Malware Analysis Report

2024-11-15 06:06

Sample ID 240407-yccp7ach58
Target 29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae
SHA256 29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae
Tags
upx persistence spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae

Threat Level: Known bad

The file 29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae was found to be: Known bad.

Malicious Activity Summary

upx persistence spyware stealer

UPX dump on OEP (original entry point)

UPX dump on OEP (original entry point)

Detects executables containing possible sandbox analysis VM usernames

Checks computer location settings

UPX packed file

Reads user/profile data of web browsers

Enumerates connected drives

Adds Run key to start application

Drops file in System32 directory

Drops file in Program Files directory

Drops file in Windows directory

Enumerates physical storage devices

Unsigned PE

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-07 19:38

Signatures

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-07 19:38

Reported

2024-04-07 19:40

Platform

win7-20240221-en

Max time kernel

150s

Max time network

155s

Command Line

"C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe"

Signatures

Detects executables containing possible sandbox analysis VM usernames

Description Indicator Process Target
N/A N/A N/A N/A

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\IME\shared\canadian gay catfight castration (Christine).avi.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\cumshot lesbian bedroom .mpg.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Windows\System32\DriverStore\Temp\german blowjob horse voyeur cock penetration .zip.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\spanish cumshot fetish masturbation vagina balls (Karin,Ashley).mpg.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Windows\SysWOW64\IME\shared\african gang bang blowjob [free] nipples shower .rar.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Windows\System32\LogFiles\Fax\Incoming\spanish cumshot licking glans upskirt (Ashley).mpeg.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\beast catfight 50+ .rar.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\british porn fucking [free] .mpeg.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\norwegian cumshot lesbian catfight 40+ .zip.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\tyrkish lingerie porn sleeping shoes .rar.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Microsoft Office\Templates\norwegian trambling kicking [bangbus] cock .mpeg.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Program Files\DVD Maker\Shared\horse sperm voyeur beautyfull .mpeg.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\french bukkake fucking catfight YEâPSè& (Britney).mpg.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\tyrkish handjob hidden .rar.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\danish porn blowjob licking hole granny .mpeg.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\chinese action hot (!) (Sarah).rar.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\malaysia action sleeping hotel (Britney).rar.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\lesbian kicking voyeur ash (Sonja).avi.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Program Files (x86)\Google\Temp\handjob lesbian shower .mpg.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Program Files (x86)\Google\Update\Download\german horse kicking several models .mpg.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Program Files\Windows Journal\Templates\action beastiality girls .zip.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Program Files\Windows Sidebar\Shared Gadgets\nude hidden (Jade).mpeg.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\fucking fucking hot (!) .mpg.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\brasilian cumshot uncut castration .mpeg.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\danish gang bang fetish public glans .zip.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_bcc167434bb9b3ea\brasilian trambling catfight boobs .mpg.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_6.1.7600.16385_none_49dd84a06c7c8863\nude catfight stockings .mpeg.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_f3c374fc18118ca2\hardcore cumshot licking .mpg.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_515dc677700303ec\japanese hardcore horse licking lady (Tatjana,Melissa).zip.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_3d98a610fed70b75\indian gang bang voyeur cock .zip.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_7bfdfb15e7184c41\trambling hot (!) sweet .mpeg.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-m..-temptable-provider_31bf3856ad364e35_6.1.7600.16385_none_1dd3ce8d1e7524cd\cumshot catfight .avi.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0993a1b8823a4e79\hardcore hardcore voyeur swallow .avi.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_387a16fe7addf3b6\chinese fetish lesbian hot (!) feet wifey .rar.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\cumshot hot (!) ash ejaculation (Britney,Christine).mpg.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Windows\winsxs\InstallTemp\japanese nude sperm sleeping glans circumcision .mpg.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_60a2cbbf935c42b4\gay blowjob public .rar.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\african bukkake cum [milf] penetration .zip.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_4fe2107fd06efdd8\lingerie trambling hidden legs beautyfull (Anniston).avi.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_3b85bcbe4734e96a\japanese sperm nude [bangbus] wifey .zip.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_05ea1d9b8e2bf020\canadian gang bang trambling big feet mistress (Jenna).rar.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\indian xxx masturbation upskirt .avi.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0ac4ebfc358e5ec0\horse catfight .avi.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Windows\winsxs\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_39374e2435a71b47\asian lingerie masturbation cock circumcision .mpeg.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_6.1.7600.16385_none_6377027f0030a06a\trambling hot (!) bondage .rar.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_aedaf3947d09fbe5\african xxx beast lesbian .rar.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\chinese fetish public glans .zip.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\indian trambling public legs latex .mpg.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Windows\assembly\temp\handjob [free] castration .avi.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_657d9a203abeb154\gay sleeping (Jenna,Karin).zip.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_6.1.7600.16385_none_5499606faffb3f9f\animal public bondage .mpeg.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_60c2504d62fd4f0e\japanese hardcore cum licking lady .rar.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_94ab98ac6d213009\african fucking hardcore several models femdom .zip.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\trambling catfight sm .rar.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\african lingerie porn catfight tÛ .avi.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_d81c96999f75bd77\handjob licking .avi.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Windows\winsxs\Temp\canadian trambling cumshot voyeur shower .rar.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\spanish cum hardcore big sweet .avi.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f25d066604c2ad34\gay lesbian hotel (Sonja).avi.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_6.1.7600.16385_none_a727eb798dcfb185\british lingerie [milf] titts ejaculation (Sonja,Sonja).rar.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Windows\mssrv.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\spanish fetish horse [free] feet stockings .rar.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0835101f2d90c7b6\spanish fucking several models mistress (Curtney,Gina).mpeg.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8d9f242de8497d58\handjob licking young (Sylvia).rar.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_095efe9c8261401e\danish fucking masturbation legs (Janette).avi.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\beastiality sperm [bangbus] Ôë .rar.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\japanese xxx [milf] vagina boots .zip.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a3772de7111797da\gang bang hardcore masturbation .mpg.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\norwegian blowjob beast hidden ejaculation .rar.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0af98f1835676d1b\tyrkish sperm lesbian hot (!) granny .avi.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_6.1.7600.16385_none_2958d4a31d2ec64f\swedish beastiality [milf] bedroom (Jenna,Janette).mpeg.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e30b5ec05031d17d\canadian action public black hairunshaved .rar.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\canadian fucking blowjob several models castration .rar.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\tyrkish action hidden black hairunshaved (Melissa,Sonja).zip.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\action full movie leather .mpg.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_94828572f7ddbf0f\french hardcore hidden shoes (Kathrin,Sylvia).rar.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_2e7f079c3208e549\spanish beastiality girls hairy .mpg.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_ddab3bcb3a4ffb45\gang bang masturbation nipples .avi.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_39c9d74ef2ad6c7b\sperm porn [free] young (Melissa,Karin).mpeg.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_f0ca3430257ea13f\japanese gay fetish catfight (Sandy).zip.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\indian trambling gay [bangbus] .mpeg.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_65b23d3c3a97bfaf\russian horse sleeping penetration (Kathrin,Sarah).zip.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_6208b91f46896156\german sperm hardcore hidden hairy .rar.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2fc4a33adb648f33\brasilian fucking full movie .avi.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ad7c61fb28607522\horse trambling uncut granny (Kathrin,Ashley).zip.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ac16749b75335680\canadian bukkake cum girls .mpg.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Windows\PLA\Templates\british kicking licking (Jenna,Janette).avi.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\italian gang bang catfight legs (Tatjana,Britney).mpg.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ea4a469ab7713182\action animal public femdom .mpg.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1280 wrote to memory of 2136 N/A C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe
PID 1280 wrote to memory of 2136 N/A C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe
PID 1280 wrote to memory of 2136 N/A C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe
PID 1280 wrote to memory of 2136 N/A C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe
PID 2136 wrote to memory of 1760 N/A C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe
PID 2136 wrote to memory of 1760 N/A C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe
PID 2136 wrote to memory of 1760 N/A C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe
PID 2136 wrote to memory of 1760 N/A C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe
PID 1280 wrote to memory of 3064 N/A C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe
PID 1280 wrote to memory of 3064 N/A C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe
PID 1280 wrote to memory of 3064 N/A C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe
PID 1280 wrote to memory of 3064 N/A C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe

Processes

C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe

"C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe"

C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe

"C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe"

C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe

"C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe"

C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe

"C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 230.129.56.28.in-addr.arpa udp
US 8.8.8.8:53 202.253.12.76.in-addr.arpa udp
US 8.8.8.8:53 212.80.158.138.in-addr.arpa udp
US 8.8.8.8:53 166.34.71.2.in-addr.arpa udp
US 8.8.8.8:53 23.241.172.92.in-addr.arpa udp
US 8.8.8.8:53 109.134.10.57.in-addr.arpa udp
US 8.8.8.8:53 79.38.103.140.in-addr.arpa udp
US 8.8.8.8:53 30.253.56.187.in-addr.arpa udp
US 8.8.8.8:53 91.75.97.149.in-addr.arpa udp
US 8.8.8.8:53 191.81.205.13.in-addr.arpa udp
US 8.8.8.8:53 205.111.43.192.in-addr.arpa udp
US 8.8.8.8:53 195.205.251.213.in-addr.arpa udp
US 8.8.8.8:53 34.217.152.86.in-addr.arpa udp
US 8.8.8.8:53 125.251.158.31.in-addr.arpa udp
US 8.8.8.8:53 232.220.28.37.in-addr.arpa udp
US 8.8.8.8:53 238.55.104.24.in-addr.arpa udp
US 8.8.8.8:53 181.77.96.214.in-addr.arpa udp
US 8.8.8.8:53 167.192.99.119.in-addr.arpa udp
US 8.8.8.8:53 240.45.152.240.in-addr.arpa udp
US 8.8.8.8:53 3.222.236.108.in-addr.arpa udp
US 8.8.8.8:53 67.66.60.123.in-addr.arpa udp

Files

memory/1280-0-0x0000000000400000-0x0000000000429000-memory.dmp

C:\Program Files\Windows Sidebar\Shared Gadgets\nude hidden (Jade).mpeg.exe

MD5 b8afe33aba4aae0d3f8fc6caa63d7fbf
SHA1 1f472bd95120ed7313b36f08d125621cd8ab0e8c
SHA256 788a7948afa5826ce6584212669f52279b29620d24c677cddbaae22463694ad1
SHA512 f2e20dc32ad8368d1423fbaa463aba86b400b21a69697878362a41d03355a5ee9601a89611d50c1a7fcc2a981bd8cec0d44df80edb2d50c2332e987a463f7ce9

memory/1280-8-0x0000000001EB0000-0x0000000001ED9000-memory.dmp

memory/2136-9-0x0000000000400000-0x0000000000429000-memory.dmp

memory/2136-48-0x00000000047C0000-0x00000000047E9000-memory.dmp

memory/1760-49-0x0000000000400000-0x0000000000429000-memory.dmp

memory/3064-50-0x0000000000400000-0x0000000000429000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-04-07 19:38

Reported

2024-04-07 19:41

Platform

win10v2004-20240226-en

Max time kernel

151s

Max time network

143s

Command Line

"C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe"

Signatures

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\DriverStore\Temp\horse public girly .mpeg.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\japanese cum lesbian lesbian cock (Anniston,Liz).rar.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Windows\System32\LogFiles\Fax\Incoming\horse girls feet mature (Janette).mpg.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\gay full movie .rar.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\russian handjob xxx several models feet beautyfull .avi.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\black nude beast catfight mature (Ashley,Janette).mpeg.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\trambling full movie feet bedroom .zip.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\xxx catfight hairy .avi.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Windows\SysWOW64\IME\SHARED\gay lesbian cock latex (Janette).rar.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\swedish cum lingerie licking hole bedroom (Melissa).rar.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\xxx [free] glans .zip.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Windows\SysWOW64\IME\SHARED\hardcore licking cock circumcision .mpg.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\danish action beast hidden .rar.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Program Files (x86)\Google\Temp\danish cum lingerie full movie ejaculation .mpg.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\lesbian several models pregnant .mpeg.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\lingerie uncut .avi.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\trambling hidden (Tatjana).zip.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Program Files\Windows Sidebar\Shared Gadgets\brasilian nude bukkake hidden .mpeg.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\russian cum lesbian hot (!) hairy .zip.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Program Files (x86)\Google\Update\Download\american animal horse licking .mpeg.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Program Files\Common Files\microsoft shared\xxx hidden feet .mpeg.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\fucking full movie boots .rar.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Program Files\Microsoft Office\Updates\Download\lingerie masturbation femdom .rar.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\gay [milf] (Jade).mpg.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Install\{1FAC69E2-6A78-4418-8957-20DE7094BB95}\EDGEMITMP_86547.tmp\bukkake girls cock .mpeg.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\italian beastiality hardcore [free] .zip.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Program Files\dotnet\shared\trambling big swallow .zip.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\italian fetish gay sleeping young .zip.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\indian kicking beast lesbian .avi.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\beast [free] .mpg.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\black gang bang horse girls pregnant .avi.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_19d22204a1f3fcaf\asian beast [milf] redhair .avi.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_de-de_3d077a9cd5de5151\german fucking hot (!) hole .mpg.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_it-it_f1a0741e853eda74\norwegian gay girls glans .mpeg.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedpc-sharedpccsp_31bf3856ad364e35_10.0.19041.746_none_4cfe603abbcbfd86\blowjob [free] (Curtney).zip.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Windows\SoftwareDistribution\Download\indian kicking trambling [milf] titts .zip.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.867_en-us_49453482f1fb5356\norwegian bukkake hot (!) (Janette).rar.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_5b152a8d329397ec\horse xxx uncut swallow (Anniston,Janette).zip.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1288_none_ca3007304990b2ea\fetish gay [milf] cock .rar.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.1_none_abfc9db6c377b91f\cumshot lesbian big (Tatjana).zip.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.1_none_6e0e425bd0e83959\porn horse masturbation traffic .zip.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedpc-sharedpccsp_31bf3856ad364e35_10.0.19041.1_none_24f622f1fc5a3f3c\japanese cumshot trambling hot (!) titts .rar.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_en-us_8dd6053a0a5910eb\african xxx [bangbus] feet upskirt .mpg.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Windows\mssrv.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Windows\security\templates\swedish kicking blowjob [bangbus] titts .zip.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ces-ime-eashared-lm_31bf3856ad364e35_10.0.19041.1_none_3d0229d17c310f10\beast big titts stockings .zip.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.1_none_f42978969c79336a\danish gang bang beast hot (!) girly .mpeg.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_07787dd7ae0cf4f6\action xxx public ejaculation (Christine,Karin).mpg.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_8d8f6812a0c99533\malaysia horse sleeping hotel .zip.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_fad1fa0072ef4a3a\gay several models .mpg.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-composable-sharepicker_31bf3856ad364e35_10.0.19041.1_none_c87e96327faffd0e\russian kicking sperm uncut hole .avi.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_es-es_30d7585a049f5b52\british lesbian full movie hairy .mpeg.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_ab42fb092bda9182\german beast [free] glans ejaculation .avi.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_10.0.19041.1_none_ee94ce5eb8e7e4c0\asian sperm licking circumcision .mpg.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.1_none_4a03fd12cb3f16c2\porn fucking big YEâPSè& .mpeg.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\tyrkish handjob lingerie hidden (Liz).mpg.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d38ece58f77171b4\fucking lesbian cock .zip.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..mon-sharedresources_31bf3856ad364e35_10.0.19041.1_none_5417ea1f38dbb76b\malaysia xxx sleeping .rar.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_de-de_16bd831fd16633be\black action beast lesbian .avi.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.1_none_c6da8048542fddc7\bukkake hot (!) leather .mpg.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Windows\WinSxS\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_10.0.19041.1_none_359f84f8e5af60e2\chinese trambling big 40+ .mpeg.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_6c6bd34f082a97f1\animal trambling hidden .rar.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Windows\assembly\temp\swedish fetish blowjob hot (!) cock redhair (Tatjana).mpg.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\Downloads\black handjob gay several models hairy .rar.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_855aff45853749ef\american gang bang hardcore girls boots .mpg.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.746_none_d404daff82e97769\canadian xxx licking sweet .zip.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_10.0.19041.1_none_01240756137c3159\german sperm [milf] (Melissa).avi.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Windows\WinSxS\msil_microsoft.powershel..filedownloadmanager_31bf3856ad364e35_10.0.19041.1_none_cb69bad627df9263\black nude fucking big feet pregnant (Jade).mpg.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Windows\SystemResources\Windows.ShellCommon.SharedResources\american handjob xxx voyeur .rar.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_7860bee9439c3ae7\tyrkish cumshot horse uncut hole boots .mpg.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.789_en-us_58ebf9ecc407e3c0\cum blowjob big titts .mpeg.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Windows\WinSxS\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_10.0.19041.1_none_03040a328f65b761\african fucking [bangbus] hole mistress .zip.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_8fafa997b9980bea\italian porn lesbian hidden (Janette).avi.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_fe0807c37141be7a\french trambling public (Jade).rar.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_bfae5918c0443f83\gang bang lesbian public cock hotel (Sarah).rar.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1_none_97e9c0335b4cd39a\british trambling voyeur swallow .rar.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-security-ntlmshared_31bf3856ad364e35_10.0.19041.1_none_734900fc110387b6\american nude xxx [bangbus] shower (Britney,Sarah).mpeg.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5fdc43acc1be690d\horse fucking full movie (Jade).rar.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..s-ime-eashared-ihds_31bf3856ad364e35_10.0.19041.1_none_e8996b7d3512363f\norwegian fucking licking circumcision .zip.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_fd7349c396c417ae\malaysia sperm [bangbus] Ôï .avi.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_de-de_bc04d4fbcc35e12a\french xxx girls feet swallow .avi.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_10.0.19041.1_none_096bb4dc0d5d63a0\nude gay hidden (Tatjana).mpg.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\japanese fetish bukkake full movie glans .rar.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\Downloads\danish beastiality blowjob public .zip.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_211cf1c632a13851\sperm several models cock beautyfull .avi.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Windows\WinSxS\amd64_netfx4-_dataoraclec.._shared12_neutral_h_b03f5f7f11d50a3a_4.0.15805.0_none_3b8d4dacc2ea6b71\nude xxx [bangbus] cock upskirt (Tatjana).rar.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c3d467c525734eb3\nude gay big (Sylvia).mpg.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..se-shared-datafiles_31bf3856ad364e35_10.0.19041.1_none_2f5f00d280dce9f6\swedish porn horse catfight hole balls (Sarah).mpeg.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_it-it_72a319bf8ee74a9b\british gay masturbation latex .mpg.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedrealitysvc_31bf3856ad364e35_10.0.19041.1_none_5a23b464e1e0b15e\spanish blowjob voyeur .mpg.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_10.0.19041.746_none_292c449ed2edefa3\norwegian horse several models glans .rar.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\danish fetish lesbian hidden glans hotel (Sarah).avi.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Windows\assembly\tmp\black handjob blowjob hot (!) blondie .zip.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\horse several models cock .rar.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_de-de_e4e52f411b7b0526\indian beastiality lesbian masturbation .mpeg.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1592 wrote to memory of 1416 N/A C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe
PID 1592 wrote to memory of 1416 N/A C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe
PID 1592 wrote to memory of 1416 N/A C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe
PID 1592 wrote to memory of 4484 N/A C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe
PID 1592 wrote to memory of 4484 N/A C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe
PID 1592 wrote to memory of 4484 N/A C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe
PID 1416 wrote to memory of 3968 N/A C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe
PID 1416 wrote to memory of 3968 N/A C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe
PID 1416 wrote to memory of 3968 N/A C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe

Processes

C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe

"C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe"

C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe

"C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe"

C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe

"C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe"

C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe

"C:\Users\Admin\AppData\Local\Temp\29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4100 --field-trial-handle=3084,i,11997299123381683778,5904351605020331957,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 2.159.190.20.in-addr.arpa udp
NL 52.142.223.178:80 tcp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
DE 142.250.186.170:443 chromewebstore.googleapis.com tcp
US 8.8.8.8:53 170.186.250.142.in-addr.arpa udp

Files

memory/1592-0-0x0000000000400000-0x0000000000429000-memory.dmp

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\indian kicking beast lesbian .avi.exe

MD5 0cf8f6a5a6b94aee9977144bfb646de3
SHA1 5ec0a382a6d295446f2477d9e664d66bba35d953
SHA256 bab7aa782318d279745474ed230dd91ee6b4b1556498e90511800b8581464fa1
SHA512 e8b904cb5669da34ac3385d54ce9fc3e241471f202a4d1b32e7311dd1dc47e67010fb0b98942fde7f20aece6ec4b497cc9cc8083d6a32138490a135f0bdecb37

memory/1416-11-0x0000000000400000-0x0000000000429000-memory.dmp

memory/4484-28-0x0000000000400000-0x0000000000429000-memory.dmp

memory/3968-29-0x0000000000400000-0x0000000000429000-memory.dmp