\japanese beastiality [bangbus] girly .mpeg.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_657d9a203abeb154\cum animal full movie shower .mpg.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Windows\winsxs\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_16a2bb1dbab1c595\italian porn masturbation .zip.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_3c93ac15fd731acf\tyrkish trambling beastiality several models legs .mpeg.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_6.1.7600.16385_none_af6f98ff87b0e3cc\italian beastiality public .zip.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0993a1b8823a4e79\norwegian lingerie bukkake licking glans girly .rar.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_664dbffec8693dfe\xxx kicking public stockings (Sonja).mpeg.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\trambling cum [bangbus] cock (Sonja).avi.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Windows\PLA\Templates\british animal lesbian catfight nipples .rar.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_f27c4f066f5c6701\action horse lesbian circumcision .rar.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_3d98a610fed70b75\horse sperm hot (!) .rar.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_963e6ae24c653bfe\hardcore several models cock .avi.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Windows\mssrv.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\horse fucking [free] 50+ .mpeg.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Windows\winsxs\Temp\italian fucking catfight boobs .zip.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_3863e9ef3f804dd9\swedish trambling full movie ash circumcision .avi.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_aea650787d30ed8a\kicking action several models YEâPSè& .rar.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_293ea1e3e6bc5364\swedish lesbian lesbian boobs penetration (Karin).mpg.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_4fe2107fd06efdd8\hardcore hidden hairy .zip.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_6.1.7600.16385_none_6377027f0030a06a\chinese xxx uncut feet blondie .avi.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_en-us_00f45b041e1e8fd3\malaysia horse [free] feet shower .avi.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\hardcore [free] boots (Sonja).rar.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\trambling sleeping ¼ç (Curtney).avi.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5d6ada54ed6d35a2\xxx gang bang full movie .mpeg.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\sperm lingerie girls latex .avi.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_6.1.7600.16385_none_a727eb798dcfb185\fucking fucking [milf] hotel .mpeg.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05\spanish blowjob blowjob lesbian stockings .zip.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\blowjob lingerie [milf] boobs traffic .mpeg.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\tyrkish lesbian public boobs .mpeg.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Windows\assembly\temp\brasilian kicking full movie nipples leather .mpg.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_4d274741486b900c\canadian cumshot girls castration .avi.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\norwegian trambling bukkake hot (!) legs pregnant (Jenna).mpeg.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_94828572f7ddbf0f\sperm hardcore hidden legs latex (Sonja).rar.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_39c9d74ef2ad6c7b\japanese blowjob girls .rar.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_cd2006602e5ee22e\lingerie lesbian nipples bondage (Sonja,Sylvia).avi.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Windows\winsxs\x86_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_dd18b2a07d49aa11\canadian bukkake gang bang [milf] high heels .mpg.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ea4a469ab7713182\russian porn horse masturbation cock shoes .zip.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_6208b91f46896156\russian porn horse voyeur 40+ .avi.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_1412267f4b3bb985\german trambling [milf] black hairunshaved (Liz).avi.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ad7c61fb28607522\american gay masturbation sm .mpg.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_d8216ed3d8746200\african beastiality gang bang lesbian .mpeg.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_ddab3bcb3a4ffb45\cum full movie cock sweet .rar.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\chinese cum several models bondage .zip.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_00225053e03f4c04\horse handjob [free] (Sonja,Gina).rar.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_6.1.7600.16385_none_2958d4a31d2ec64f\action xxx [free] .rar.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Windows\winsxs\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_a945e2c500c90142\swedish fetish sperm big .zip.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Windows\winsxs\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_5e4ff1f4cf2dee9b\black bukkake action [free] mature .rar.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\nude several models ash Ôë (Gina,Sonja).rar.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_2e7f079c3208e549\canadian horse full movie blondie .zip.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_f0ca3430257ea13f\canadian blowjob full movie ash .mpeg.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0ac4ebfc358e5ec0\xxx full movie boots .mpg.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ac16749b75335680\beast cum voyeur .rar.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_7f84cd98a7a56fd8\french action xxx lesbian boobs (Britney,Liz).avi.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Windows\security\templates\indian beast catfight ash .avi.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_bcc167434bb9b3ea\swedish trambling sperm [free] hairy .zip.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Windows\winsxs\amd64_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_c26c5b8280c6af34\japanese gang bang [free] glans (Christine,Anniston).mpeg.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_3b85bcbe4734e96a\spanish lingerie hot (!) (Tatjana).rar.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\Downloads\asian xxx girls .mpeg.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Windows\SoftwareDistribution\Download\japanese horse fetish catfight vagina .avi.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8c6fc5a7aa8c435d\action [milf] .avi.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\malaysia bukkake gang bang [free] vagina .zip.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2168 wrote to memory of 2676 N/A C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe
PID 2168 wrote to memory of 2676 N/A C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe
PID 2168 wrote to memory of 2676 N/A C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe
PID 2168 wrote to memory of 2676 N/A C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe
PID 2676 wrote to memory of 2456 N/A C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe
PID 2676 wrote to memory of 2456 N/A C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe
PID 2676 wrote to memory of 2456 N/A C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe
PID 2676 wrote to memory of 2456 N/A C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe

Processes

C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe

"C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe"

C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe

"C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe"

C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe

"C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 213.22.4.39.in-addr.arpa udp
US 8.8.8.8:53 136.93.9.79.in-addr.arpa udp
US 8.8.8.8:53 19.130.87.226.in-addr.arpa udp
US 8.8.8.8:53 150.53.227.143.in-addr.arpa udp
US 8.8.8.8:53 11.33.66.34.in-addr.arpa udp
US 8.8.8.8:53 73.43.193.91.in-addr.arpa udp
US 8.8.8.8:53 224.225.88.251.in-addr.arpa udp
US 8.8.8.8:53 84.81.48.254.in-addr.arpa udp
US 8.8.8.8:53 73.57.45.155.in-addr.arpa udp
US 8.8.8.8:53 11.97.42.93.in-addr.arpa udp
US 8.8.8.8:53 98.232.78.150.in-addr.arpa udp
US 8.8.8.8:53 95.223.66.25.in-addr.arpa udp
US 8.8.8.8:53 117.168.211.101.in-addr.arpa udp
US 8.8.8.8:53 28.40.42.15.in-addr.arpa udp
US 8.8.8.8:53 174.166.247.47.in-addr.arpa udp
US 8.8.8.8:53 160.146.74.64.in-addr.arpa udp
US 8.8.8.8:53 84.93.196.148.in-addr.arpa udp
US 8.8.8.8:53 52.30.109.85.in-addr.arpa udp
US 8.8.8.8:53 36.125.202.157.in-addr.arpa udp
US 8.8.8.8:53 89.62.76.203.in-addr.arpa udp
US 8.8.8.8:53 154.36.55.243.in-addr.arpa udp
US 8.8.8.8:53 18.135.89.203.in-addr.arpa udp
US 8.8.8.8:53 243.163.73.116.in-addr.arpa udp
US 8.8.8.8:53 148.60.98.83.in-addr.arpa udp

Files

memory/2168-0-0x0000000000400000-0x000000000041C000-memory.dmp

C:\Program Files\Windows Sidebar\Shared Gadgets\african fucking trambling girls 40+ (Samantha).mpeg.exe

MD5 92dfba0c112e45df1ce9c2678249337f
SHA1 aee3e67e63278ee5f65db861c170cfe0e614a1e8
SHA256 3a776e9b4edd824b12a67a19db8cfeb5d9dbb505a0ecee447da12f2c28f9c2de
SHA512 e9df68870488e528b95722469fa5486463d247c5cf752d76f5081ca9dcd288170f9c76ad6a0f3135a4352895e640e2fee62633714439531d24d5b731afccc830

memory/2676-21-0x0000000000400000-0x000000000041C000-memory.dmp

memory/2676-62-0x00000000047D0000-0x00000000047EC000-memory.dmp

memory/2456-63-0x0000000000400000-0x000000000041C000-memory.dmp

memory/2168-87-0x0000000000400000-0x000000000041C000-memory.dmp

memory/2676-88-0x0000000000400000-0x000000000041C000-memory.dmp

memory/2168-90-0x0000000000400000-0x000000000041C000-memory.dmp

memory/2168-91-0x00000000057E0000-0x00000000057FC000-memory.dmp

memory/2168-92-0x0000000000400000-0x000000000041C000-memory.dmp

memory/2676-96-0x00000000047D0000-0x00000000047EC000-memory.dmp

memory/2168-97-0x0000000000400000-0x000000000041C000-memory.dmp

C:\debug.txt

MD5 d167532ba9adcc3543c3dc0900e1b973
SHA1 3c167ee1d797aecac521af2edfcb767402b3e0ce
SHA256 297444b13ef262c5011738a4ef5f99735a2069f3dabdc816525693f97bc425e8
SHA512 455f716d97f4cce2c777d62326f6bdc7d89400af8340752b9b9e921732e822e9567eeda33c2ee8495e1252f48f783391925f6f504c6afb0762f37c0f388d8957

memory/2168-110-0x0000000000400000-0x000000000041C000-memory.dmp

memory/2168-113-0x0000000000400000-0x000000000041C000-memory.dmp

memory/2168-116-0x0000000000400000-0x000000000041C000-memory.dmp

memory/2168-119-0x0000000000400000-0x000000000041C000-memory.dmp

memory/2168-122-0x0000000000400000-0x000000000041C000-memory.dmp

memory/2168-127-0x0000000000400000-0x000000000041C000-memory.dmp

memory/2168-130-0x0000000000400000-0x000000000041C000-memory.dmp

memory/2168-133-0x0000000000400000-0x000000000041C000-memory.dmp

memory/2168-136-0x0000000000400000-0x000000000041C000-memory.dmp

memory/2168-139-0x0000000000400000-0x000000000041C000-memory.dmp

memory/2168-142-0x0000000000400000-0x000000000041C000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-04-07 20:28

Reported

2024-04-07 20:30

Platform

win10v2004-20231215-en

Max time kernel

150s

Max time network

152s

Command Line

"C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe"

Signatures

Detects executables containing possible sandbox analysis VM usernames

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\trambling beast [bangbus] swallow (Kathrin).mpg.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\animal action [free] shoes .zip.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Windows\System32\DriverStore\Temp\trambling beastiality girls (Sonja,Sandy).rar.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Windows\System32\LogFiles\Fax\Incoming\action fucking girls boots (Jade).rar.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\beastiality hot (!) sm (Anniston).mpeg.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\fetish catfight pregnant .avi.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\tyrkish sperm lingerie girls girly .rar.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\danish lingerie lesbian girls balls .rar.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Windows\SysWOW64\IME\SHARED\hardcore gay catfight lady .avi.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\french gay full movie .avi.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\lesbian kicking girls shower (Anniston).rar.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Windows\SysWOW64\IME\SHARED\russian gang bang lesbian 40+ .mpg.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\microsoft shared\lesbian several models .avi.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Program Files\dotnet\shared\spanish cumshot blowjob licking gorgeoushorny .mpg.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Program Files\Windows Sidebar\Shared Gadgets\spanish bukkake uncut .rar.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Program Files (x86)\Google\Update\Download\malaysia horse [free] bedroom (Sylvia,Kathrin).zip.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\norwegian action catfight vagina (Jenna).rar.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\japanese trambling gay [milf] .avi.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\african fucking trambling girls 40+ (Samantha).mpeg.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\hardcore fetish masturbation hole .rar.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Program Files\Microsoft Office\Updates\Download\norwegian kicking [milf] 40+ .mpg.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\british sperm bukkake catfight boots .zip.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\fetish cum catfight penetration (Jenna).mpeg.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\italian blowjob gang bang sleeping penetration (Anniston,Liz).mpg.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\swedish fucking public ΋ (Liz,Sonja).avi.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\chinese sperm beastiality big .rar.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Program Files (x86)\Google\Temp\cum uncut glans shower .zip.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\danish beast catfight nipples .avi.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\french beastiality hidden titts fishy (Janette).avi.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\porn cum hot (!) shoes (Curtney).avi.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_bca64d70c79f104b\gay hardcore lesbian .avi.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_10.0.19041.1_none_bd731e5b85dd203e\russian cum lingerie public 50+ .rar.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\templates\action fucking several models (Sylvia).rar.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_ab42fb092bda9182\african cumshot animal public young (Curtney,Christine).mpg.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_fd7349c396c417ae\russian kicking porn several models vagina .rar.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_it-it_f1a0741e853eda74\american fucking girls leather (Melissa).rar.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Windows\WinSxS\amd64_netfx-aspnet-sharedcomponents_b03f5f7f11d50a3a_4.0.19041.1_none_47ca94859da20b28\japanese gang bang gang bang full movie boots .zip.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_2610450c30b37cc4\hardcore catfight lady .mpg.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Windows\WinSxS\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_10.0.19041.1_none_a723631dce180fe0\fucking sperm licking upskirt (Christine).rar.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\Downloads\chinese horse beastiality masturbation boobs mistress .mpg.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..s-ime-eashared-ihds_31bf3856ad364e35_10.0.19041.1_none_e8996b7d3512363f\japanese lesbian [free] nipples .mpeg.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.746_none_d404daff82e97769\british porn girls .mpg.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_3058d81cfd5218f2\norwegian lingerie beast hot (!) glans penetration .mpg.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1_none_a23e6a858fad9595\animal catfight penetration .mpeg.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\japanese blowjob masturbation .mpg.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_10.0.19041.746_none_e2c6a972a81b8d2c\japanese lesbian hot (!) hole mature (Anniston,Jenna).mpeg.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-update-upshared_31bf3856ad364e35_10.0.19041.84_none_85259eff919b7c9e\chinese horse handjob full movie legs .avi.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_es-es_e5c3ad79c4e34ebb\asian sperm hidden titts .rar.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.84_none_81616275259e37fe\horse uncut bedroom .rar.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_215194e2327a46ac\brasilian porn xxx uncut hole .rar.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_621728fcd3c9d5f6\kicking masturbation wifey (Gina,Gina).avi.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\british lingerie trambling sleeping femdom .avi.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_de-de_16bd831fd16633be\russian nude fetish hot (!) ash .rar.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_en-us_e5f85095c4bc5d16\italian gay nude [free] glans high heels .rar.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.746_none_b53f8b98f2b3a373\gay blowjob lesbian castration (Sonja).mpeg.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.1_none_0bc0f3d4cd7dc8fd\british horse masturbation .rar.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_es-es_30d7585a049f5b52\japanese beast uncut (Sandy).mpg.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.1_none_a80cea873b2a6772\spanish xxx hardcore masturbation hole .rar.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-sx-shared_31bf3856ad364e35_10.0.19041.1_none_f8e978b0ed48a6bb\norwegian horse animal girls (Britney,Sarah).avi.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5021dd18efc0460c\black gang bang cumshot [milf] boobs ash .mpeg.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_19d22204a1f3fcaf\sperm horse sleeping glans lady .mpeg.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Windows\WinSxS\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_10.0.19041.1_none_0341fea186758116\brasilian horse blowjob licking shoes .rar.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Windows\WinSxS\amd64_netfx-shared_registry_whidbey_31bf3856ad364e35_10.0.19041.1_none_1c68775f06732f08\blowjob fucking uncut shower (Sonja,Sarah).mpg.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_5d54c0aac5c3c12c\lesbian licking ash shower .avi.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Windows\assembly\temp\african action handjob masturbation boobs .mpg.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_it-it_4c5922428a6f2d08\indian cum porn hidden hairy (Sonja).mpg.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_6c6bd34f082a97f1\indian beastiality sperm full movie swallow .rar.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.746_none_de598551b74a3964\porn cum hot (!) young (Jenna,Janette).rar.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\italian fetish several models (Sandy).mpeg.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-u..tyvm-sysprep-shared_31bf3856ad364e35_10.0.19041.1_none_3ba048793ab5eb3f\sperm fetish [milf] gorgeoushorny .rar.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_es-es_8da1621e0a800290\british beast cumshot [bangbus] .zip.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_de-de_3d077a9cd5de5151\asian lingerie sperm [free] penetration .rar.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-update-upshared_31bf3856ad364e35_10.0.19041.1151_none_025296d718a7b3a8\xxx several models .zip.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..acejoin-gptemplates_31bf3856ad364e35_10.0.19041.1_none_609f27436445f4da\trambling public titts Ôï .avi.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Windows\InputMethod\SHARED\malaysia beastiality cum big .mpeg.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_en-us_64f5aaf4bb13ecef\italian beastiality lesbian feet pregnant .mpeg.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1288_none_6115038ba57fcb33\danish xxx lesbian big femdom .avi.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_de-de_881b257d159a5de8\spanish gang bang handjob [free] ash .rar.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..mon-sharedresources_31bf3856ad364e35_10.0.19041.1_none_5417ea1f38dbb76b\lingerie full movie (Curtney,Jenna).mpeg.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..ervices-tsfairshare_31bf3856ad364e35_10.0.19041.746_none_0b33a1c93a22de1c\fetish fucking girls .mpg.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Windows\WinSxS\amd64_netfx4-installsqlstatetemplate_sql_b03f5f7f11d50a3a_4.0.15805.0_none_7636d1cd418015c8\animal [bangbus] high heels .zip.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.1266_none_7916f7558927ae23\indian hardcore nude lesbian YEâPSè& (Gina,Gina).rar.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.789_en-us_58ebf9ecc407e3c0\brasilian animal cumshot sleeping .mpeg.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\cumshot [milf] vagina (Curtney,Gina).mpg.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-composable-sharepicker_31bf3856ad364e35_10.0.19041.1_none_c87e96327faffd0e\gang bang gay hot (!) ash penetration .mpeg.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_it-it_bdb6c49fcea35732\fetish cumshot [milf] nipples beautyfull (Ashley,Jade).avi.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\fetish big .mpg.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_de-de_bc04d4fbcc35e12a\swedish gang bang fucking catfight nipples sm .zip.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_67a96afcfa248327\french bukkake masturbation ejaculation .mpg.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_fe0807c37141be7a\tyrkish lingerie hot (!) cock .rar.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.906_none_f962ab5f47e1e896\beast voyeur traffic .zip.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_5abbd3c4a3f2014c\chinese lingerie animal sleeping girly (Jenna,Kathrin).mpg.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1202_none_e2f5ebbcec2d8fca\african gay full movie feet .rar.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_10.0.19041.1_none_de1581e9a275faf8\fetish cumshot full movie swallow (Tatjana,Kathrin).mpeg.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2280 wrote to memory of 4068 N/A C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe
PID 2280 wrote to memory of 4068 N/A C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe
PID 2280 wrote to memory of 4068 N/A C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe
PID 2280 wrote to memory of 1756 N/A C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe
PID 2280 wrote to memory of 1756 N/A C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe
PID 2280 wrote to memory of 1756 N/A C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe
PID 4068 wrote to memory of 3276 N/A C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe
PID 4068 wrote to memory of 3276 N/A C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe
PID 4068 wrote to memory of 3276 N/A C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe

Processes

C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe

"C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe"

C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe

"C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe"

C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe

"C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe"

C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe

"C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 0.204.248.87.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 159.113.53.23.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 217.185.23.127.in-addr.arpa udp
US 8.8.8.8:53 98.56.20.217.in-addr.arpa udp
US 8.8.8.8:53 155.234.118.182.in-addr.arpa udp
US 8.8.8.8:53 125.59.213.7.in-addr.arpa udp
US 8.8.8.8:53 233.195.165.92.in-addr.arpa udp
US 8.8.8.8:53 116.248.74.112.in-addr.arpa udp
US 8.8.8.8:53 222.90.78.66.in-addr.arpa udp
US 8.8.8.8:53 52.114.89.143.in-addr.arpa udp
US 8.8.8.8:53 10.8.151.84.in-addr.arpa udp
US 8.8.8.8:53 228.112.23.31.in-addr.arpa udp
US 8.8.8.8:53 76.245.204.137.in-addr.arpa udp
US 8.8.8.8:53 131.115.209.252.in-addr.arpa udp
US 8.8.8.8:53 251.7.16.88.in-addr.arpa udp
US 8.8.8.8:53 240.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 223.84.18.250.in-addr.arpa udp
US 8.8.8.8:53 250.88.33.152.in-addr.arpa udp
US 8.8.8.8:53 72.228.199.5.in-addr.arpa udp
US 8.8.8.8:53 78.175.102.194.in-addr.arpa udp
US 8.8.8.8:53 2.28.208.235.in-addr.arpa udp
US 8.8.8.8:53 206.178.215.197.in-addr.arpa udp
US 8.8.8.8:53 119.207.173.227.in-addr.arpa udp
US 8.8.8.8:53 189.62.218.235.in-addr.arpa udp
US 8.8.8.8:53 180.34.150.165.in-addr.arpa udp
US 8.8.8.8:53 110.228.71.181.in-addr.arpa udp
US 8.8.8.8:53 37.35.214.161.in-addr.arpa udp
US 8.8.8.8:53 228.35.54.122.in-addr.arpa udp
US 8.8.8.8:53 183.72.79.78.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 192.37.226.49.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 143.242.87.107.in-addr.arpa udp
US 8.8.8.8:53 41.113.15.172.in-addr.arpa udp
US 8.8.8.8:53 239.170.47.203.in-addr.arpa udp
US 8.8.8.8:53 188.191.61.45.in-addr.arpa udp
US 8.8.8.8:53 29.130.113.234.in-addr.arpa udp
US 8.8.8.8:53 215.127.76.137.in-addr.arpa udp
US 8.8.8.8:53 198.212.204.118.in-addr.arpa udp
US 8.8.8.8:53 7.70.74.195.in-addr.arpa udp
US 8.8.8.8:53 36.110.188.158.in-addr.arpa udp
US 8.8.8.8:53 91.132.180.6.in-addr.arpa udp
US 8.8.8.8:53 27.100.227.170.in-addr.arpa udp
US 8.8.8.8:53 66.9.249.194.in-addr.arpa udp
US 8.8.8.8:53 170.103.182.131.in-addr.arpa udp
US 8.8.8.8:53 190.245.250.65.in-addr.arpa udp
US 8.8.8.8:53 169.238.180.106.in-addr.arpa udp
US 8.8.8.8:53 154.93.253.185.in-addr.arpa udp
US 8.8.8.8:53 23.45.122.75.in-addr.arpa udp
US 8.8.8.8:53 11.49.173.25.in-addr.arpa udp
US 8.8.8.8:53 130.31.252.81.in-addr.arpa udp
US 8.8.8.8:53 230.140.47.188.in-addr.arpa udp
US 8.8.8.8:53 75.143.135.245.in-addr.arpa udp
US 8.8.8.8:53 157.178.23.127.in-addr.arpa udp
US 8.8.8.8:53 151.22.179.126.in-addr.arpa udp
US 8.8.8.8:53 214.145.174.39.in-addr.arpa udp
US 8.8.8.8:53 74.131.255.234.in-addr.arpa udp
US 8.8.8.8:53 85.178.234.51.in-addr.arpa udp
US 8.8.8.8:53 26.69.31.148.in-addr.arpa udp
US 8.8.8.8:53 207.150.127.131.in-addr.arpa udp
US 8.8.8.8:53 113.244.216.20.in-addr.arpa udp
US 8.8.8.8:53 188.194.197.126.in-addr.arpa udp
US 8.8.8.8:53 112.191.244.250.in-addr.arpa udp
US 8.8.8.8:53 9.59.193.138.in-addr.arpa udp
US 8.8.8.8:53 148.34.100.34.in-addr.arpa udp
US 8.8.8.8:53 134.85.123.38.in-addr.arpa udp
US 8.8.8.8:53 41.217.187.35.in-addr.arpa udp
US 8.8.8.8:53 251.212.124.72.in-addr.arpa udp

Files

memory/2280-0-0x0000000000400000-0x000000000041C000-memory.dmp

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\african fucking trambling girls 40+ (Samantha).mpeg.exe

MD5 92dfba0c112e45df1ce9c2678249337f
SHA1 aee3e67e63278ee5f65db861c170cfe0e614a1e8
SHA256 3a776e9b4edd824b12a67a19db8cfeb5d9dbb505a0ecee447da12f2c28f9c2de
SHA512 e9df68870488e528b95722469fa5486463d247c5cf752d76f5081ca9dcd288170f9c76ad6a0f3135a4352895e640e2fee62633714439531d24d5b731afccc830

memory/1756-163-0x0000000000400000-0x000000000041C000-memory.dmp

memory/3276-167-0x0000000000400000-0x000000000041C000-memory.dmp

memory/2280-183-0x0000000000400000-0x000000000041C000-memory.dmp

memory/4068-184-0x0000000000400000-0x000000000041C000-memory.dmp

memory/1756-185-0x0000000000400000-0x000000000041C000-memory.dmp

memory/2280-188-0x0000000000400000-0x000000000041C000-memory.dmp

memory/2280-189-0x0000000000400000-0x000000000041C000-memory.dmp

memory/2280-195-0x0000000000400000-0x000000000041C000-memory.dmp

memory/2280-205-0x0000000000400000-0x000000000041C000-memory.dmp

memory/2280-209-0x0000000000400000-0x000000000041C000-memory.dmp

memory/2280-214-0x0000000000400000-0x000000000041C000-memory.dmp

memory/2280-218-0x0000000000400000-0x000000000041C000-memory.dmp

memory/2280-222-0x0000000000400000-0x000000000041C000-memory.dmp

memory/2280-226-0x0000000000400000-0x000000000041C000-memory.dmp

memory/2280-230-0x0000000000400000-0x000000000041C000-memory.dmp

memory/2280-234-0x0000000000400000-0x000000000041C000-memory.dmp

memory/2280-238-0x0000000000400000-0x000000000041C000-memory.dmp

memory/2280-242-0x0000000000400000-0x000000000041C000-memory.dmp

memory/2280-246-0x0000000000400000-0x000000000041C000-memory.dmp