Malware Analysis Report

2024-11-15 06:07

Sample ID 240407-yjczjadb75
Target 2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4
SHA256 2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4
Tags
upx persistence spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4

Threat Level: Known bad

The file 2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4 was found to be: Known bad.

Malicious Activity Summary

upx persistence spyware stealer

UPX dump on OEP (original entry point)

UPX dump on OEP (original entry point)

Detects executables containing possible sandbox analysis VM usernames

Checks computer location settings

UPX packed file

Reads user/profile data of web browsers

Enumerates connected drives

Adds Run key to start application

Drops file in System32 directory

Drops file in Program Files directory

Drops file in Windows directory

Enumerates physical storage devices

Unsigned PE

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-07 19:48

Signatures

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-07 19:48

Reported

2024-04-07 19:51

Platform

win7-20240221-en

Max time kernel

149s

Max time network

145s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe"

Signatures

Detects executables containing possible sandbox analysis VM usernames

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\american kicking fucking voyeur feet penetration .avi.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Windows\System32\LogFiles\Fax\Incoming\blowjob [free] lady (Kathrin,Jade).mpg.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Windows\SysWOW64\IME\shared\xxx hot (!) sm .avi.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\japanese kicking trambling voyeur titts .rar.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\horse [bangbus] titts .zip.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\tyrkish horse sperm full movie cock (Anniston,Tatjana).avi.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Windows\System32\DriverStore\Temp\danish kicking blowjob uncut titts fishy (Samantha).rar.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\cum sperm public feet bedroom .mpg.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Windows\SysWOW64\IME\shared\danish fetish horse big titts mistress .mpg.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\fucking several models balls .avi.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\Microsoft Shared\indian nude lingerie catfight (Jade).mpg.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\japanese cum xxx [milf] penetration .avi.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Program Files\Windows Journal\Templates\swedish cum sperm catfight .rar.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Program Files\Windows Sidebar\Shared Gadgets\lesbian lesbian titts blondie .rar.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\tyrkish cumshot hardcore [free] (Liz).mpg.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Program Files (x86)\Google\Update\Download\black horse fucking catfight hotel .zip.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\american animal hardcore hot (!) balls .mpeg.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Program Files (x86)\Google\Temp\japanese handjob sperm public penetration .avi.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\swedish kicking sperm big bondage .avi.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\brasilian action lingerie lesbian mistress .avi.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Program Files\DVD Maker\Shared\lingerie hidden (Melissa).rar.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\sperm [free] stockings .zip.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\russian nude hardcore lesbian feet .avi.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\blowjob [free] titts .zip.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\lingerie uncut (Liz).mpg.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_6.1.7600.16385_none_af6f98ff87b0e3cc\indian cumshot blowjob full movie hole hotel .avi.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Windows\mssrv.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ea4a469ab7713182\german beast voyeur (Sylvia).mpg.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_bacc7ceffc55dca2\chinese fucking hot (!) feet mature .zip.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_6b16fa9f975e1109\cumshot hardcore several models (Janette).mpg.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_b7f38afb92de484f\bukkake [milf] titts .zip.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\horse [bangbus] sm .avi.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_6.1.7600.16385_none_49dd84a06c7c8863\german fucking several models glans wifey .mpeg.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_3d98a610fed70b75\german beast full movie titts .avi.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_9498b282333b64ec\action blowjob hot (!) cock .mpg.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_965db382b6fef5cb\kicking gay hot (!) wifey .zip.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_cd2006602e5ee22e\sperm voyeur .zip.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_f3c374fc18118ca2\british fucking lesbian feet circumcision (Jade).avi.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\black beastiality lesbian catfight .avi.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0ac4ebfc358e5ec0\xxx lesbian glans YEâPSè& .mpeg.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e30b5ec05031d17d\horse hardcore catfight feet redhair (Sarah).avi.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_60c2504d62fd4f0e\swedish nude trambling lesbian upskirt .mpeg.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Windows\winsxs\Temp\indian animal fucking several models .mpg.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\brasilian fetish gay licking granny .avi.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8d9f242de8497d58\cumshot trambling catfight .mpg.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Windows\winsxs\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_5e4ff1f4cf2dee9b\african lingerie public (Jade).mpg.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\japanese cum lingerie [free] .zip.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_f0ca3430257ea13f\tyrkish action hardcore public cock beautyfull .mpg.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a3772de7111797da\tyrkish action blowjob catfight .zip.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_293ea1e3e6bc5364\lingerie hidden girly .zip.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_6.1.7600.16385_none_6377027f0030a06a\british bukkake licking pregnant (Gina,Tatjana).mpg.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_3c93ac15fd731acf\sperm hidden cock ash (Sarah).rar.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ac16749b75335680\tyrkish fetish hardcore [free] stockings .mpg.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_d8216ed3d8746200\asian horse lesbian femdom (Ashley,Sarah).zip.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Windows\winsxs\x86_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_dd18b2a07d49aa11\action beast [bangbus] (Janette).avi.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\horse public glans .zip.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Windows\SoftwareDistribution\Download\tyrkish fetish hardcore sleeping hotel .mpeg.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\Downloads\hardcore public circumcision .mpg.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\beast catfight (Melissa).zip.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_6f0f7833cb71e18d\british lingerie licking blondie .mpeg.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Windows\winsxs\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_16a2bb1dbab1c595\bukkake [bangbus] feet ejaculation (Samantha).rar.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Windows\assembly\temp\tyrkish porn gay [milf] cock granny .mpeg.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\beast voyeur YEâPSè& .mpg.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\Downloads\danish beastiality lesbian [milf] titts gorgeoushorny (Tatjana).rar.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_f27c4f066f5c6701\blowjob big swallow .avi.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\italian beastiality hardcore girls titts .mpeg.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\tyrkish handjob fucking [milf] .avi.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_095efe9c8261401e\handjob sperm [milf] hole .rar.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8bfc34b93f0fdd42\norwegian hardcore lesbian hotel .avi.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b4aea777fe683838\gang bang lingerie hot (!) hole leather .mpeg.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_34400a5790d1d336\brasilian cum horse big hole YEâPSè& (Samantha).mpeg.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_6.1.7600.16385_none_a727eb798dcfb185\canadian xxx girls titts .mpg.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Windows\winsxs\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_dba3691c6002e10e\british horse [free] traffic .rar.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Windows\winsxs\InstallTemp\indian fetish trambling hidden mature .mpg.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_aedaf3947d09fbe5\african trambling licking black hairunshaved .avi.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5d6ada54ed6d35a2\french bukkake [milf] glans young (Sylvia).mpg.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_97a45841ff925aa0\german sperm hidden hole ìï (Melissa).mpeg.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Windows\security\templates\swedish gang bang xxx uncut (Samantha).rar.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_515dc677700303ec\blowjob several models titts gorgeoushorny .mpg.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\indian kicking hardcore several models .zip.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\hardcore several models hole shoes .mpg.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8bc7919d3f36cee7\lesbian masturbation feet .mpg.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_6.1.7600.16385_none_5499606faffb3f9f\canadian lingerie uncut cock mature (Janette).avi.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-m..-temptable-provider_31bf3856ad364e35_6.1.7600.16385_none_1dd3ce8d1e7524cd\french horse uncut ash .mpg.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_4d274741486b900c\danish animal blowjob full movie fishy (Jenna,Janette).mpeg.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Windows\assembly\tmp\russian beastiality bukkake [free] stockings (Ashley,Melissa).zip.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\japanese cum trambling hot (!) hotel .avi.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_7bfdfb15e7184c41\chinese hardcore big glans (Sonja,Liz).mpeg.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_94ab98ac6d213009\malaysia trambling [free] .mpg.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2252 wrote to memory of 2716 N/A C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe
PID 2252 wrote to memory of 2716 N/A C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe
PID 2252 wrote to memory of 2716 N/A C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe
PID 2252 wrote to memory of 2716 N/A C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe
PID 2716 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe
PID 2716 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe
PID 2716 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe
PID 2716 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe

Processes

C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe

"C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe"

C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe

"C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe"

C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe

"C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 111.236.141.44.in-addr.arpa udp
US 8.8.8.8:53 165.172.181.39.in-addr.arpa udp
US 8.8.8.8:53 213.48.101.77.in-addr.arpa udp
US 8.8.8.8:53 46.54.132.31.in-addr.arpa udp
US 8.8.8.8:53 109.55.112.157.in-addr.arpa udp
US 8.8.8.8:53 182.215.217.49.in-addr.arpa udp
US 8.8.8.8:53 27.63.198.167.in-addr.arpa udp
US 8.8.8.8:53 111.63.116.50.in-addr.arpa udp
US 8.8.8.8:53 58.48.212.32.in-addr.arpa udp
US 8.8.8.8:53 125.207.205.43.in-addr.arpa udp
US 8.8.8.8:53 94.124.228.168.in-addr.arpa udp
US 8.8.8.8:53 141.128.15.110.in-addr.arpa udp
US 8.8.8.8:53 231.154.234.112.in-addr.arpa udp
US 8.8.8.8:53 225.112.205.251.in-addr.arpa udp
US 8.8.8.8:53 231.65.218.151.in-addr.arpa udp
US 8.8.8.8:53 181.158.120.158.in-addr.arpa udp
US 8.8.8.8:53 193.225.166.154.in-addr.arpa udp
US 8.8.8.8:53 76.213.81.98.in-addr.arpa udp
US 8.8.8.8:53 195.164.38.220.in-addr.arpa udp
US 8.8.8.8:53 63.188.158.31.in-addr.arpa udp
US 8.8.8.8:53 152.154.136.92.in-addr.arpa udp
US 8.8.8.8:53 11.111.15.217.in-addr.arpa udp
US 8.8.8.8:53 83.181.248.24.in-addr.arpa udp
US 8.8.8.8:53 42.246.198.112.in-addr.arpa udp
US 8.8.8.8:53 15.255.206.220.in-addr.arpa udp
US 8.8.8.8:53 148.19.15.255.in-addr.arpa udp
US 8.8.8.8:53 244.56.36.52.in-addr.arpa udp

Files

memory/2252-0-0x0000000000400000-0x000000000041F000-memory.dmp

C:\Program Files\Windows Sidebar\Shared Gadgets\lesbian lesbian titts blondie .rar.exe

MD5 1bdc6fc0125ea32c895e8ffa2488efa8
SHA1 e5b58ae54176607aaa20b8d3324a465da66f3e88
SHA256 be74533d838ec5d9d747b84706f1aa68fb2c105ad42c5d5c7c5f3a43c28d218a
SHA512 6734e70e41fc58a3270b8e6408d51bc9bdffd7fa3c80755404bf5cd1c068c02ad5038d92eb3098824a5bffa571aed26ad21c3fb766a2268fb116cf9dc521fbbe

memory/2716-56-0x0000000000400000-0x000000000041F000-memory.dmp

memory/2252-55-0x0000000005490000-0x00000000054AF000-memory.dmp

memory/2632-88-0x0000000000400000-0x000000000041F000-memory.dmp

memory/2716-87-0x0000000002100000-0x000000000211F000-memory.dmp

memory/2252-104-0x0000000000400000-0x000000000041F000-memory.dmp

memory/2252-106-0x0000000005490000-0x00000000054AF000-memory.dmp

memory/2716-107-0x0000000000400000-0x000000000041F000-memory.dmp

memory/2716-108-0x0000000002100000-0x000000000211F000-memory.dmp

memory/2632-110-0x0000000000400000-0x000000000041F000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-04-07 19:48

Reported

2024-04-07 19:51

Platform

win10v2004-20240226-en

Max time kernel

150s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe"

Signatures

Detects executables containing possible sandbox analysis VM usernames

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\FxsTmp\french gang bang animal [free] feet shower .mpeg.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\american fucking animal [bangbus] YEâPSè& .avi.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\canadian horse bukkake public pregnant .zip.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Windows\SysWOW64\IME\SHARED\asian xxx full movie glans .avi.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\tyrkish horse blowjob [bangbus] young .rar.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\african hardcore horse licking glans .mpeg.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\porn [free] vagina .mpg.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Windows\System32\DriverStore\Temp\tyrkish bukkake hardcore girls titts .mpeg.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Windows\SysWOW64\IME\SHARED\fetish beast hidden hairy .rar.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Windows\System32\LogFiles\Fax\Incoming\brasilian porn lingerie uncut .rar.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\sperm catfight .mpg.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\american beast blowjob full movie hole Ôï .mpeg.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\nude sleeping hole femdom .zip.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\american beast public hole boots (Britney,Anniston).mpeg.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\asian lingerie trambling voyeur nipples hairy (Sonja,Tatjana).mpg.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Program Files (x86)\Google\Temp\italian xxx hot (!) .mpeg.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\action full movie sweet (Anniston,Gina).rar.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\swedish blowjob bukkake hidden .mpeg.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Program Files\Common Files\microsoft shared\norwegian horse sperm girls nipples (Liz).zip.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Program Files\dotnet\shared\spanish hardcore kicking several models redhair (Gina).avi.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\swedish animal masturbation hotel (Anniston).mpg.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Program Files\Windows Sidebar\Shared Gadgets\cum fetish voyeur titts femdom .rar.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\horse hidden cock redhair .mpeg.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Program Files\Microsoft Office\Updates\Download\danish bukkake full movie vagina circumcision .mpg.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\bukkake public .mpg.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Program Files (x86)\Google\Update\Download\nude cum catfight .mpeg.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\brasilian cum horse [free] gorgeoushorny .zip.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\hardcore fucking lesbian (Sarah,Liz).rar.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\fucking bukkake several models .mpeg.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\handjob [free] vagina (Melissa,Sonja).mpeg.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\WinSxS\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_10.0.19041.1_none_01240756137c3159\spanish handjob [free] legs high heels .avi.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.1_none_b6514808f7d87b1a\xxx handjob [free] nipples .zip.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1288_none_6115038ba57fcb33\fetish hot (!) ash .mpeg.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.906_none_ef0e010d1381269b\xxx lingerie big femdom .mpg.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_e79b400a6df5fd2c\danish nude trambling lesbian traffic (Anniston,Melissa).avi.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_10.0.19041.1_none_a3d9a07cf2290837\japanese action full movie (Karin,Curtney).zip.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Windows\WinSxS\amd64_netfx-aspnet-sharedcomponents_b03f5f7f11d50a3a_4.0.19041.1_none_47ca94859da20b28\swedish lingerie full movie .zip.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_855aff45853749ef\hardcore [free] glans lady (Samantha,Karin).rar.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Windows\WinSxS\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_10.0.19041.1_none_15ba23b7f1e2b81b\nude [bangbus] legs ejaculation .rar.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Windows\WinSxS\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_10.0.19041.1_none_a723631dce180fe0\norwegian cum porn public nipples high heels .zip.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.928_none_33e0d5558cdd7c61\porn public mistress (Tatjana).mpeg.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_it-it_1a80ce63d483fe70\indian handjob voyeur mistress (Jenna).avi.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Windows\WinSxS\Temp\black fucking horse several models ash .mpeg.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_it-it_56adcc94becfef03\gay hardcore [milf] boobs leather (Melissa,Samantha).zip.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Windows\SystemResources\Windows.ShellCommon.SharedResources\african bukkake public (Tatjana,Sylvia).rar.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_5d54c0aac5c3c12c\beast [milf] sweet .mpeg.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_b1ffa0e7b4ed03e2\gay handjob [free] hole bondage .rar.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_de-de_bc04d4fbcc35e12a\nude fucking hidden YEâPSè& .mpg.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_it-it_72a319bf8ee74a9b\blowjob hidden mistress .avi.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_6c6bd34f082a97f1\swedish lesbian cumshot catfight mistress .zip.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-m..ineshared.resources_31bf3856ad364e35_10.0.19041.1_en-us_a4327320c19e2fa7\canadian cumshot [free] penetration .avi.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Windows\CbsTemp\spanish handjob cum girls leather (Karin).mpeg.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Windows\InputMethod\SHARED\xxx cum lesbian legs .mpeg.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Windows\PLA\Templates\fucking porn full movie mistress .avi.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_211cf1c632a13851\indian action bukkake lesbian vagina upskirt .avi.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_ab42fb092bda9182\german cum full movie .avi.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.1_none_d12f2a9a88909fc2\french blowjob uncut ash .rar.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1_none_a23e6a858fad9595\porn xxx hidden upskirt .avi.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.746_none_d404daff82e97769\danish bukkake girls hotel .mpeg.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_it-it_f1a0741e853eda74\porn sperm uncut .avi.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_de-de_e4e52f411b7b0526\japanese cumshot full movie blondie .mpg.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-sx-shared_31bf3856ad364e35_10.0.19041.1_none_f8e978b0ed48a6bb\sperm sperm voyeur pregnant .zip.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c3d467c525734eb3\indian animal porn hot (!) leather (Kathrin,Christine).zip.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.1_none_a7ad1894592cfa12\indian beast nude sleeping (Tatjana,Samantha).rar.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_bca64d70c79f104b\nude big .zip.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_10.0.19041.1_none_91025638be651781\xxx cum catfight titts (Sonja,Tatjana).mpg.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.1_none_b201c2e68d8dbc0d\french porn action [free] boobs (Ashley,Janette).avi.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.1_none_abfc9db6c377b91f\canadian porn uncut (Anniston).zip.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_10.0.19041.1_none_bd731e5b85dd203e\chinese porn [free] nipples girly (Tatjana,Anniston).zip.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_f8d34ba1b1eb00de\horse masturbation feet hairy (Britney,Britney).mpg.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.867_en-us_49453482f1fb5356\beastiality xxx full movie (Sonja).zip.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..se-shared-datafiles_31bf3856ad364e35_10.0.19041.1_none_2f5f00d280dce9f6\spanish lesbian lesbian [bangbus] granny (Sonja).zip.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_en-us_64f5aaf4bb13ecef\brasilian gang bang animal hidden .rar.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_62312bfbb33d478a\tyrkish sperm fucking licking boobs hairy (Tatjana).avi.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..ervices-tsfairshare_31bf3856ad364e35_10.0.19041.1_none_e32b64807ab11fd2\hardcore gang bang girls .zip.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Windows\WinSxS\x86_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_10.0.19041.1_none_34e3bab50607a64b\german action hardcore masturbation black hairunshaved (Sandy).zip.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.746_none_b53f8b98f2b3a373\canadian animal beast hot (!) .zip.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\swedish lesbian full movie .mpg.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d38ece58f77171b4\beastiality public cock .mpeg.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_833abdc06c68d338\russian sperm nude girls .mpeg.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_2fe79eae2833b9b1\tyrkish xxx handjob voyeur .zip.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.1_none_4a03fd12cb3f16c2\tyrkish sperm fetish lesbian vagina .mpg.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\Downloads\cum gang bang uncut fishy .mpg.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_f07d4fae3e8e883f\action lesbian glans ejaculation .zip.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1151_none_fbdc4c5f677dc2ec\african beast sperm voyeur penetration (Christine,Samantha).avi.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_es-es_8da1621e0a800290\black trambling sleeping leather .mpg.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.844_none_67b5915b5651dd8a\italian animal fucking public titts penetration (Christine,Britney).avi.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.84_none_81616275259e37fe\lesbian kicking [free] titts lady .avi.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.1_none_a80cea873b2a6772\fucking hot (!) wifey (Melissa).rar.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedpc-sharedpccsp_31bf3856ad364e35_10.0.19041.1_none_24f622f1fc5a3f3c\beast lesbian voyeur boots .zip.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.84_none_cee95e04c201c860\african sperm fucking several models .avi.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\sperm masturbation (Tatjana,Gina).zip.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Windows\SoftwareDistribution\Download\lingerie [bangbus] .avi.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.867_none_c29826784f9429f8\canadian trambling gay sleeping sm .avi.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2856 wrote to memory of 464 N/A C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe
PID 2856 wrote to memory of 464 N/A C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe
PID 2856 wrote to memory of 464 N/A C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe
PID 464 wrote to memory of 4864 N/A C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe
PID 464 wrote to memory of 4864 N/A C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe
PID 464 wrote to memory of 4864 N/A C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe

Processes

C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe

"C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe"

C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe

"C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe"

C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe

"C:\Users\Admin\AppData\Local\Temp\2ea327b2f0cf4ea84584990a159877486678a698d74adafb2545861d2478b3e4.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 240.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 74.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 159.113.53.23.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 130.118.77.104.in-addr.arpa udp
US 8.8.8.8:53 100.27.204.35.in-addr.arpa udp
US 8.8.8.8:53 28.229.159.36.in-addr.arpa udp
US 8.8.8.8:53 118.162.250.49.in-addr.arpa udp
US 8.8.8.8:53 24.239.176.187.in-addr.arpa udp
US 8.8.8.8:53 6.78.98.162.in-addr.arpa udp
US 8.8.8.8:53 36.190.140.153.in-addr.arpa udp
US 8.8.8.8:53 39.203.234.198.in-addr.arpa udp
US 8.8.8.8:53 91.35.56.249.in-addr.arpa udp
US 8.8.8.8:53 138.180.48.14.in-addr.arpa udp
US 8.8.8.8:53 107.84.87.103.in-addr.arpa udp
US 8.8.8.8:53 123.97.222.8.in-addr.arpa udp
US 8.8.8.8:53 161.149.220.14.in-addr.arpa udp
US 8.8.8.8:53 69.185.210.1.in-addr.arpa udp
US 8.8.8.8:53 233.188.210.117.in-addr.arpa udp
US 8.8.8.8:53 145.148.208.88.in-addr.arpa udp
US 8.8.8.8:53 249.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 5.141.74.219.in-addr.arpa udp
US 8.8.8.8:53 19.118.68.202.in-addr.arpa udp
US 8.8.8.8:53 28.128.116.236.in-addr.arpa udp
US 8.8.8.8:53 177.45.35.215.in-addr.arpa udp
US 8.8.8.8:53 150.199.148.83.in-addr.arpa udp
US 8.8.8.8:53 88.236.211.208.in-addr.arpa udp
US 8.8.8.8:53 118.217.95.9.in-addr.arpa udp
US 8.8.8.8:53 42.146.183.53.in-addr.arpa udp
US 8.8.8.8:53 241.95.212.79.in-addr.arpa udp
US 8.8.8.8:53 38.208.244.99.in-addr.arpa udp
US 8.8.8.8:53 45.56.20.217.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 174.108.19.216.in-addr.arpa udp
US 8.8.8.8:53 168.113.251.247.in-addr.arpa udp
US 8.8.8.8:53 45.76.126.103.in-addr.arpa udp
US 8.8.8.8:53 83.230.1.81.in-addr.arpa udp
US 8.8.8.8:53 163.14.2.88.in-addr.arpa udp
US 8.8.8.8:53 189.38.64.135.in-addr.arpa udp
US 8.8.8.8:53 190.219.193.158.in-addr.arpa udp
US 8.8.8.8:53 193.247.253.95.in-addr.arpa udp
US 8.8.8.8:53 65.59.157.24.in-addr.arpa udp
US 8.8.8.8:53 68.227.5.253.in-addr.arpa udp
US 8.8.8.8:53 191.82.139.121.in-addr.arpa udp
US 8.8.8.8:53 68.232.9.34.in-addr.arpa udp
US 8.8.8.8:53 239.126.204.30.in-addr.arpa udp
US 8.8.8.8:53 172.151.116.188.in-addr.arpa udp
US 8.8.8.8:53 214.58.205.55.in-addr.arpa udp
US 8.8.8.8:53 46.136.212.193.in-addr.arpa udp
US 8.8.8.8:53 190.90.164.233.in-addr.arpa udp
US 8.8.8.8:53 247.39.166.61.in-addr.arpa udp
US 8.8.8.8:53 117.69.119.88.in-addr.arpa udp
US 8.8.8.8:53 114.210.103.92.in-addr.arpa udp
US 8.8.8.8:53 235.65.179.232.in-addr.arpa udp
US 8.8.8.8:53 110.114.254.70.in-addr.arpa udp
US 8.8.8.8:53 48.171.108.104.in-addr.arpa udp
US 8.8.8.8:53 82.213.107.180.in-addr.arpa udp
US 8.8.8.8:53 125.118.71.192.in-addr.arpa udp
US 8.8.8.8:53 26.55.40.34.in-addr.arpa udp
US 8.8.8.8:53 24.248.122.26.in-addr.arpa udp
US 8.8.8.8:53 207.193.161.176.in-addr.arpa udp
US 8.8.8.8:53 15.177.25.164.in-addr.arpa udp
US 8.8.8.8:53 187.125.176.189.in-addr.arpa udp

Files

memory/2856-0-0x0000000000400000-0x000000000041F000-memory.dmp

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\nude sleeping hole femdom .zip.exe

MD5 751298769b06dddaa0a5dbc169015d6d
SHA1 491b94310c541a6fe4cd5dd40382ead4a21873af
SHA256 b87d2fc851dd3844682a0cbd50282ffbe7e94c4b1076d8dbd42952435068dc6a
SHA512 01bf7f4665e334328c541e32a82f1edc3f3b8c9c6ff7f443c2ca61b1049fca16cca145b0681ff65b82365b922304f61bc72a65af28363e744c1006837eaa3cb5

memory/464-19-0x0000000000400000-0x000000000041F000-memory.dmp

memory/4864-154-0x0000000000400000-0x000000000041F000-memory.dmp

memory/2856-193-0x0000000000400000-0x000000000041F000-memory.dmp

memory/464-194-0x0000000000400000-0x000000000041F000-memory.dmp

memory/4864-195-0x0000000000400000-0x000000000041F000-memory.dmp