Malware Analysis Report

2024-11-13 13:58

Sample ID 240407-yr6ltada9s
Target 35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4
SHA256 35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4
Tags
upx persistence spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4

Threat Level: Known bad

The file 35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4 was found to be: Known bad.

Malicious Activity Summary

upx persistence spyware stealer

UPX dump on OEP (original entry point)

UPX dump on OEP (original entry point)

Detects executables containing possible sandbox analysis VM usernames

Reads user/profile data of web browsers

UPX packed file

Checks computer location settings

Enumerates connected drives

Adds Run key to start application

Drops file in System32 directory

Drops file in Program Files directory

Drops file in Windows directory

Unsigned PE

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-07 20:02

Signatures

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-07 20:02

Reported

2024-04-07 20:04

Platform

win7-20240215-en

Max time kernel

150s

Max time network

149s

Command Line

"C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe"

Signatures

Detects executables containing possible sandbox analysis VM usernames

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\IME\shared\swedish horse handjob girls hairy .mpg.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\norwegian porn blowjob lesbian fishy (Liz,Tatjana).rar.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\horse fetish lesbian blondie .zip.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Windows\System32\DriverStore\Temp\british sperm cum [milf] glans girly .avi.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\nude fetish licking (Gina,Karin).avi.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\chinese horse nude voyeur titts hairy (Britney).rar.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\cum big vagina .zip.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Windows\SysWOW64\IME\shared\beastiality sperm hidden glans .zip.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Windows\System32\LogFiles\Fax\Incoming\american sperm lesbian [bangbus] bondage (Sarah).mpg.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\russian action horse sleeping boobs lady .zip.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Windows Journal\Templates\african bukkake [milf] boobs ash (Anniston,Ashley).avi.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\blowjob blowjob voyeur .avi.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Program Files (x86)\Google\Temp\tyrkish horse sperm hidden .mpg.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\italian animal several models nipples pregnant (Liz).avi.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\american handjob xxx public (Kathrin,Gina).mpg.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Program Files\DVD Maker\Shared\indian hardcore several models .avi.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Program Files (x86)\Google\Update\Download\handjob catfight hotel .avi.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\gang bang girls boots (Sarah,Anniston).mpeg.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\french blowjob [free] ash .mpeg.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Program Files\Windows Sidebar\Shared Gadgets\swedish bukkake girls young .zip.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\xxx voyeur cock circumcision .rar.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\malaysia sperm action [milf] traffic (Anniston).avi.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\gay xxx voyeur wifey .avi.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\brasilian bukkake several models (Jenna,Janette).mpg.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\cum horse girls .zip.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\security\templates\fetish public stockings .mpg.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_6.1.7600.16385_none_5499606faffb3f9f\canadian gay beast hidden blondie (Jade).mpeg.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\beast handjob [bangbus] .mpg.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Windows\PLA\Templates\spanish horse lesbian penetration .mpeg.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_657d9a203abeb154\kicking gay lesbian sweet .zip.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_f3c374fc18118ca2\malaysia xxx several models leather .avi.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_aea650787d30ed8a\chinese gang bang sleeping sweet .avi.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\norwegian cumshot lesbian 50+ .mpeg.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_293ea1e3e6bc5364\canadian horse sperm voyeur .mpg.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_bcc167434bb9b3ea\russian nude masturbation glans boots .mpeg.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_6.1.7600.16385_none_6377027f0030a06a\japanese beast xxx full movie 50+ .zip.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_60a2cbbf935c42b4\danish porn fetish hot (!) (Liz).avi.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\german gang bang animal girls .avi.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_d81c96999f75bd77\cumshot uncut boots .mpg.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_en-us_00f45b041e1e8fd3\german beastiality [bangbus] swallow .avi.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ac16749b75335680\malaysia animal [milf] .rar.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_05ea1d9b8e2bf020\horse full movie latex (Janette).mpg.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f25d066604c2ad34\norwegian trambling fucking voyeur beautyfull .rar.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8bc7919d3f36cee7\asian gang bang full movie mature .zip.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Windows\winsxs\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_16a2bb1dbab1c595\canadian blowjob handjob girls glans femdom .rar.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_963e6ae24c653bfe\american animal [free] glans shower .rar.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_b7f38afb92de484f\nude masturbation (Sonja).mpeg.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8c6fc5a7aa8c435d\black trambling lesbian vagina .zip.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_79642285ffd2a388\american handjob horse public (Tatjana).mpeg.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Windows\mssrv.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\danish fucking [milf] vagina YEâPSè& .zip.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\canadian beast action several models ash redhair .rar.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Windows\SoftwareDistribution\Download\kicking handjob masturbation .mpeg.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05\tyrkish action gang bang masturbation (Ashley,Tatjana).zip.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\beastiality horse girls cock black hairunshaved .mpg.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Windows\winsxs\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_a945e2c500c90142\asian cumshot horse catfight .rar.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_6b16fa9f975e1109\fucking voyeur nipples .avi.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_9498b282333b64ec\indian trambling fetish several models boobs (Sarah,Janette).mpeg.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Windows\winsxs\InstallTemp\fetish horse hot (!) black hairunshaved .rar.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_965db382b6fef5cb\lesbian beastiality several models black hairunshaved .rar.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\cumshot beast public ash .mpeg.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\Downloads\handjob xxx sleeping vagina high heels (Sylvia).avi.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_f27c4f066f5c6701\horse trambling hidden glans mature .rar.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_6208b91f46896156\danish horse xxx [free] (Sonja).mpeg.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_97a45841ff925aa0\african handjob bukkake hot (!) bedroom .mpg.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\lesbian horse full movie legs sweet .avi.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_es-es_00bfb7e81e458178\cumshot girls fishy .avi.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_6.1.7600.16385_none_af6f98ff87b0e3cc\gang bang nude public granny .mpeg.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\beast fucking several models balls .mpeg.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_it-it_18a6fde3093acac7\african handjob [bangbus] legs .avi.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Windows\assembly\tmp\fucking nude hidden ìï (Jenna).avi.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_65b23d3c3a97bfaf\american trambling lingerie lesbian redhair (Sandy).avi.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_60c2504d62fd4f0e\italian gay [free] shower .zip.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Windows\winsxs\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_39374e2435a71b47\kicking xxx [free] ash .rar.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\indian horse fetish licking girly .mpg.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_387a16fe7addf3b6\swedish xxx lingerie hot (!) beautyfull (Gina).mpg.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\action hardcore [bangbus] feet .avi.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_99b74194b7347cab\lesbian full movie circumcision (Liz).mpeg.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_f0ca3430257ea13f\cum licking glans .mpg.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_095efe9c8261401e\american action sleeping ejaculation .avi.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_7bfdfb15e7184c41\russian kicking porn lesbian girly .mpeg.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\tyrkish lingerie public (Janette,Kathrin).avi.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\kicking lesbian catfight hotel (Sarah).mpg.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_00225053e03f4c04\norwegian blowjob hot (!) .mpeg.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Windows\winsxs\amd64_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_c26c5b8280c6af34\danish cumshot xxx hidden .zip.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_cd2006602e5ee22e\japanese gang bang girls cock granny (Anniston,Janette).mpeg.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\Downloads\spanish fetish kicking catfight .avi.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_39c9d74ef2ad6c7b\lingerie girls .mpeg.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_6.1.7600.16385_none_49dd84a06c7c8863\asian blowjob fetish voyeur ash (Sonja,Jenna).mpg.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1304 wrote to memory of 2568 N/A C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe
PID 1304 wrote to memory of 2568 N/A C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe
PID 1304 wrote to memory of 2568 N/A C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe
PID 1304 wrote to memory of 2568 N/A C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe
PID 2568 wrote to memory of 2572 N/A C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe
PID 2568 wrote to memory of 2572 N/A C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe
PID 2568 wrote to memory of 2572 N/A C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe
PID 2568 wrote to memory of 2572 N/A C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe

Processes

C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe

"C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe"

C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe

"C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe"

C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe

"C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 59.202.136.237.in-addr.arpa udp
US 8.8.8.8:53 37.55.66.161.in-addr.arpa udp
US 8.8.8.8:53 62.228.4.117.in-addr.arpa udp
US 8.8.8.8:53 130.106.247.141.in-addr.arpa udp
US 8.8.8.8:53 211.157.115.42.in-addr.arpa udp
US 8.8.8.8:53 51.176.97.212.in-addr.arpa udp
US 8.8.8.8:53 116.202.79.149.in-addr.arpa udp
US 8.8.8.8:53 102.64.94.106.in-addr.arpa udp
US 8.8.8.8:53 230.95.151.137.in-addr.arpa udp
US 8.8.8.8:53 8.101.41.136.in-addr.arpa udp
US 8.8.8.8:53 89.46.85.216.in-addr.arpa udp
US 8.8.8.8:53 170.211.121.45.in-addr.arpa udp
US 8.8.8.8:53 137.79.5.231.in-addr.arpa udp
US 8.8.8.8:53 26.246.195.98.in-addr.arpa udp
US 8.8.8.8:53 45.76.218.172.in-addr.arpa udp
US 8.8.8.8:53 57.137.28.196.in-addr.arpa udp
US 8.8.8.8:53 11.34.227.164.in-addr.arpa udp
US 8.8.8.8:53 35.100.171.201.in-addr.arpa udp
US 8.8.8.8:53 218.107.50.184.in-addr.arpa udp
US 8.8.8.8:53 13.144.37.86.in-addr.arpa udp
US 8.8.8.8:53 100.174.131.93.in-addr.arpa udp
US 8.8.8.8:53 244.182.178.236.in-addr.arpa udp
US 8.8.8.8:53 68.230.140.144.in-addr.arpa udp
US 8.8.8.8:53 163.105.92.110.in-addr.arpa udp
US 8.8.8.8:53 110.203.65.19.in-addr.arpa udp
US 8.8.8.8:53 23.54.183.1.in-addr.arpa udp
US 8.8.8.8:53 123.163.94.224.in-addr.arpa udp

Files

memory/1304-0-0x0000000000400000-0x000000000041D000-memory.dmp

C:\Program Files\Windows Sidebar\Shared Gadgets\swedish bukkake girls young .zip.exe

MD5 fd492c44177b112b030f84fee4b0f1d1
SHA1 806126f10c7ee4a7e3c86f755d68d0b650ceac03
SHA256 e67a006f0d56e7fb65c84d249d78cd75bb8692e5dd4f04697e42cac4f12bc1d3
SHA512 874b46504bf581aad958a435b95ca9ae70f9affdef723c5622a0143e531ea5ebd6cf9eac7c411a68e3ebe0252a79da93efd7075bfef368020056784c08f1613f

memory/1304-64-0x0000000004F70000-0x0000000004F8D000-memory.dmp

memory/2568-65-0x0000000000400000-0x000000000041D000-memory.dmp

memory/2572-88-0x0000000000400000-0x000000000041D000-memory.dmp

memory/1304-90-0x0000000000400000-0x000000000041D000-memory.dmp

memory/2568-93-0x0000000000400000-0x000000000041D000-memory.dmp

memory/1304-103-0x0000000000400000-0x000000000041D000-memory.dmp

memory/1304-104-0x0000000000400000-0x000000000041D000-memory.dmp

memory/1304-107-0x0000000000400000-0x000000000041D000-memory.dmp

memory/1304-110-0x0000000000400000-0x000000000041D000-memory.dmp

memory/1304-113-0x0000000000400000-0x000000000041D000-memory.dmp

memory/1304-118-0x0000000000400000-0x000000000041D000-memory.dmp

memory/1304-121-0x0000000000400000-0x000000000041D000-memory.dmp

memory/1304-124-0x0000000000400000-0x000000000041D000-memory.dmp

memory/1304-127-0x0000000000400000-0x000000000041D000-memory.dmp

memory/1304-130-0x0000000000400000-0x000000000041D000-memory.dmp

memory/1304-133-0x0000000000400000-0x000000000041D000-memory.dmp

memory/1304-136-0x0000000000400000-0x000000000041D000-memory.dmp

memory/1304-139-0x0000000000400000-0x000000000041D000-memory.dmp

memory/1304-142-0x0000000000400000-0x000000000041D000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-04-07 20:02

Reported

2024-04-07 20:04

Platform

win10v2004-20240226-en

Max time kernel

150s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe"

Signatures

Detects executables containing possible sandbox analysis VM usernames

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\config\systemprofile\american fucking uncut girly .mpg.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Windows\SysWOW64\IME\SHARED\spanish bukkake sleeping lady (Jade).mpg.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Windows\System32\LogFiles\Fax\Incoming\japanese beastiality girls boots .rar.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\cum handjob several models traffic .mpg.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Windows\SysWOW64\IME\SHARED\chinese sperm lingerie girls swallow .mpeg.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Windows\System32\DriverStore\Temp\french kicking voyeur vagina .mpeg.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\french fetish beastiality licking legs shoes .avi.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\spanish sperm gay hidden .avi.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\canadian fetish licking cock YEâPSè& .zip.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\sperm [free] mistress .mpeg.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\malaysia bukkake lesbian nipples .zip.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\brasilian trambling masturbation .rar.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\xxx voyeur cock circumcision .rar.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\japanese fucking gay hot (!) femdom .mpg.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\tyrkish fetish beastiality lesbian ,Ó (Kathrin,Jenna).zip.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\british lingerie [milf] .rar.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Program Files\dotnet\shared\indian hardcore several models .avi.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Program Files (x86)\Google\Temp\swedish sperm xxx public penetration .rar.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\african bukkake [milf] boobs ash (Anniston,Ashley).avi.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\blowjob blowjob voyeur .avi.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\american handjob xxx public (Kathrin,Gina).mpg.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Program Files (x86)\Google\Update\Download\chinese beast hidden feet (Sonja,Anniston).mpeg.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\porn porn [free] sm .mpg.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Program Files\Common Files\microsoft shared\french blowjob [free] ash .mpeg.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\swedish bukkake girls young .zip.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\tyrkish horse sperm hidden .mpg.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Program Files\Microsoft Office\Updates\Download\handjob catfight hotel .avi.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Program Files\Windows Sidebar\Shared Gadgets\italian animal several models nipples pregnant (Liz).avi.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\fucking animal catfight nipples .mpeg.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\action hot (!) .avi.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\ServiceProfiles\NetworkService\Downloads\nude public feet bedroom (Tatjana,Karin).mpg.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_de-de_3d077a9cd5de5151\lesbian hidden bedroom (Gina,Kathrin).rar.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1288_none_56c05939711f0938\spanish porn hot (!) .mpeg.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_10.0.19041.1_none_096bb4dc0d5d63a0\swedish lingerie full movie hole wifey (Jade,Sylvia).mpeg.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_fe0807c37141be7a\brasilian handjob licking .avi.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.1_none_b6514808f7d87b1a\brasilian porn kicking sleeping .rar.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\asian sperm gay girls lady .zip.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_7860bee9439c3ae7\malaysia lingerie hardcore lesbian gorgeoushorny .zip.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_14c898cc82025c76\lingerie beastiality several models .mpeg.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-update-upshared_31bf3856ad364e35_10.0.19041.1151_none_025296d718a7b3a8\action cumshot girls .avi.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\indian horse masturbation feet bondage (Melissa,Sonja).rar.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.928_none_33e0d5558cdd7c61\asian porn cum big penetration (Liz,Britney).rar.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_en-us_310bfb76047869ad\cumshot lesbian licking titts blondie .avi.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_it-it_72a319bf8ee74a9b\kicking beastiality sleeping hole bondage .avi.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\swedish gang bang licking .mpg.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_1bbb9ab9fc52bac9\swedish handjob [milf] (Jenna,Curtney).mpeg.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.1_none_c6da8048542fddc7\chinese kicking bukkake licking femdom .mpeg.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c3d467c525734eb3\lesbian fucking full movie hairy .mpg.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.746_none_d01527cffa9c25bc\cum lesbian hole gorgeoushorny .mpg.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_2fe79eae2833b9b1\beastiality [bangbus] .mpg.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_10.0.19041.1_none_8c0b126c198fcf70\gay xxx hidden .zip.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-update-upshared_31bf3856ad364e35_10.0.19041.84_none_85259eff919b7c9e\swedish beast masturbation wifey (Ashley).rar.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.1_none_7862ecae0548fb54\japanese gang bang xxx several models titts traffic .mpg.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.84_none_c494b3b28da10665\fetish fucking [milf] feet .mpeg.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_fad1fa0072ef4a3a\action [milf] granny (Melissa,Samantha).zip.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_fd7349c396c417ae\lingerie nude big .zip.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.746_none_b53f8b98f2b3a373\russian handjob horse licking (Ashley).zip.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Windows\WinSxS\amd64_netfx4-installsqlstatetemplate_sql_b03f5f7f11d50a3a_4.0.15805.0_none_7636d1cd418015c8\spanish fucking sleeping nipples traffic .mpg.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..s-ime-eashared-ihds_31bf3856ad364e35_10.0.19041.1_none_e8996b7d3512363f\tyrkish blowjob licking ash 50+ .mpeg.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.867_en-us_49453482f1fb5356\norwegian bukkake sperm [free] Ôï .mpg.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Windows\WinSxS\x86_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_10.0.19041.1_none_34e3bab50607a64b\black hardcore masturbation vagina .avi.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..-kf-commondownloads_31bf3856ad364e35_10.0.19041.1_none_a914e3e3f19ceda1\african handjob gang bang lesbian gorgeoushorny .rar.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Windows\WinSxS\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_10.0.19041.1_none_359f84f8e5af60e2\danish cum licking .avi.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Windows\WinSxS\Temp\sperm beastiality [milf] penetration (Anniston,Kathrin).rar.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_6c85d64de79e0985\nude cum girls YEâPSè& .zip.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_10.0.19041.1_none_c513167c1d0a90dd\german nude trambling masturbation high heels .avi.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Windows\WinSxS\x86_netfx4-installsqlstatetemplate_sql_b03f5f7f11d50a3a_4.0.15805.0_none_bde408a455fc3ece\animal masturbation blondie (Jenna).mpg.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1_none_3cfd44d351b1a8ab\british sperm beast sleeping (Gina,Kathrin).rar.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..ervices-tsfairshare_31bf3856ad364e35_10.0.19041.746_none_0b33a1c93a22de1c\german horse gang bang uncut hole high heels (Jenna,Anniston).mpeg.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_10.0.19041.1_none_91025638be651781\blowjob masturbation boobs young .mpg.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_ca03036af4a5017e\norwegian bukkake beast voyeur latex .mpeg.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.746_none_d404daff82e97769\gay fucking hidden hole (Sonja).mpg.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_es-es_64c107d8bb3ade94\brasilian cum fetish hot (!) .mpg.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..ervices-tsfairshare_31bf3856ad364e35_10.0.19041.1_none_e32b64807ab11fd2\beastiality bukkake uncut penetration (Sandy,Samantha).rar.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..ces-ime-eashared-lm_31bf3856ad364e35_10.0.19041.1_none_4756d423b091d10b\brasilian blowjob public glans .avi.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_it-it_bdb6c49fcea35732\trambling girls (Janette,Curtney).mpeg.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.746_none_2212358fc33cc10f\american porn nude uncut high heels (Sarah).mpg.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d38ece58f77171b4\french kicking nude uncut YEâPSè& .mpg.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_887b2378b7b5651d\fetish fetish big feet .mpeg.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_cb389cf57d74d691\beast cumshot hot (!) girly .zip.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_5abbd3c4a3f2014c\hardcore sleeping .mpg.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_d58d4747b1d5988c\kicking hidden ash .mpeg.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Windows\WinSxS\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_10.0.19041.1_none_a723631dce180fe0\russian beastiality trambling hidden glans balls (Sonja).mpg.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Windows\PLA\Templates\tyrkish beast beast full movie titts .mpeg.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_it-it_f1a0741e853eda74\chinese gay lingerie hot (!) black hairunshaved .rar.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Windows\WinSxS\amd64_netfx-aspnet-sharedcomponents_b03f5f7f11d50a3a_4.0.19041.1_none_47ca94859da20b28\russian sperm beastiality [free] boobs .rar.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_56cd15352969a8d0\horse hot (!) (Jade,Curtney).zip.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_10.0.19041.1_none_551afa5edf8be30e\danish kicking handjob [milf] .mpg.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_215194e2327a46ac\nude voyeur blondie .avi.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ces-ime-eashared-lm_31bf3856ad364e35_10.0.19041.1_none_3d0229d17c310f10\cumshot gay hot (!) high heels .zip.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-u..ell-sharedutilities_31bf3856ad364e35_10.0.19041.546_none_a93e4a2569276206\gang bang porn [bangbus] .avi.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Windows\WinSxS\amd64_netfx-shared_registry_whidbey_31bf3856ad364e35_10.0.19041.1_none_1c68775f06732f08\animal beast [bangbus] .zip.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1288_none_6115038ba57fcb33\tyrkish hardcore gang bang voyeur balls (Samantha,Ashley).mpeg.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_ab42fb092bda9182\indian trambling girls .mpg.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 100 wrote to memory of 2368 N/A C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe
PID 100 wrote to memory of 2368 N/A C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe
PID 100 wrote to memory of 2368 N/A C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe
PID 2368 wrote to memory of 1604 N/A C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe
PID 2368 wrote to memory of 1604 N/A C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe
PID 2368 wrote to memory of 1604 N/A C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe

Processes

C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe

"C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe"

C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe

"C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe"

C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe

"C:\Users\Admin\AppData\Local\Temp\35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 249.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 134.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 130.118.77.104.in-addr.arpa udp
US 8.8.8.8:53 184.114.95.46.in-addr.arpa udp
US 8.8.8.8:53 228.137.3.45.in-addr.arpa udp
US 8.8.8.8:53 165.252.224.227.in-addr.arpa udp
US 8.8.8.8:53 32.65.16.67.in-addr.arpa udp
US 8.8.8.8:53 223.191.186.102.in-addr.arpa udp
US 8.8.8.8:53 96.115.95.91.in-addr.arpa udp
US 8.8.8.8:53 68.11.171.155.in-addr.arpa udp
US 8.8.8.8:53 70.121.106.45.in-addr.arpa udp
US 8.8.8.8:53 198.251.232.128.in-addr.arpa udp
US 8.8.8.8:53 69.111.6.2.in-addr.arpa udp
US 8.8.8.8:53 99.227.145.160.in-addr.arpa udp
US 8.8.8.8:53 146.123.148.200.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 162.1.235.89.in-addr.arpa udp
US 8.8.8.8:53 40.112.196.184.in-addr.arpa udp
US 8.8.8.8:53 173.65.51.49.in-addr.arpa udp
US 8.8.8.8:53 242.252.74.120.in-addr.arpa udp
US 8.8.8.8:53 155.73.49.181.in-addr.arpa udp
US 8.8.8.8:53 146.148.39.5.in-addr.arpa udp
US 8.8.8.8:53 4.178.28.224.in-addr.arpa udp
US 8.8.8.8:53 177.179.65.199.in-addr.arpa udp
US 8.8.8.8:53 56.117.111.218.in-addr.arpa udp
US 8.8.8.8:53 137.140.60.254.in-addr.arpa udp
US 8.8.8.8:53 110.3.47.6.in-addr.arpa udp
US 8.8.8.8:53 160.140.227.185.in-addr.arpa udp
US 8.8.8.8:53 158.241.149.37.in-addr.arpa udp
US 8.8.8.8:53 6.144.118.61.in-addr.arpa udp
US 8.8.8.8:53 200.182.47.153.in-addr.arpa udp
US 8.8.8.8:53 222.105.27.160.in-addr.arpa udp
US 8.8.8.8:53 224.99.119.65.in-addr.arpa udp
US 8.8.8.8:53 104.206.199.22.in-addr.arpa udp
US 8.8.8.8:53 79.166.17.64.in-addr.arpa udp
US 8.8.8.8:53 63.17.225.84.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 135.156.189.127.in-addr.arpa udp
US 8.8.8.8:53 228.168.249.142.in-addr.arpa udp
US 8.8.8.8:53 124.236.235.191.in-addr.arpa udp
US 8.8.8.8:53 191.177.73.223.in-addr.arpa udp
US 8.8.8.8:53 193.21.201.171.in-addr.arpa udp
US 8.8.8.8:53 37.185.200.59.in-addr.arpa udp
US 8.8.8.8:53 8.68.52.135.in-addr.arpa udp
US 8.8.8.8:53 222.232.198.82.in-addr.arpa udp
US 8.8.8.8:53 109.94.67.254.in-addr.arpa udp
US 8.8.8.8:53 204.108.34.68.in-addr.arpa udp
US 8.8.8.8:53 48.129.86.8.in-addr.arpa udp
US 8.8.8.8:53 58.1.231.75.in-addr.arpa udp
US 8.8.8.8:53 138.168.114.188.in-addr.arpa udp
US 8.8.8.8:53 131.1.154.202.in-addr.arpa udp
US 8.8.8.8:53 12.167.34.242.in-addr.arpa udp
US 8.8.8.8:53 45.168.191.237.in-addr.arpa udp
US 8.8.8.8:53 141.190.164.151.in-addr.arpa udp
US 8.8.8.8:53 30.137.6.92.in-addr.arpa udp
US 8.8.8.8:53 14.241.173.145.in-addr.arpa udp
US 8.8.8.8:53 11.161.135.163.in-addr.arpa udp
US 8.8.8.8:53 39.180.64.116.in-addr.arpa udp
US 8.8.8.8:53 100.143.156.59.in-addr.arpa udp
US 8.8.8.8:53 202.197.229.49.in-addr.arpa udp
US 8.8.8.8:53 39.184.144.207.in-addr.arpa udp
US 8.8.8.8:53 17.147.10.52.in-addr.arpa udp
US 8.8.8.8:53 193.150.69.108.in-addr.arpa udp
US 8.8.8.8:53 109.242.114.131.in-addr.arpa udp
US 8.8.8.8:53 151.60.228.65.in-addr.arpa udp
US 8.8.8.8:53 36.43.98.199.in-addr.arpa udp
US 8.8.8.8:53 7.173.189.20.in-addr.arpa udp

Files

memory/100-0-0x0000000000400000-0x000000000041D000-memory.dmp

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\swedish bukkake girls young .zip.exe

MD5 fd492c44177b112b030f84fee4b0f1d1
SHA1 806126f10c7ee4a7e3c86f755d68d0b650ceac03
SHA256 e67a006f0d56e7fb65c84d249d78cd75bb8692e5dd4f04697e42cac4f12bc1d3
SHA512 874b46504bf581aad958a435b95ca9ae70f9affdef723c5622a0143e531ea5ebd6cf9eac7c411a68e3ebe0252a79da93efd7075bfef368020056784c08f1613f

memory/1604-151-0x0000000000400000-0x000000000041D000-memory.dmp

memory/100-183-0x0000000000400000-0x000000000041D000-memory.dmp

memory/2368-184-0x0000000000400000-0x000000000041D000-memory.dmp

memory/100-187-0x0000000000400000-0x000000000041D000-memory.dmp

memory/100-189-0x0000000000400000-0x000000000041D000-memory.dmp

memory/100-193-0x0000000000400000-0x000000000041D000-memory.dmp

memory/100-202-0x0000000000400000-0x000000000041D000-memory.dmp

memory/100-205-0x0000000000400000-0x000000000041D000-memory.dmp

memory/100-209-0x0000000000400000-0x000000000041D000-memory.dmp

memory/100-212-0x0000000000400000-0x000000000041D000-memory.dmp

memory/100-215-0x0000000000400000-0x000000000041D000-memory.dmp

memory/100-218-0x0000000000400000-0x000000000041D000-memory.dmp

memory/100-221-0x0000000000400000-0x000000000041D000-memory.dmp

memory/100-224-0x0000000000400000-0x000000000041D000-memory.dmp

memory/100-227-0x0000000000400000-0x000000000041D000-memory.dmp

memory/100-230-0x0000000000400000-0x000000000041D000-memory.dmp

memory/100-233-0x0000000000400000-0x000000000041D000-memory.dmp