Malware Analysis Report

2024-11-13 13:58

Sample ID 240407-yr9ngada9v
Target 362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11
SHA256 362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11
Tags
persistence spyware stealer upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11

Threat Level: Known bad

The file 362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11 was found to be: Known bad.

Malicious Activity Summary

persistence spyware stealer upx

UPX dump on OEP (original entry point)

Detects executables containing possible sandbox analysis VM usernames

UPX dump on OEP (original entry point)

Reads user/profile data of web browsers

Checks computer location settings

UPX packed file

Adds Run key to start application

Enumerates connected drives

Drops file in System32 directory

Drops file in Program Files directory

Drops file in Windows directory

Enumerates physical storage devices

Unsigned PE

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-07 20:02

Signatures

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-07 20:02

Reported

2024-04-07 20:04

Platform

win7-20231129-en

Max time kernel

150s

Max time network

147s

Command Line

"C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe"

Signatures

Detects executables containing possible sandbox analysis VM usernames

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\DriverStore\Temp\brasilian lingerie catfight nipples wifey (Jenna,Jenna).mpg.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Windows\SysWOW64\IME\shared\italian handjob hot (!) latex (Melissa).mpg.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Windows\System32\LogFiles\Fax\Incoming\beast [free] mature (Jade).mpg.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\canadian bukkake sleeping Ôë .rar.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\african nude catfight vagina hotel .mpeg.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\nude hot (!) .mpeg.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Windows\SysWOW64\IME\shared\gang bang animal sleeping .rar.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\indian kicking girls balls .mpeg.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\danish horse lesbian hole .mpeg.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\hardcore hot (!) .mpg.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Google\Temp\blowjob trambling [free] .mpg.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\swedish fucking fetish full movie .mpeg.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\asian horse masturbation mature .zip.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\spanish gang bang full movie femdom .avi.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Program Files (x86)\Google\Update\Download\gang bang lesbian .avi.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\fucking lesbian uncut .rar.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\gay handjob [free] boobs pregnant .mpeg.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Program Files\Windows Sidebar\Shared Gadgets\kicking full movie cock .avi.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\canadian handjob lesbian legs hotel .rar.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\african trambling girls (Jenna).mpeg.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\american gang bang [milf] .rar.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\canadian nude nude girls pregnant .mpeg.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Program Files\Windows Journal\Templates\bukkake big titts hairy (Curtney,Britney).zip.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\blowjob uncut sm (Sonja).zip.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Program Files\DVD Maker\Shared\fetish hardcore [milf] .mpg.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_3b85bcbe4734e96a\russian horse [free] girly .rar.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Windows\winsxs\amd64_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_c26c5b8280c6af34\norwegian lesbian girls girly .mpeg.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_60c2504d62fd4f0e\hardcore several models wifey (Sandy).avi.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_f0ca3430257ea13f\indian nude several models beautyfull .mpg.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\gang bang lesbian ash girly (Ashley).mpg.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8c6fc5a7aa8c435d\chinese action fetish catfight .rar.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_6f0f7833cb71e18d\indian xxx [bangbus] feet mistress .mpg.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_1412267f4b3bb985\danish kicking handjob [bangbus] hole sweet .zip.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_6.1.7600.16385_none_a727eb798dcfb185\african cum [free] redhair (Britney,Kathrin).rar.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\swedish hardcore catfight penetration .mpeg.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_97a45841ff925aa0\gay licking bondage (Sonja).mpg.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Windows\winsxs\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_5e4ff1f4cf2dee9b\animal blowjob girls balls .avi.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_00225053e03f4c04\russian beast big mistress (Britney,Janette).zip.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e30b5ec05031d17d\nude hardcore several models cock granny .avi.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_f27c4f066f5c6701\spanish fetish xxx [milf] penetration .avi.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a3772de7111797da\danish xxx uncut titts ash .mpg.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_f3c374fc18118ca2\action bukkake masturbation feet 50+ .rar.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b4aea777fe683838\british lingerie full movie .rar.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_94828572f7ddbf0f\bukkake big circumcision .mpg.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_6.1.7600.16385_none_49dd84a06c7c8863\asian cum [milf] (Sylvia).rar.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\nude cum [bangbus] boots (Jade,Samantha).zip.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\malaysia nude lingerie catfight redhair (Sandy).rar.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_657d9a203abeb154\russian lesbian trambling uncut cock ejaculation .avi.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\british cum public .mpeg.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05\kicking catfight wifey .mpg.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_d81c96999f75bd77\german xxx beast [milf] .avi.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0af98f1835676d1b\indian beastiality public bedroom .mpeg.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_cd2006602e5ee22e\brasilian cumshot sleeping .mpeg.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ac16749b75335680\danish lesbian blowjob big .avi.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_4d274741486b900c\japanese xxx porn [bangbus] (Jade,Tatjana).rar.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\african gay several models boobs beautyfull .mpg.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Windows\SoftwareDistribution\Download\danish hardcore public .mpeg.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_65b23d3c3a97bfaf\canadian beastiality horse girls .rar.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_de-de_5803850b2f40840e\norwegian gay several models .zip.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\Downloads\cumshot action masturbation .mpg.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_05ea1d9b8e2bf020\cumshot xxx [bangbus] legs .rar.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\tyrkish lesbian several models sweet (Kathrin,Karin).mpg.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8d9f242de8497d58\chinese nude kicking full movie swallow .mpg.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_6.1.7600.16385_none_6377027f0030a06a\african hardcore lingerie uncut 50+ (Sandy,Gina).avi.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_9498b282333b64ec\hardcore lesbian boobs young (Sarah).avi.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_664dbffec8693dfe\danish sperm [bangbus] sm .rar.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\malaysia animal [milf] glans 40+ .avi.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Windows\assembly\temp\norwegian lingerie porn lesbian .mpg.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Windows\assembly\tmp\kicking big 50+ .zip.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Windows\winsxs\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_dba3691c6002e10e\asian lesbian fucking lesbian cock sm .zip.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Windows\winsxs\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_a945e2c500c90142\german animal bukkake licking legs .avi.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_b7f38afb92de484f\german sperm fetish hidden (Jade).mpg.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\cum [milf] .avi.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_7f84cd98a7a56fd8\british lingerie hidden (Curtney).avi.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\italian beastiality [bangbus] .mpeg.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Windows\winsxs\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_16a2bb1dbab1c595\african xxx fetish girls circumcision (Sonja).mpg.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_94ab98ac6d213009\beastiality [milf] ash stockings .mpg.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f25d066604c2ad34\british action trambling full movie swallow .mpg.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_4fe2107fd06efdd8\asian action several models wifey .zip.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_34400a5790d1d336\bukkake voyeur boobs (Samantha,Christine).zip.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8bc7919d3f36cee7\tyrkish lesbian horse girls ash .rar.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_965db382b6fef5cb\french action big legs high heels (Jade,Jade).mpeg.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Windows\Downloaded Program Files\trambling trambling lesbian .zip.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\blowjob several models .zip.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\chinese hardcore girls glans .mpeg.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\Downloads\spanish bukkake xxx [bangbus] 50+ .rar.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5d6ada54ed6d35a2\brasilian lesbian girls sm .zip.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ea4a469ab7713182\american nude [free] feet upskirt .zip.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Windows\winsxs\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_39374e2435a71b47\beastiality lingerie public nipples (Curtney).zip.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2360 wrote to memory of 2472 N/A C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe
PID 2360 wrote to memory of 2472 N/A C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe
PID 2360 wrote to memory of 2472 N/A C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe
PID 2360 wrote to memory of 2472 N/A C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe
PID 2472 wrote to memory of 636 N/A C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe
PID 2472 wrote to memory of 636 N/A C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe
PID 2472 wrote to memory of 636 N/A C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe
PID 2472 wrote to memory of 636 N/A C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe

Processes

C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe

"C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe"

C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe

"C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe"

C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe

"C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 138.85.51.102.in-addr.arpa udp
US 8.8.8.8:53 202.170.1.11.in-addr.arpa udp
US 8.8.8.8:53 129.46.74.13.in-addr.arpa udp
US 8.8.8.8:53 204.144.40.95.in-addr.arpa udp
US 8.8.8.8:53 27.41.55.77.in-addr.arpa udp
US 8.8.8.8:53 110.139.89.114.in-addr.arpa udp
US 8.8.8.8:53 64.183.230.171.in-addr.arpa udp
US 8.8.8.8:53 179.91.234.204.in-addr.arpa udp
US 8.8.8.8:53 100.10.12.23.in-addr.arpa udp
US 8.8.8.8:53 63.133.208.229.in-addr.arpa udp
US 8.8.8.8:53 188.132.163.12.in-addr.arpa udp
US 8.8.8.8:53 176.207.111.246.in-addr.arpa udp
US 8.8.8.8:53 142.177.1.100.in-addr.arpa udp
US 8.8.8.8:53 16.253.28.186.in-addr.arpa udp
US 8.8.8.8:53 86.190.216.170.in-addr.arpa udp
US 8.8.8.8:53 31.163.54.207.in-addr.arpa udp
US 8.8.8.8:53 119.70.235.181.in-addr.arpa udp
US 8.8.8.8:53 29.94.157.62.in-addr.arpa udp
US 8.8.8.8:53 188.102.63.86.in-addr.arpa udp
US 8.8.8.8:53 56.227.236.102.in-addr.arpa udp
US 8.8.8.8:53 88.238.208.232.in-addr.arpa udp
US 8.8.8.8:53 78.168.146.10.in-addr.arpa udp
US 8.8.8.8:53 19.81.91.100.in-addr.arpa udp
US 8.8.8.8:53 139.123.73.13.in-addr.arpa udp
US 8.8.8.8:53 250.46.168.168.in-addr.arpa udp
US 8.8.8.8:53 215.210.140.129.in-addr.arpa udp
US 8.8.8.8:53 5.44.38.97.in-addr.arpa udp
US 8.8.8.8:53 56.215.111.13.in-addr.arpa udp
US 8.8.8.8:53 10.5.215.205.in-addr.arpa udp

Files

memory/2360-0-0x0000000000400000-0x000000000041D000-memory.dmp

C:\Program Files\Windows Sidebar\Shared Gadgets\kicking full movie cock .avi.exe

MD5 5b224cde16c716edaf997af959509cbd
SHA1 229f9a43a80c881a7904dc5dabd5d3549f79a833
SHA256 a3a47ddf8cef41a15b30475112e710cf218a412505eb34888e1ce406670617c5
SHA512 ff5d108a5635525393554b032ba6441d857576a17c819cdd47ab1dacfd11767eb49e6d3a2d185745ac70ea547cba0513320c615190b0e2b4ca7b18527df73297

memory/2360-65-0x0000000004BD0000-0x0000000004BED000-memory.dmp

memory/2472-66-0x0000000000400000-0x000000000041D000-memory.dmp

memory/2472-89-0x0000000001E10000-0x0000000001E2D000-memory.dmp

memory/636-90-0x0000000000400000-0x000000000041D000-memory.dmp

memory/2360-92-0x0000000000400000-0x000000000041D000-memory.dmp

C:\debug.txt

MD5 c8424149653e4b81765d557f6c878677
SHA1 42da4739e16e6c74116d9a00e09b2c63628d89de
SHA256 5dd4e1efd60fb379ba8d1fe4a858ba0f51c612410f2525224e7b4f1d550b1b85
SHA512 54f2b70ed8f17b85b26d1667ba4c7f6f9a24ab162d61c19a4d5b13bf16972717f7cb0feed5e7377b7ce54fce604d214602d4f37599ab798694b8d16ea1ca8e6b

memory/636-104-0x0000000000400000-0x000000000041D000-memory.dmp

memory/2360-106-0x0000000000400000-0x000000000041D000-memory.dmp

memory/2360-105-0x0000000000400000-0x000000000041D000-memory.dmp

memory/2360-108-0x0000000004BD0000-0x0000000004BED000-memory.dmp

memory/2472-110-0x0000000001E10000-0x0000000001E2D000-memory.dmp

memory/2360-111-0x0000000000400000-0x000000000041D000-memory.dmp

memory/2360-114-0x0000000000400000-0x000000000041D000-memory.dmp

memory/2360-117-0x0000000000400000-0x000000000041D000-memory.dmp

memory/2360-122-0x0000000000400000-0x000000000041D000-memory.dmp

memory/2360-125-0x0000000000400000-0x000000000041D000-memory.dmp

memory/2360-128-0x0000000000400000-0x000000000041D000-memory.dmp

memory/2360-131-0x0000000000400000-0x000000000041D000-memory.dmp

memory/2360-134-0x0000000000400000-0x000000000041D000-memory.dmp

memory/2360-137-0x0000000000400000-0x000000000041D000-memory.dmp

memory/2360-140-0x0000000000400000-0x000000000041D000-memory.dmp

memory/2360-143-0x0000000000400000-0x000000000041D000-memory.dmp

memory/2360-146-0x0000000000400000-0x000000000041D000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-04-07 20:02

Reported

2024-04-07 20:04

Platform

win10v2004-20240226-en

Max time kernel

150s

Max time network

155s

Command Line

"C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe"

Signatures

Detects executables containing possible sandbox analysis VM usernames

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\IME\SHARED\norwegian horse [milf] mature .avi.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\japanese beastiality blowjob full movie upskirt .mpeg.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\black handjob porn [free] boots .mpg.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\animal hot (!) hotel .rar.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\japanese xxx hidden latex .mpg.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\indian gang bang [bangbus] 40+ (Kathrin).zip.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Windows\System32\DriverStore\Temp\canadian fetish animal hidden YEâPSè& .zip.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\spanish handjob several models .rar.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\german action several models boobs bondage .mpg.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Windows\System32\LogFiles\Fax\Incoming\handjob gang bang public .rar.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\animal public mistress .mpeg.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Windows\SysWOW64\IME\SHARED\asian beast lesbian [milf] .avi.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\blowjob sleeping vagina redhair .avi.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\swedish nude fucking sleeping 40+ .mpeg.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\american animal horse full movie latex (Sandy,Curtney).zip.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Program Files\Common Files\microsoft shared\italian action girls (Jenna).mpg.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\indian nude gang bang [bangbus] glans .rar.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\german beastiality fetish [free] .zip.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\norwegian xxx hot (!) (Jade).zip.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\chinese hardcore blowjob [free] boobs .avi.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Program Files (x86)\Google\Temp\sperm sleeping femdom .rar.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Program Files\dotnet\shared\italian cumshot blowjob licking feet sweet .avi.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\sperm masturbation .mpeg.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Program Files\Windows Sidebar\Shared Gadgets\black horse voyeur feet .mpeg.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\american porn horse licking .rar.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\danish cumshot beast hidden boobs .zip.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\french horse public upskirt (Liz,Kathrin).avi.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Program Files (x86)\Google\Update\Download\german cum fucking girls feet .rar.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\handjob catfight latex (Sarah,Sarah).zip.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Program Files\Microsoft Office\Updates\Download\kicking fucking hidden beautyfull (Gina,Janette).mpg.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.789_en-us_58ebf9ecc407e3c0\german handjob [milf] 50+ (Anniston).zip.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_10.0.19041.1_none_4ac6500cab2b2113\malaysia cumshot masturbation granny .mpeg.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Windows\WinSxS\Temp\american animal action several models titts 40+ .mpeg.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.1_none_b6514808f7d87b1a\gang bang girls beautyfull .zip.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_6c85d64de79e0985\chinese xxx catfight ash .mpg.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_it-it_56adcc94becfef03\hardcore hidden shoes .zip.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_9aa486d790131d4e\asian nude xxx licking (Jenna).mpg.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_89c0bf1761110f07\british fetish cum hot (!) .zip.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\british fetish lesbian licking redhair .avi.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_it-it_72a319bf8ee74a9b\beast [milf] (Sandy).mpg.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_f3b35d713ce0fc7f\japanese fetish blowjob girls shower .avi.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_887b2378b7b5651d\brasilian lingerie hot (!) .avi.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-m..ineshared.resources_31bf3856ad364e35_10.0.19041.1_en-us_a4327320c19e2fa7\sperm gay lesbian penetration .mpg.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-u..ell-sharedutilities_31bf3856ad364e35_10.0.19041.546_none_a93e4a2569276206\british hardcore uncut mistress .mpeg.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1202_none_e2f5ebbcec2d8fca\african horse masturbation ash .zip.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Windows\WinSxS\x86_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_10.0.19041.1_none_34e3bab50607a64b\indian handjob several models fishy .mpg.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\british lingerie horse full movie pregnant (Jade).mpg.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Windows\security\templates\spanish sperm sleeping (Sonja,Sonja).mpg.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_de-de_16bd831fd16633be\horse xxx girls (Ashley,Sonja).mpg.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_10.0.19041.1_none_ee94ce5eb8e7e4c0\american gay voyeur young .mpg.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_en-us_8dd6053a0a5910eb\tyrkish nude several models lady .mpeg.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Windows\WinSxS\amd64_netfx4-uninstallsqlstatetemplate_sql_b03f5f7f11d50a3a_4.0.15805.0_none_db70a8ec1b999dd5\british lesbian sleeping cock stockings .mpg.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_d58d4747b1d5988c\malaysia handjob hidden bedroom (Sylvia,Gina).mpg.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Windows\assembly\temp\american gay porn hidden vagina (Sonja).avi.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Windows\SystemResources\Windows.UI.ShellCommon\SharePickerUI\lesbian uncut vagina .rar.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_cb389cf57d74d691\danish fucking several models leather (Melissa).zip.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_2fe79eae2833b9b1\kicking girls (Janette,Janette).avi.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Windows\mssrv.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Windows\WinSxS\amd64_netfx4-_dataperfcou.._shared12_neutral_h_b03f5f7f11d50a3a_4.0.15805.0_none_24ed4511dcc3019e\american gang bang licking .rar.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Windows\WinSxS\x86_netfx4-uninstallsqlstatetemplate_sql_b03f5f7f11d50a3a_4.0.15805.0_none_231ddfc33015c6db\asian xxx gang bang masturbation .mpeg.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_ca03036af4a5017e\cum masturbation balls .zip.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\russian cum catfight (Jade).mpg.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-u..tyvm-sysprep-shared_31bf3856ad364e35_10.0.19041.1_none_3ba048793ab5eb3f\asian gang bang several models circumcision .rar.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Windows\WinSxS\amd64_netfx-shared_registry_whidbey_31bf3856ad364e35_10.0.19041.1_none_1c68775f06732f08\german beastiality hidden redhair (Sarah,Curtney).avi.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Windows\WinSxS\msil_microsoft.powershel..filedownloadmanager_31bf3856ad364e35_10.0.19041.1_none_cb69bad627df9263\porn licking .zip.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_es-es_c9ce604ef4cbf323\british horse sperm uncut ejaculation .avi.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.964_none_1c1a193f5bfcf136\japanese sperm hot (!) .zip.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1_none_97e9c0335b4cd39a\black horse masturbation blondie .mpeg.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Windows\WinSxS\amd64_netfx-aspnet-nonwow64-shared_b03f5f7f11d50a3a_4.0.19041.1_none_d66d07dacac85e2d\norwegian horse bukkake uncut glans pregnant (Kathrin).rar.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Windows\WinSxS\amd64_netfx4-_dataoraclec.._shared12_neutral_h_b03f5f7f11d50a3a_4.0.15805.0_none_3b8d4dacc2ea6b71\beast hardcore public ash wifey .avi.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_7860bee9439c3ae7\fetish lesbian [milf] .zip.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_4c786ae2f508e6d5\russian cum sleeping (Kathrin,Britney).mpg.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..ces-ime-eashared-lm_31bf3856ad364e35_10.0.19041.1_none_4756d423b091d10b\american gang bang beast big wifey .zip.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1288_none_6115038ba57fcb33\cum lesbian boobs mature .avi.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_10.0.19041.1_none_a3d9a07cf2290837\french fucking blowjob hot (!) .zip.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_it-it_1a80ce63d483fe70\malaysia fucking horse full movie vagina circumcision (Gina,Curtney).avi.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_19d22204a1f3fcaf\black porn fucking masturbation castration .zip.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.153_none_e23c926e32d07dc1\brasilian gay girls bedroom (Kathrin).mpeg.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.746_none_aaeae146be52e178\cumshot catfight redhair .rar.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..acejoin-gptemplates_31bf3856ad364e35_10.0.19041.1_none_609f27436445f4da\bukkake beast [milf] hole leather .zip.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\porn public wifey .mpg.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\Downloads\beastiality uncut glans circumcision (Britney,Samantha).avi.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_en-us_310bfb76047869ad\animal cum full movie shoes (Janette).mpeg.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.1_none_a7ad1894592cfa12\chinese sperm animal [free] feet .mpg.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\Downloads\kicking several models high heels .mpeg.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_10.0.19041.1_none_965fbcbe4df0916b\hardcore uncut fishy .mpeg.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_56cd15352969a8d0\asian bukkake public .avi.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Windows\PLA\Templates\indian gay [bangbus] .avi.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5fdc43acc1be690d\cum lingerie public YEâPSè& .avi.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_es-es_e5c3ad79c4e34ebb\kicking uncut titts swallow (Melissa).zip.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Windows\WinSxS\InstallTemp\gang bang porn [bangbus] beautyfull (Tatjana).mpg.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_8fafa997b9980bea\lesbian animal lesbian .mpeg.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_1bbb9ab9fc52bac9\handjob [milf] .avi.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_ee7ea14f7d8a3ee3\norwegian lesbian [bangbus] legs .mpg.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1820 wrote to memory of 2828 N/A C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe
PID 1820 wrote to memory of 2828 N/A C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe
PID 1820 wrote to memory of 2828 N/A C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe
PID 1820 wrote to memory of 4636 N/A C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe
PID 1820 wrote to memory of 4636 N/A C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe
PID 1820 wrote to memory of 4636 N/A C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe
PID 2828 wrote to memory of 788 N/A C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe
PID 2828 wrote to memory of 788 N/A C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe
PID 2828 wrote to memory of 788 N/A C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe

Processes

C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe

"C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe"

C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe

"C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe"

C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe

"C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe"

C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe

"C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 71.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 0.204.248.87.in-addr.arpa udp
US 8.8.8.8:53 240.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 249.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 16.147.13.44.in-addr.arpa udp
US 8.8.8.8:53 252.9.108.58.in-addr.arpa udp
US 8.8.8.8:53 163.193.137.249.in-addr.arpa udp
US 8.8.8.8:53 104.79.230.191.in-addr.arpa udp
US 8.8.8.8:53 136.214.26.135.in-addr.arpa udp
US 8.8.8.8:53 138.148.243.208.in-addr.arpa udp
US 8.8.8.8:53 172.11.135.45.in-addr.arpa udp
US 8.8.8.8:53 244.51.77.146.in-addr.arpa udp
US 8.8.8.8:53 151.149.225.243.in-addr.arpa udp
US 8.8.8.8:53 253.136.106.38.in-addr.arpa udp
US 8.8.8.8:53 31.150.137.141.in-addr.arpa udp
US 8.8.8.8:53 71.6.139.205.in-addr.arpa udp
US 8.8.8.8:53 32.145.12.93.in-addr.arpa udp
US 8.8.8.8:53 91.65.42.20.in-addr.arpa udp
US 8.8.8.8:53 87.136.149.138.in-addr.arpa udp
US 8.8.8.8:53 204.95.223.150.in-addr.arpa udp
US 8.8.8.8:53 105.36.210.76.in-addr.arpa udp

Files

memory/1820-0-0x0000000000400000-0x000000000041D000-memory.dmp

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\german beastiality fetish [free] .zip.exe

MD5 1893e6d4819b698e4d7c0671e1096486
SHA1 f068a7f5bd0d5ba9c3c90e9385dac3a4366f0330
SHA256 384e8c2c99028dec86f22fd9c6dac1bbc34c9d0a0a77f25d07cdc9143ee06085
SHA512 90558452d1bde7340023c57c83665fd814bafc0259bee390060e12aee8ce082b21c35a972e358dd4b997e0225d6adc4ed724b8d24f62634df6c908c699080f09

memory/2828-19-0x0000000000400000-0x000000000041D000-memory.dmp

memory/4636-83-0x0000000000400000-0x000000000041D000-memory.dmp

memory/1820-156-0x0000000000400000-0x000000000041D000-memory.dmp

memory/2828-171-0x0000000000400000-0x000000000041D000-memory.dmp

memory/4636-172-0x0000000000400000-0x000000000041D000-memory.dmp

memory/788-173-0x0000000000400000-0x000000000041D000-memory.dmp

memory/1820-174-0x0000000000400000-0x000000000041D000-memory.dmp

memory/1820-175-0x0000000000400000-0x000000000041D000-memory.dmp

memory/1820-197-0x0000000000400000-0x000000000041D000-memory.dmp

memory/1820-201-0x0000000000400000-0x000000000041D000-memory.dmp

memory/1820-205-0x0000000000400000-0x000000000041D000-memory.dmp

memory/1820-209-0x0000000000400000-0x000000000041D000-memory.dmp

memory/1820-213-0x0000000000400000-0x000000000041D000-memory.dmp

memory/1820-217-0x0000000000400000-0x000000000041D000-memory.dmp

memory/1820-221-0x0000000000400000-0x000000000041D000-memory.dmp

memory/1820-226-0x0000000000400000-0x000000000041D000-memory.dmp

memory/1820-230-0x0000000000400000-0x000000000041D000-memory.dmp

memory/1820-236-0x0000000000400000-0x000000000041D000-memory.dmp

memory/1820-246-0x0000000000400000-0x000000000041D000-memory.dmp

memory/1820-250-0x0000000000400000-0x000000000041D000-memory.dmp