Malware Analysis Report

2024-11-15 06:06

Sample ID 240407-ycmv6ach67
Target 29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d
SHA256 29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d
Tags
upx persistence spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d

Threat Level: Known bad

The file 29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d was found to be: Known bad.

Malicious Activity Summary

upx persistence spyware stealer

UPX dump on OEP (original entry point)

Detects executables containing possible sandbox analysis VM usernames

UPX dump on OEP (original entry point)

Reads user/profile data of web browsers

UPX packed file

Checks computer location settings

Enumerates connected drives

Adds Run key to start application

Drops file in System32 directory

Drops file in Windows directory

Drops file in Program Files directory

Unsigned PE

Enumerates physical storage devices

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-07 19:38

Signatures

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-07 19:38

Reported

2024-04-07 19:41

Platform

win7-20240221-en

Max time kernel

150s

Max time network

149s

Command Line

"C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe"

Signatures

Detects executables containing possible sandbox analysis VM usernames

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\DriverStore\Temp\tyrkish beastiality horse several models pregnant .mpg.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\gay hidden stockings .mpeg.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\italian gang bang lesbian licking hole .rar.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Windows\SysWOW64\IME\shared\danish porn blowjob sleeping hole circumcision .rar.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\japanese kicking hardcore girls hotel .avi.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\brasilian porn bukkake [milf] girly .mpeg.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\indian beastiality gay hot (!) .rar.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Windows\SysWOW64\IME\shared\xxx hot (!) (Janette).zip.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Windows\System32\LogFiles\Fax\Incoming\italian animal horse [bangbus] granny .zip.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\blowjob catfight feet .mpeg.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\italian gang bang sperm voyeur (Tatjana).zip.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Program Files\Windows Sidebar\Shared Gadgets\trambling [bangbus] sweet (Sonja,Curtney).rar.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\gay sleeping castration .mpeg.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Program Files (x86)\Google\Temp\american fetish sperm public feet .mpg.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\sperm [milf] .mpg.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\blowjob hidden hole .rar.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\black nude blowjob lesbian hole .zip.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\japanese porn bukkake hot (!) ejaculation (Sonja,Jade).mpeg.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Program Files\DVD Maker\Shared\tyrkish porn gay uncut glans swallow .zip.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Program Files\Windows Journal\Templates\fucking [milf] feet .avi.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Program Files (x86)\Google\Update\Download\brasilian porn xxx voyeur glans .mpeg.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\lingerie hidden stockings .mpg.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\indian fetish trambling full movie (Karin).zip.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\lingerie voyeur .rar.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\american kicking horse [bangbus] .mpg.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\fucking hot (!) girly .mpg.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Windows\assembly\temp\swedish action beast voyeur .avi.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Windows\PLA\Templates\brasilian cum sperm hot (!) titts wifey .zip.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_657d9a203abeb154\french beast masturbation fishy .mpg.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ea4a469ab7713182\british fucking several models latex .mpg.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_de-de_5803850b2f40840e\british hardcore licking femdom .avi.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_6.1.7600.16385_none_6377027f0030a06a\japanese fetish sperm hot (!) .mpeg.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8bc7919d3f36cee7\horse masturbation hole castration .mpg.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\black porn gay [free] titts pregnant (Melissa).avi.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\american action gay uncut .avi.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2fc4a33adb648f33\danish nude trambling catfight YEâPSè& .zip.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_6.1.7600.16385_none_5499606faffb3f9f\russian porn hardcore public feet young .avi.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_60a2cbbf935c42b4\german lingerie hot (!) feet young (Curtney).mpeg.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_94ab98ac6d213009\asian gay voyeur circumcision .zip.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5d9f7d70ed4643fd\nude xxx several models glans .avi.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_6208b91f46896156\asian blowjob [free] 40+ .rar.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_965db382b6fef5cb\lingerie sleeping stockings .mpg.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_aea650787d30ed8a\tyrkish gang bang blowjob masturbation traffic .rar.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_f27c4f066f5c6701\xxx catfight femdom .mpg.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_en-us_00f45b041e1e8fd3\swedish horse hardcore uncut cock gorgeoushorny .avi.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_6.1.7600.16385_none_49dd84a06c7c8863\asian fucking [bangbus] ash .rar.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_6.1.7600.16385_none_a727eb798dcfb185\nude fucking hot (!) feet shower .zip.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\sperm lesbian femdom .mpg.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\bukkake [milf] .mpg.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_it-it_18a6fde3093acac7\kicking xxx public (Curtney).mpeg.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_05ea1d9b8e2bf020\russian cum fucking voyeur titts .mpeg.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\Downloads\russian cumshot trambling masturbation traffic .zip.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_6.1.7600.16385_none_af6f98ff87b0e3cc\porn horse public girly .zip.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\italian cumshot horse girls beautyfull .rar.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_bcc167434bb9b3ea\trambling public feet granny (Tatjana).avi.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0ac4ebfc358e5ec0\xxx public titts redhair (Karin).zip.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\gay voyeur hole sweet .avi.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_1412267f4b3bb985\italian action trambling hidden feet bondage .avi.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_f3c374fc18118ca2\asian fucking big sweet .avi.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_515dc677700303ec\american cum gay several models young (Sonja,Jade).mpeg.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\indian cumshot lesbian [milf] hole boots .rar.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\black animal trambling hot (!) titts .rar.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_39c9d74ef2ad6c7b\action blowjob lesbian titts wifey .avi.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Windows\winsxs\InstallTemp\asian beast full movie .zip.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05\kicking hardcore licking high heels .rar.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_d81c96999f75bd77\russian kicking fucking public hairy .rar.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_65b23d3c3a97bfaf\british lingerie full movie hole wifey .mpg.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_34400a5790d1d336\lingerie several models titts shoes (Janette).avi.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_6b16fa9f975e1109\action hardcore big cock .rar.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_7bfdfb15e7184c41\chinese lingerie [milf] titts femdom .rar.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_3d98a610fed70b75\american gang bang lingerie public (Melissa).mpeg.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_4fe2107fd06efdd8\horse fucking public feet bondage .mpg.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_00225053e03f4c04\german gay [milf] latex (Gina,Tatjana).avi.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8bfc34b93f0fdd42\british bukkake sleeping shoes .mpeg.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_97a45841ff925aa0\spanish hardcore several models ejaculation (Gina,Melissa).mpg.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_79642285ffd2a388\spanish hardcore full movie feet lady .rar.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_3b85bcbe4734e96a\german hardcore sleeping .zip.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\swedish nude bukkake sleeping 40+ .zip.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_99b74194b7347cab\black action trambling hot (!) hole (Christine,Curtney).avi.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b4aea777fe683838\porn bukkake [bangbus] glans (Christine,Melissa).mpg.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5d6ada54ed6d35a2\fucking big titts blondie .mpg.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0af98f1835676d1b\blowjob public gorgeoushorny .avi.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_9498b282333b64ec\french xxx licking pregnant .mpeg.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_3863e9ef3f804dd9\african trambling uncut (Sarah).zip.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Windows\Downloaded Program Files\swedish action beast girls balls .rar.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_d8216ed3d8746200\american handjob trambling girls bedroom .zip.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_ddab3bcb3a4ffb45\british lingerie voyeur feet (Britney,Sarah).zip.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_b7f38afb92de484f\german bukkake [milf] feet .rar.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\brasilian gang bang hardcore uncut .rar.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2000 wrote to memory of 2928 N/A C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe
PID 2000 wrote to memory of 2928 N/A C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe
PID 2000 wrote to memory of 2928 N/A C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe
PID 2000 wrote to memory of 2928 N/A C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe
PID 2928 wrote to memory of 2436 N/A C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe
PID 2928 wrote to memory of 2436 N/A C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe
PID 2928 wrote to memory of 2436 N/A C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe
PID 2928 wrote to memory of 2436 N/A C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe

Processes

C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe

"C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe"

C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe

"C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe"

C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe

"C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 145.141.50.73.in-addr.arpa udp
US 8.8.8.8:53 226.203.210.56.in-addr.arpa udp
US 8.8.8.8:53 170.49.131.55.in-addr.arpa udp
US 8.8.8.8:53 162.228.52.250.in-addr.arpa udp
US 8.8.8.8:53 70.53.2.151.in-addr.arpa udp
US 8.8.8.8:53 171.99.115.110.in-addr.arpa udp
US 8.8.8.8:53 87.222.42.203.in-addr.arpa udp
US 8.8.8.8:53 107.20.122.159.in-addr.arpa udp
US 8.8.8.8:53 111.14.19.171.in-addr.arpa udp
US 8.8.8.8:53 193.35.198.231.in-addr.arpa udp
US 8.8.8.8:53 43.254.71.136.in-addr.arpa udp
US 8.8.8.8:53 51.191.138.200.in-addr.arpa udp
US 8.8.8.8:53 188.74.193.60.in-addr.arpa udp
US 8.8.8.8:53 147.59.121.230.in-addr.arpa udp
US 8.8.8.8:53 33.186.26.232.in-addr.arpa udp
US 8.8.8.8:53 19.56.112.2.in-addr.arpa udp
US 8.8.8.8:53 236.247.170.38.in-addr.arpa udp
US 8.8.8.8:53 229.31.29.134.in-addr.arpa udp
US 8.8.8.8:53 86.176.176.134.in-addr.arpa udp
US 8.8.8.8:53 116.198.153.69.in-addr.arpa udp
US 8.8.8.8:53 128.101.38.54.in-addr.arpa udp
US 8.8.8.8:53 25.67.197.35.in-addr.arpa udp
US 8.8.8.8:53 186.131.141.35.in-addr.arpa udp
US 8.8.8.8:53 137.183.164.195.in-addr.arpa udp
US 8.8.8.8:53 45.196.181.203.in-addr.arpa udp
US 8.8.8.8:53 82.70.66.53.in-addr.arpa udp

Files

memory/2000-0-0x0000000000400000-0x0000000000420000-memory.dmp

C:\Program Files\Windows Sidebar\Shared Gadgets\trambling [bangbus] sweet (Sonja,Curtney).rar.exe

MD5 fd8b1b7d5c4afbb241a1213f94c0ed85
SHA1 c79ef0f6ddca54c7abdabb73b0776afaba5b7795
SHA256 bc00ee832a51c57a8736b985f0ea6dbbcf1b53a59320c023240736903568c422
SHA512 7b6e5a89c88119e55f127849e5eed0376fb51f943fe4cf727732f536540ba444f6753407ead4f92d965d24e06f4b3410f21be6c0fc562f20c2b93759459ff5c4

memory/2928-55-0x0000000000400000-0x0000000000420000-memory.dmp

memory/2000-53-0x00000000048D0000-0x00000000048F0000-memory.dmp

memory/2928-90-0x0000000004CD0000-0x0000000004CF0000-memory.dmp

memory/2436-91-0x0000000000400000-0x0000000000420000-memory.dmp

memory/2000-108-0x0000000000400000-0x0000000000420000-memory.dmp

memory/2000-110-0x00000000048D0000-0x00000000048F0000-memory.dmp

memory/2928-111-0x0000000000400000-0x0000000000420000-memory.dmp

memory/2928-112-0x0000000004CD0000-0x0000000004CF0000-memory.dmp

memory/2436-113-0x0000000000400000-0x0000000000420000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-04-07 19:38

Reported

2024-04-07 19:41

Platform

win10v2004-20240226-en

Max time kernel

150s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe"

Signatures

Detects executables containing possible sandbox analysis VM usernames

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\config\systemprofile\american blowjob big titts wifey .mpg.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\hardcore [milf] .rar.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\brasilian gang bang cum girls mistress (Ashley,Janette).rar.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\norwegian animal fetish sleeping .avi.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\canadian sperm lesbian 50+ .avi.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\cum catfight cock YEâPSè& .avi.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Windows\System32\DriverStore\Temp\horse [free] vagina .zip.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Windows\SysWOW64\IME\SHARED\spanish fucking licking traffic .mpg.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Windows\System32\LogFiles\Fax\Incoming\beastiality cumshot lesbian balls .mpg.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\cum kicking several models feet .mpeg.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Windows\SysWOW64\IME\SHARED\beast animal lesbian swallow .mpeg.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\african sperm beast lesbian .zip.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\black gang bang several models boobs mature .rar.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\tyrkish sperm masturbation castration .rar.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\hardcore cum girls wifey (Sylvia,Karin).mpeg.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Program Files\Common Files\microsoft shared\asian horse [bangbus] sm (Britney).zip.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Program Files\dotnet\shared\german xxx gay big gorgeoushorny (Ashley).zip.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\nude several models .zip.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Program Files\Microsoft Office\Updates\Download\spanish handjob masturbation sm .mpeg.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Program Files (x86)\Google\Update\Download\black beast girls vagina hairy .rar.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\malaysia cum xxx hidden penetration .zip.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\japanese horse big .zip.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\black fucking licking fishy .mpg.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\british action xxx hot (!) .avi.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\horse catfight castration .mpeg.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\canadian lingerie sleeping black hairunshaved .rar.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Program Files\Windows Sidebar\Shared Gadgets\asian gang bang girls .avi.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\bukkake horse full movie glans gorgeoushorny .avi.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\asian beastiality fetish [milf] mistress .mpeg.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Program Files (x86)\Google\Temp\american animal blowjob full movie (Ashley).zip.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_es-es_30d7585a049f5b52\spanish cum action several models .mpeg.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_ab42fb092bda9182\italian handjob lesbian granny (Jenna).mpeg.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_19d22204a1f3fcaf\cumshot lesbian voyeur hole fishy .zip.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_10.0.19041.1_none_4ac6500cab2b2113\japanese trambling fetish public fishy .avi.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.572_none_d9e58b774d1b6e80\horse handjob big .mpg.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Windows\Downloaded Program Files\nude full movie gorgeoushorny (Samantha,Karin).mpg.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_07787dd7ae0cf4f6\french action masturbation Ôï .mpeg.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Windows\WinSxS\msil_microsoft.powershel..filedownloadmanager_31bf3856ad364e35_10.0.19041.1_none_cb69bad627df9263\handjob fetish hidden .mpeg.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.844_none_67b5915b5651dd8a\trambling fucking hidden hairy .mpeg.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_1bbb9ab9fc52bac9\spanish gang bang full movie .mpeg.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.1_none_a80cea873b2a6772\blowjob hot (!) glans fishy .avi.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_2fe79eae2833b9b1\kicking masturbation .mpeg.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.572_none_cf90e12518baac85\japanese gay trambling [milf] ash .zip.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1_none_97e9c0335b4cd39a\french lingerie lesbian nipples penetration (Jade).mpg.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.1_none_abfc9db6c377b91f\canadian horse bukkake hot (!) lady (Sonja,Kathrin).mpeg.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.746_none_aaeae146be52e178\canadian kicking fucking full movie .mpg.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.84_none_cee95e04c201c860\british cumshot horse catfight traffic (Ashley).mpeg.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.84_none_81616275259e37fe\indian cumshot gang bang big .zip.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_en-us_e5f85095c4bc5d16\bukkake full movie ash .mpg.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\horse horse uncut .mpeg.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_89c0bf1761110f07\bukkake [free] titts (Britney).mpeg.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_887b2378b7b5651d\black beast [bangbus] latex .mpg.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_62312bfbb33d478a\brasilian beast licking Ôï .zip.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-m..ineshared.resources_31bf3856ad364e35_10.0.19041.1_en-us_99ddc8ce8d3d6dac\tyrkish gay [milf] feet wifey (Sylvia,Ashley).mpg.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_93c5f32b7859ec4f\malaysia porn full movie Ôï (Curtney,Samantha).rar.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Windows\WinSxS\amd64_netfx-aspnet-sharedcomponents_b03f5f7f11d50a3a_4.0.19041.1_none_47ca94859da20b28\french trambling lesbian legs stockings .mpeg.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Windows\WinSxS\amd64_netfx4-_dataperfcou.._shared12_neutral_h_b03f5f7f11d50a3a_4.0.15805.0_none_24ed4511dcc3019e\porn nude lesbian boobs 40+ (Melissa,Sonja).mpg.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Windows\WinSxS\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_10.0.19041.1_none_15ba23b7f1e2b81b\trambling sleeping penetration .mpg.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Windows\SystemResources\Windows.ShellCommon.SharedResources\tyrkish nude horse several models legs boots .avi.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Windows\WinSxS\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_10.0.19041.1_none_c049dbdb4e15bdd2\cum beast hidden wifey (Tatjana,Samantha).mpg.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_es-es_e5c3ad79c4e34ebb\black horse xxx [bangbus] boots .avi.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\Downloads\american horse uncut balls .zip.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_en-us_64f5aaf4bb13ecef\beast xxx [milf] ash gorgeoushorny .mpeg.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_en-us_8dd6053a0a5910eb\italian fucking sleeping nipples (Anniston,Sandy).rar.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Windows\security\templates\fucking blowjob masturbation .mpeg.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_fd7349c396c417ae\chinese animal lesbian [free] nipples .rar.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedpc-sharedpccsp_31bf3856ad364e35_10.0.19041.1_none_24f622f1fc5a3f3c\animal hot (!) (Melissa,Karin).mpeg.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1_none_a23e6a858fad9595\xxx beastiality [bangbus] shoes (Liz).avi.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.746_none_a06b29f6c4bab99e\spanish kicking big high heels (Karin).zip.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_5b152a8d329397ec\italian handjob lingerie uncut .avi.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_de-de_3d077a9cd5de5151\american action porn lesbian mistress (Ashley).rar.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.1_none_6e0e425bd0e83959\horse [milf] legs .avi.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedrealitysvc_31bf3856ad364e35_10.0.19041.1_none_5a23b464e1e0b15e\tyrkish hardcore lesbian sleeping .avi.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.906_none_f962ab5f47e1e896\indian gay hot (!) .mpeg.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_10.0.19041.1_none_551afa5edf8be30e\malaysia hardcore uncut gorgeoushorny .mpg.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1_none_3cfd44d351b1a8ab\action several models upskirt .zip.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_10.0.19041.1_none_bd731e5b85dd203e\animal hidden hairy .mpg.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedpc-sharedpccsp_31bf3856ad364e35_10.0.19041.746_none_4cfe603abbcbfd86\french action licking 50+ .rar.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..acejoin-gptemplates_31bf3856ad364e35_10.0.19041.1_none_609f27436445f4da\trambling masturbation mature (Britney,Curtney).mpg.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_67a96afcfa248327\spanish porn trambling uncut feet traffic (Jenna).avi.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_2610450c30b37cc4\italian hardcore xxx licking nipples hotel (Britney,Tatjana).mpeg.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.746_none_de598551b74a3964\horse [free] bondage .avi.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Windows\mssrv.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\italian cumshot kicking hot (!) .avi.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Windows\WinSxS\amd64_netfx4-uninstallsqlstatetemplate_sql_b03f5f7f11d50a3a_4.0.15805.0_none_db70a8ec1b999dd5\african beast beast licking .zip.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_es-es_c9ce604ef4cbf323\french beast big boobs traffic .mpeg.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\italian cumshot girls granny .mpg.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_bfae5918c0443f83\black porn xxx girls .avi.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_621728fcd3c9d5f6\animal nude [free] girly .zip.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_10.0.19041.746_none_292c449ed2edefa3\trambling beastiality girls hole .zip.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_it-it_1a80ce63d483fe70\black beastiality xxx uncut .mpeg.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Windows\WinSxS\amd64_netfx-aspnet-nonwow64-shared_b03f5f7f11d50a3a_4.0.19041.1_none_d66d07dacac85e2d\chinese hardcore beastiality [free] traffic .rar.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_8fafa997b9980bea\trambling fucking [milf] castration (Liz).mpeg.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
File created C:\Windows\WinSxS\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_10.0.19041.1_none_a723631dce180fe0\porn gang bang full movie .zip.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2116 wrote to memory of 4728 N/A C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe
PID 2116 wrote to memory of 4728 N/A C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe
PID 2116 wrote to memory of 4728 N/A C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe
PID 2116 wrote to memory of 4472 N/A C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe
PID 2116 wrote to memory of 4472 N/A C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe
PID 2116 wrote to memory of 4472 N/A C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe
PID 4728 wrote to memory of 1504 N/A C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe
PID 4728 wrote to memory of 1504 N/A C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe
PID 4728 wrote to memory of 1504 N/A C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe

Processes

C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe

"C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe"

C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe

"C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe"

C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe

"C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe"

C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe

"C:\Users\Admin\AppData\Local\Temp\29d039f1582855309902d2a3081b59ed313089d07c759ddf67e2ccd9221bb19d.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 68.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 130.118.77.104.in-addr.arpa udp
US 8.8.8.8:53 219.33.172.159.in-addr.arpa udp
US 8.8.8.8:53 18.138.39.53.in-addr.arpa udp
US 8.8.8.8:53 212.17.21.47.in-addr.arpa udp
US 8.8.8.8:53 21.229.149.182.in-addr.arpa udp
US 8.8.8.8:53 69.136.151.175.in-addr.arpa udp
US 8.8.8.8:53 25.227.251.251.in-addr.arpa udp
US 8.8.8.8:53 146.16.8.10.in-addr.arpa udp
US 8.8.8.8:53 129.33.203.138.in-addr.arpa udp
US 8.8.8.8:53 159.246.60.18.in-addr.arpa udp
US 8.8.8.8:53 85.47.205.122.in-addr.arpa udp
US 8.8.8.8:53 63.147.96.249.in-addr.arpa udp
US 8.8.8.8:53 32.100.167.101.in-addr.arpa udp
US 8.8.8.8:53 16.150.233.22.in-addr.arpa udp
US 8.8.8.8:53 182.221.191.115.in-addr.arpa udp
US 8.8.8.8:53 79.230.119.44.in-addr.arpa udp
US 8.8.8.8:53 118.160.221.19.in-addr.arpa udp
US 8.8.8.8:53 249.167.81.56.in-addr.arpa udp
US 8.8.8.8:53 224.93.38.129.in-addr.arpa udp
US 8.8.8.8:53 185.96.156.22.in-addr.arpa udp
US 8.8.8.8:53 175.81.154.13.in-addr.arpa udp
US 8.8.8.8:53 241.135.218.163.in-addr.arpa udp
US 8.8.8.8:53 119.83.164.66.in-addr.arpa udp
US 8.8.8.8:53 18.156.199.101.in-addr.arpa udp
US 8.8.8.8:53 26.205.79.92.in-addr.arpa udp
US 8.8.8.8:53 226.70.150.109.in-addr.arpa udp
US 8.8.8.8:53 235.124.5.42.in-addr.arpa udp
US 8.8.8.8:53 94.103.215.174.in-addr.arpa udp
US 8.8.8.8:53 249.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 129.10.99.188.in-addr.arpa udp
US 8.8.8.8:53 30.185.182.63.in-addr.arpa udp
US 8.8.8.8:53 47.20.47.5.in-addr.arpa udp
US 8.8.8.8:53 30.185.193.211.in-addr.arpa udp
US 8.8.8.8:53 61.108.19.44.in-addr.arpa udp
US 8.8.8.8:53 188.61.99.206.in-addr.arpa udp
US 8.8.8.8:53 173.224.244.103.in-addr.arpa udp
US 8.8.8.8:53 207.138.121.213.in-addr.arpa udp
US 8.8.8.8:53 70.162.68.36.in-addr.arpa udp
US 8.8.8.8:53 230.186.62.201.in-addr.arpa udp
US 8.8.8.8:53 48.252.204.145.in-addr.arpa udp
US 8.8.8.8:53 225.200.183.215.in-addr.arpa udp
US 8.8.8.8:53 127.127.163.154.in-addr.arpa udp
US 8.8.8.8:53 50.160.144.107.in-addr.arpa udp
US 8.8.8.8:53 192.89.94.238.in-addr.arpa udp
US 8.8.8.8:53 240.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 50.46.75.107.in-addr.arpa udp
US 8.8.8.8:53 75.60.253.36.in-addr.arpa udp
US 8.8.8.8:53 57.243.217.189.in-addr.arpa udp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 174.204.139.15.in-addr.arpa udp
US 8.8.8.8:53 59.48.210.57.in-addr.arpa udp
US 8.8.8.8:53 48.73.90.26.in-addr.arpa udp
US 8.8.8.8:53 213.32.179.6.in-addr.arpa udp
US 8.8.8.8:53 254.109.215.109.in-addr.arpa udp
US 8.8.8.8:53 48.127.66.159.in-addr.arpa udp
US 8.8.8.8:53 73.68.122.204.in-addr.arpa udp
US 8.8.8.8:53 116.153.49.171.in-addr.arpa udp
US 8.8.8.8:53 115.150.96.201.in-addr.arpa udp
US 8.8.8.8:53 9.74.219.234.in-addr.arpa udp
US 8.8.8.8:53 236.116.123.59.in-addr.arpa udp
US 8.8.8.8:53 234.64.129.87.in-addr.arpa udp
US 8.8.8.8:53 65.180.59.85.in-addr.arpa udp
US 8.8.8.8:53 106.230.43.212.in-addr.arpa udp
US 8.8.8.8:53 252.232.155.118.in-addr.arpa udp
US 8.8.8.8:53 22.39.141.40.in-addr.arpa udp
US 8.8.8.8:53 55.183.120.76.in-addr.arpa udp
US 8.8.8.8:53 110.3.134.249.in-addr.arpa udp
US 8.8.8.8:53 152.5.108.9.in-addr.arpa udp
US 8.8.8.8:53 76.10.194.114.in-addr.arpa udp
US 8.8.8.8:53 67.250.217.33.in-addr.arpa udp
US 8.8.8.8:53 41.113.42.227.in-addr.arpa udp
US 8.8.8.8:53 222.173.59.48.in-addr.arpa udp
US 8.8.8.8:53 66.238.109.236.in-addr.arpa udp
US 8.8.8.8:53 190.155.40.89.in-addr.arpa udp
US 8.8.8.8:53 122.169.57.169.in-addr.arpa udp
US 8.8.8.8:53 235.28.120.140.in-addr.arpa udp
US 8.8.8.8:53 156.197.193.209.in-addr.arpa udp
US 8.8.8.8:53 203.66.212.122.in-addr.arpa udp
US 8.8.8.8:53 209.198.22.169.in-addr.arpa udp
US 8.8.8.8:53 184.57.249.184.in-addr.arpa udp
US 8.8.8.8:53 27.173.189.20.in-addr.arpa udp

Files

memory/2116-0-0x0000000000400000-0x0000000000420000-memory.dmp

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\asian beastiality fetish [milf] mistress .mpeg.exe

MD5 0913d5b4f59ff092bac2f8a7300a1e85
SHA1 3b8a200464c44969df09bce43537e1dc0cad273a
SHA256 0a98506d34d0e5670c406613355329f0ef93162d48e81a9ffb3f896c9a005eae
SHA512 4368d01d4920e0aa8a797f75eb9f6fbf269fb3cf121dd83d56aa5d55713b2c59b0e0fb7e9a0bb274ae75a24d5f07772696f7a4d5d4b57051b1c6f7f8b943e324

memory/4728-109-0x0000000000400000-0x0000000000420000-memory.dmp

memory/4472-168-0x0000000000400000-0x0000000000420000-memory.dmp

memory/1504-169-0x0000000000400000-0x0000000000420000-memory.dmp

memory/2116-198-0x0000000000400000-0x0000000000420000-memory.dmp

memory/4728-199-0x0000000000400000-0x0000000000420000-memory.dmp

memory/4472-200-0x0000000000400000-0x0000000000420000-memory.dmp

memory/1504-202-0x0000000000400000-0x0000000000420000-memory.dmp