Malware Analysis Report

2025-08-06 00:44

Sample ID 240403-xbvnyahf52
Target 0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5
SHA256 0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5
Tags
persistence spyware stealer upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5

Threat Level: Known bad

The file 0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5 was found to be: Known bad.

Malicious Activity Summary

persistence spyware stealer upx

UPX dump on OEP (original entry point)

Detects executables containing possible sandbox analysis VM usernames

UPX dump on OEP (original entry point)

UPX packed file

Checks computer location settings

Reads user/profile data of web browsers

Adds Run key to start application

Enumerates connected drives

Drops file in System32 directory

Drops file in Windows directory

Drops file in Program Files directory

Enumerates physical storage devices

Unsigned PE

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-03 18:41

Signatures

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-04-03 18:41

Reported

2024-04-03 18:43

Platform

win10v2004-20240226-en

Max time kernel

150s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe"

Signatures

Detects executables containing possible sandbox analysis VM usernames

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\IME\SHARED\trambling hidden pregnant .mpeg.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\porn nude several models granny .mpeg.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Windows\SysWOW64\IME\SHARED\xxx kicking [milf] glans YEâPSè& .rar.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\spanish beast xxx licking circumcision .avi.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\german blowjob uncut hotel .avi.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\tyrkish horse girls ash lady .rar.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\danish porn masturbation gorgeoushorny (Gina,Gina).rar.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\action cumshot sleeping feet fishy .avi.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\lingerie licking (Britney).zip.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Windows\System32\DriverStore\Temp\action gang bang [bangbus] .avi.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\sperm hardcore hidden .rar.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Windows\System32\LogFiles\Fax\Incoming\american horse bukkake [milf] boobs (Anniston,Curtney).mpg.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Google\Temp\nude girls .mpeg.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\sperm bukkake lesbian .zip.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Program Files\Common Files\microsoft shared\african kicking hidden YEâPSè& .rar.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\xxx [free] (Sylvia,Curtney).rar.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\japanese porn catfight .rar.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Program Files\Windows Sidebar\Shared Gadgets\brasilian horse cumshot big girly .zip.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Program Files (x86)\Google\Update\Download\british lesbian catfight ash (Anniston).mpeg.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\trambling lesbian lesbian glans black hairunshaved .avi.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\gay kicking full movie .zip.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\malaysia action animal hot (!) .avi.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Program Files\Microsoft Office\Updates\Download\porn voyeur shoes .zip.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\indian action beast big feet 50+ (Samantha,Anniston).rar.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\malaysia animal handjob sleeping (Britney).rar.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\xxx big titts wifey .mpg.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\horse hidden .rar.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\spanish horse sleeping sm .mpg.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Program Files\dotnet\shared\danish xxx beastiality lesbian feet circumcision .avi.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\gang bang catfight titts sweet .zip.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU8B19.tmp\french hardcore several models mistress .mpg.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\japanese fetish [bangbus] feet upskirt (Sonja).mpeg.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Windows\SoftwareDistribution\Download\SharedFileCache\beastiality [free] glans .avi.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_it-it_72a319bf8ee74a9b\american animal several models .avi.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\chinese porn [free] boots .mpeg.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.84_none_81616275259e37fe\asian gay several models titts 50+ .zip.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_2fe79eae2833b9b1\gang bang big vagina sweet .rar.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_fad1fa0072ef4a3a\asian lingerie masturbation legs sweet (Kathrin).rar.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.867_none_c29826784f9429f8\beast nude public ash .avi.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.1_none_b201c2e68d8dbc0d\british animal big latex (Curtney).rar.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.746_none_de598551b74a3964\malaysia lesbian horse full movie boobs lady .mpeg.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.1_none_a80cea873b2a6772\chinese gay animal big (Tatjana,Samantha).mpg.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c3d467c525734eb3\trambling cumshot [free] stockings (Sarah).rar.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_es-es_30d7585a049f5b52\indian beast beast lesbian sweet .mpg.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_9aa486d790131d4e\spanish gang bang lesbian shoes .mpg.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.572_none_d9e58b774d1b6e80\beastiality cumshot [free] feet (Anniston,Gina).mpeg.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..se-shared-datafiles_31bf3856ad364e35_10.0.19041.1_none_2f5f00d280dce9f6\danish blowjob sperm licking penetration .avi.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.964_none_1c1a193f5bfcf136\lingerie cumshot several models cock .mpeg.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Windows\Downloaded Program Files\hardcore public bedroom .avi.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1_none_97e9c0335b4cd39a\malaysia fetish gang bang girls .mpg.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Windows\WinSxS\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_10.0.19041.1_none_c049dbdb4e15bdd2\african sperm hidden glans ash .rar.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-m..ineshared.resources_31bf3856ad364e35_10.0.19041.1_en-us_99ddc8ce8d3d6dac\swedish lingerie horse several models (Samantha).rar.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_10.0.19041.1_none_01240756137c3159\chinese horse licking .avi.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-u..tyvm-sysprep-shared_31bf3856ad364e35_10.0.19041.1_none_3ba048793ab5eb3f\russian hardcore catfight (Karin).zip.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_b597a55b603b537d\italian cum [milf] legs leather (Gina).mpg.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\templates\porn girls bondage .avi.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-m..ineshared.resources_31bf3856ad364e35_10.0.19041.1_en-us_a4327320c19e2fa7\german hardcore xxx big hotel .mpeg.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_ab42fb092bda9182\british bukkake girls .zip.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_f3b35d713ce0fc7f\italian trambling hot (!) blondie (Sandy,Kathrin).mpg.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Windows\WinSxS\amd64_netfx4-installsqlstatetemplate_sql_b03f5f7f11d50a3a_4.0.15805.0_none_7636d1cd418015c8\italian lingerie fetish masturbation (Sonja).mpg.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_es-es_c9ce604ef4cbf323\cumshot trambling sleeping femdom (Sonja,Janette).rar.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.746_none_b53f8b98f2b3a373\tyrkish nude uncut sm (Tatjana).mpg.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1288_none_56c05939711f0938\kicking bukkake licking .avi.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedpc-sharedpccsp_31bf3856ad364e35_10.0.19041.1_none_24f622f1fc5a3f3c\italian sperm hardcore uncut .avi.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..ervices-tsfairshare_31bf3856ad364e35_10.0.19041.1_none_e32b64807ab11fd2\asian trambling hardcore several models .mpg.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Windows\WinSxS\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_10.0.19041.1_none_359f84f8e5af60e2\italian cum fetish voyeur ash traffic (Ashley).avi.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Windows\WinSxS\amd64_netfx-shared_registry_whidbey_31bf3856ad364e35_10.0.19041.1_none_1c68775f06732f08\black action catfight ejaculation (Janette,Jade).avi.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\russian cumshot horse sleeping upskirt .rar.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1288_none_ca3007304990b2ea\indian hardcore fucking lesbian granny .rar.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_de-de_16bd831fd16633be\american gay public (Janette).mpg.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_de-de_881b257d159a5de8\trambling animal public high heels (Ashley,Christine).rar.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-update-upshared_31bf3856ad364e35_10.0.19041.84_none_85259eff919b7c9e\russian gang bang action hot (!) upskirt (Jenna,Jenna).zip.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.1_none_c6da8048542fddc7\lingerie several models young (Samantha).mpeg.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.84_none_c494b3b28da10665\african gang bang sleeping girly .rar.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\lesbian girls cock mistress .avi.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Windows\WinSxS\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_10.0.19041.1_none_15ba23b7f1e2b81b\handjob voyeur latex .rar.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1202_none_e2f5ebbcec2d8fca\trambling hardcore public glans castration .mpeg.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_211cf1c632a13851\german kicking voyeur nipples circumcision .mpeg.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_57eddd48e7a74274\african beast porn hidden .rar.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_bfae5918c0443f83\asian cum trambling hidden titts stockings .rar.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_b1ffa0e7b4ed03e2\italian kicking sleeping cock .mpeg.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.1_none_6e0e425bd0e83959\spanish sperm [milf] .mpeg.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.746_none_d01527cffa9c25bc\lesbian big stockings .zip.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_fd7349c396c417ae\fucking masturbation balls (Jade,Curtney).zip.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_93c5f32b7859ec4f\xxx licking beautyfull .mpg.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Windows\WinSxS\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_10.0.19041.1_none_03040a328f65b761\kicking sleeping feet castration .zip.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_6242879b1c08046f\chinese beastiality public shoes .zip.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_5d54c0aac5c3c12c\danish cumshot girls traffic .zip.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.1266_none_7916f7558927ae23\malaysia animal bukkake [free] feet ejaculation (Janette,Kathrin).mpeg.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_10.0.19041.1_none_8c0b126c198fcf70\norwegian horse animal big swallow (Samantha,Jenna).avi.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_10.0.19041.1_none_bd731e5b85dd203e\norwegian fucking [bangbus] young .avi.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_10.0.19041.1_none_4ac6500cab2b2113\xxx blowjob masturbation sweet (Sarah,Britney).mpeg.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_10.0.19041.746_none_e2c6a972a81b8d2c\gang bang big .zip.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Windows\WinSxS\amd64_netfx-aspnet-nonwow64-shared_b03f5f7f11d50a3a_4.0.19041.1_none_d66d07dacac85e2d\horse gay hot (!) boobs fishy .mpg.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_d58d4747b1d5988c\german fetish fetish uncut (Tatjana,Kathrin).mpg.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4972 wrote to memory of 2168 N/A C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe
PID 4972 wrote to memory of 2168 N/A C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe
PID 4972 wrote to memory of 2168 N/A C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe
PID 4972 wrote to memory of 4792 N/A C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe
PID 4972 wrote to memory of 4792 N/A C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe
PID 4972 wrote to memory of 4792 N/A C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe
PID 2168 wrote to memory of 2924 N/A C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe
PID 2168 wrote to memory of 2924 N/A C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe
PID 2168 wrote to memory of 2924 N/A C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe

Processes

C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe

"C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe"

C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe

"C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe"

C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe

"C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe"

C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe

"C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 226.108.222.173.in-addr.arpa udp
US 8.8.8.8:53 68.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 84.186.56.23.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 108.156.149.32.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 139.77.86.235.in-addr.arpa udp
US 8.8.8.8:53 24.141.253.12.in-addr.arpa udp
US 8.8.8.8:53 254.180.82.144.in-addr.arpa udp
US 8.8.8.8:53 117.120.234.16.in-addr.arpa udp
US 8.8.8.8:53 122.64.210.141.in-addr.arpa udp
US 8.8.8.8:53 206.50.78.221.in-addr.arpa udp
US 8.8.8.8:53 145.245.226.69.in-addr.arpa udp
US 8.8.8.8:53 178.223.142.52.in-addr.arpa udp
US 8.8.8.8:53 253.218.198.125.in-addr.arpa udp
US 8.8.8.8:53 81.220.45.220.in-addr.arpa udp
US 8.8.8.8:53 74.172.62.101.in-addr.arpa udp
US 8.8.8.8:53 172.188.77.138.in-addr.arpa udp
US 8.8.8.8:53 199.65.45.95.in-addr.arpa udp
US 8.8.8.8:53 248.219.119.30.in-addr.arpa udp
US 8.8.8.8:53 196.20.158.57.in-addr.arpa udp
US 8.8.8.8:53 39.101.82.162.in-addr.arpa udp
US 8.8.8.8:53 122.107.253.255.in-addr.arpa udp
US 8.8.8.8:53 22.175.146.89.in-addr.arpa udp
US 8.8.8.8:53 246.41.81.119.in-addr.arpa udp
US 8.8.8.8:53 243.108.222.173.in-addr.arpa udp
US 8.8.8.8:53 61.48.210.28.in-addr.arpa udp
US 8.8.8.8:53 136.84.150.197.in-addr.arpa udp
US 8.8.8.8:53 139.224.80.248.in-addr.arpa udp
US 8.8.8.8:53 6.72.90.41.in-addr.arpa udp
US 8.8.8.8:53 169.130.111.27.in-addr.arpa udp
US 8.8.8.8:53 49.76.194.254.in-addr.arpa udp
US 8.8.8.8:53 26.219.133.93.in-addr.arpa udp
US 8.8.8.8:53 88.71.154.183.in-addr.arpa udp
US 8.8.8.8:53 35.240.93.208.in-addr.arpa udp
US 8.8.8.8:53 236.127.108.79.in-addr.arpa udp
US 8.8.8.8:53 175.81.69.23.in-addr.arpa udp
US 8.8.8.8:53 32.9.43.85.in-addr.arpa udp
US 8.8.8.8:53 2.66.55.10.in-addr.arpa udp
US 8.8.8.8:53 137.59.68.158.in-addr.arpa udp
US 8.8.8.8:53 33.142.170.44.in-addr.arpa udp
US 8.8.8.8:53 26.96.199.209.in-addr.arpa udp
US 8.8.8.8:53 172.250.152.232.in-addr.arpa udp
US 8.8.8.8:53 240.65.80.247.in-addr.arpa udp
US 8.8.8.8:53 135.58.248.244.in-addr.arpa udp
US 8.8.8.8:53 15.69.117.47.in-addr.arpa udp
US 8.8.8.8:53 60.209.37.164.in-addr.arpa udp
US 8.8.8.8:53 122.84.52.238.in-addr.arpa udp
US 8.8.8.8:53 93.169.97.254.in-addr.arpa udp
US 8.8.8.8:53 215.30.231.5.in-addr.arpa udp
US 8.8.8.8:53 90.69.95.84.in-addr.arpa udp
US 8.8.8.8:53 210.108.222.173.in-addr.arpa udp
US 8.8.8.8:53 225.9.201.186.in-addr.arpa udp
US 8.8.8.8:53 166.47.243.33.in-addr.arpa udp
US 8.8.8.8:53 1.140.223.23.in-addr.arpa udp
US 8.8.8.8:53 197.164.36.197.in-addr.arpa udp
US 8.8.8.8:53 246.204.167.1.in-addr.arpa udp
US 8.8.8.8:53 232.13.119.250.in-addr.arpa udp
US 8.8.8.8:53 254.6.83.133.in-addr.arpa udp
US 8.8.8.8:53 24.197.2.19.in-addr.arpa udp
US 8.8.8.8:53 53.159.132.76.in-addr.arpa udp
US 8.8.8.8:53 161.69.195.40.in-addr.arpa udp
US 8.8.8.8:53 175.244.171.240.in-addr.arpa udp
US 8.8.8.8:53 248.41.21.90.in-addr.arpa udp
US 8.8.8.8:53 3.254.237.153.in-addr.arpa udp
US 8.8.8.8:53 168.243.38.242.in-addr.arpa udp
US 8.8.8.8:53 67.204.203.210.in-addr.arpa udp
US 8.8.8.8:53 61.210.88.116.in-addr.arpa udp
US 8.8.8.8:53 207.67.205.43.in-addr.arpa udp
US 8.8.8.8:53 178.233.104.70.in-addr.arpa udp
US 8.8.8.8:53 79.114.208.165.in-addr.arpa udp
US 8.8.8.8:53 149.6.188.110.in-addr.arpa udp
US 8.8.8.8:53 22.17.82.63.in-addr.arpa udp
US 8.8.8.8:53 7.59.71.125.in-addr.arpa udp

Files

memory/4972-0-0x0000000000400000-0x0000000000420000-memory.dmp

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\japanese porn catfight .rar.exe

MD5 fa368aaf12af38affc1c370537e10d44
SHA1 fd18c1988da4d1e7fa0959a084e6dae664189590
SHA256 1543cc927894d41c968376231be739233c1e202962a8a3a4fb591c3936fb3958
SHA512 c7cf1e7cf1074eb3c5395a1e775ebc3b5413261c855126c12e054b0326843df201775ca782c940382db1f4b237e0e3db5f3fc02346b9e98d17a8758655535be9

memory/2168-74-0x0000000000400000-0x0000000000420000-memory.dmp

memory/4792-170-0x0000000000400000-0x0000000000420000-memory.dmp

memory/2924-172-0x0000000000400000-0x0000000000420000-memory.dmp

memory/4972-198-0x0000000000400000-0x0000000000420000-memory.dmp

memory/2168-201-0x0000000000400000-0x0000000000420000-memory.dmp

memory/4792-202-0x0000000000400000-0x0000000000420000-memory.dmp

memory/2924-204-0x0000000000400000-0x0000000000420000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-03 18:41

Reported

2024-04-03 18:43

Platform

win7-20240221-en

Max time kernel

150s

Max time network

152s

Command Line

"C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe"

Signatures

Detects executables containing possible sandbox analysis VM usernames

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\IME\shared\fucking masturbation sweet (Sonja,Karin).avi.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\brasilian porn bukkake full movie .zip.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\swedish beastiality lesbian public (Sylvia).avi.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\brasilian handjob sperm masturbation (Karin).zip.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Windows\System32\DriverStore\Temp\blowjob lesbian gorgeoushorny (Christine,Karin).avi.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\french xxx lesbian high heels .mpeg.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Windows\System32\LogFiles\Fax\Incoming\blowjob voyeur black hairunshaved .mpeg.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\xxx voyeur upskirt .zip.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Windows\SysWOW64\IME\shared\american beastiality blowjob [milf] titts .mpg.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\tyrkish cum beast masturbation feet .rar.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\Microsoft Shared\lesbian hidden feet .zip.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\brasilian handjob xxx big hole mature .mpg.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\japanese beastiality hardcore hidden cock leather .mpeg.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\horse several models castration .mpg.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\danish beastiality sperm voyeur .rar.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Program Files\DVD Maker\Shared\swedish kicking hardcore catfight glans .mpg.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Program Files\Windows Sidebar\Shared Gadgets\indian cumshot sperm masturbation (Melissa).avi.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\brasilian action beast [milf] feet upskirt (Jade).avi.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Program Files (x86)\Google\Temp\horse [milf] (Karin).zip.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Program Files (x86)\Google\Update\Download\swedish handjob blowjob full movie glans sm .mpg.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\brasilian animal hardcore voyeur .avi.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\japanese porn blowjob licking glans .mpg.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Program Files\Windows Journal\Templates\black gang bang blowjob several models (Sarah).mpeg.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\blowjob big cock .mpeg.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\swedish porn trambling [bangbus] fishy .avi.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\brasilian kicking horse full movie castration .mpg.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_2e7f079c3208e549\horse hot (!) redhair .zip.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Windows\winsxs\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_a945e2c500c90142\lesbian big .mpg.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_cd2006602e5ee22e\fucking full movie sm .zip.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_ddab3bcb3a4ffb45\handjob fucking [free] wifey .avi.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Windows\winsxs\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_5e4ff1f4cf2dee9b\japanese kicking horse [milf] .avi.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\Downloads\trambling several models hole ejaculation .mpg.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_00225053e03f4c04\japanese animal blowjob public .mpg.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Windows\winsxs\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_16a2bb1dbab1c595\canadian bukkake full movie .mpeg.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_515dc677700303ec\russian porn gay several models glans 40+ (Sylvia).zip.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8bfc34b93f0fdd42\swedish horse gay catfight feet (Gina,Liz).avi.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_f0ca3430257ea13f\tyrkish cumshot xxx [milf] glans .mpeg.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f25d066604c2ad34\fucking catfight titts sweet (Curtney).avi.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_6.1.7600.16385_none_5499606faffb3f9f\sperm hidden 50+ .mpg.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\russian nude horse girls cock fishy .avi.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_99b74194b7347cab\nude blowjob [free] YEâPSè& .avi.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Windows\winsxs\Temp\sperm uncut ash .avi.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_05ea1d9b8e2bf020\canadian xxx full movie .avi.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_6.1.7600.16385_none_2958d4a31d2ec64f\chinese gay full movie (Melissa).mpg.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\lingerie hidden cock shower (Curtney).avi.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_664dbffec8693dfe\malaysia fucking licking 40+ .zip.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_34400a5790d1d336\russian nude sperm lesbian beautyfull (Anniston,Melissa).mpg.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Windows\winsxs\x86_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_dd18b2a07d49aa11\cum trambling catfight high heels .mpg.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\brasilian handjob gay girls castration .mpg.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e30b5ec05031d17d\american cum lesbian licking YEâPSè& .avi.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_bacc7ceffc55dca2\german xxx voyeur penetration .mpeg.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_39c9d74ef2ad6c7b\hardcore voyeur stockings (Gina,Curtney).zip.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_b7f38afb92de484f\american cumshot horse hidden shoes .mpeg.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Windows\PLA\Templates\danish fetish hardcore girls latex (Sonja,Karin).avi.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05\indian action blowjob hidden .zip.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0835101f2d90c7b6\spanish lesbian [milf] swallow .rar.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_94ab98ac6d213009\italian cum blowjob lesbian cock castration .mpeg.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_bcc167434bb9b3ea\cum lesbian voyeur (Samantha).avi.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_4fe2107fd06efdd8\asian lingerie uncut (Karin).mpg.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\american cumshot sperm voyeur titts 50+ (Sarah).mpg.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Windows\assembly\temp\black fetish lesbian voyeur 40+ (Kathrin,Janette).mpeg.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Windows\Downloaded Program Files\blowjob [bangbus] glans upskirt .mpg.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\indian beastiality lesbian girls titts .zip.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Windows\SoftwareDistribution\Download\bukkake big hole .mpeg.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2fc4a33adb648f33\blowjob girls ash .mpg.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\lesbian uncut (Janette).mpg.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_79642285ffd2a388\russian gang bang bukkake full movie .rar.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\indian beastiality fucking masturbation mature (Jenna,Melissa).mpg.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\hardcore several models swallow .zip.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_en-us_00f45b041e1e8fd3\swedish beastiality hardcore [bangbus] titts .rar.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Windows\winsxs\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_39374e2435a71b47\french lingerie public .mpeg.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_d8216ed3d8746200\canadian trambling several models .avi.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\swedish handjob lesbian uncut .mpeg.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Windows\security\templates\brasilian gang bang lingerie big .mpg.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_f27c4f066f5c6701\brasilian beastiality hardcore lesbian ìï .avi.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_293ea1e3e6bc5364\danish beastiality gay sleeping bondage (Gina,Sylvia).rar.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_94828572f7ddbf0f\nude trambling [bangbus] hole latex (Sylvia).zip.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_7bfdfb15e7184c41\asian fucking [bangbus] cock sm .mpeg.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_60a2cbbf935c42b4\horse bukkake catfight swallow .zip.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_4d274741486b900c\german beast full movie fishy (Christine,Samantha).rar.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8c6fc5a7aa8c435d\bukkake several models castration (Sonja,Karin).avi.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8d9f242de8497d58\malaysia fucking big penetration .mpeg.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_97a45841ff925aa0\german bukkake hidden black hairunshaved .avi.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_9498b282333b64ec\spanish trambling masturbation upskirt .avi.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_6.1.7600.16385_none_a727eb798dcfb185\brasilian nude trambling several models hole 50+ (Sarah).mpg.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Windows\winsxs\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_dba3691c6002e10e\chinese blowjob masturbation YEâPSè& .zip.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_f3c374fc18118ca2\italian handjob xxx [bangbus] cock bedroom (Janette).avi.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Windows\assembly\tmp\trambling full movie cock black hairunshaved (Karin).zip.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5d9f7d70ed4643fd\canadian horse masturbation glans (Jenna,Sylvia).zip.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 848 wrote to memory of 2728 N/A C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe
PID 848 wrote to memory of 2728 N/A C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe
PID 848 wrote to memory of 2728 N/A C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe
PID 848 wrote to memory of 2728 N/A C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe
PID 2728 wrote to memory of 2528 N/A C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe
PID 2728 wrote to memory of 2528 N/A C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe
PID 2728 wrote to memory of 2528 N/A C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe
PID 2728 wrote to memory of 2528 N/A C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe

Processes

C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe

"C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe"

C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe

"C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe"

C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe

"C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 119.122.225.216.in-addr.arpa udp
US 8.8.8.8:53 60.250.65.190.in-addr.arpa udp
US 8.8.8.8:53 1.210.253.45.in-addr.arpa udp
US 8.8.8.8:53 42.115.206.99.in-addr.arpa udp
US 8.8.8.8:53 157.81.189.216.in-addr.arpa udp
US 8.8.8.8:53 132.211.255.53.in-addr.arpa udp
US 8.8.8.8:53 116.78.53.254.in-addr.arpa udp
US 8.8.8.8:53 215.2.144.147.in-addr.arpa udp
US 8.8.8.8:53 208.15.199.168.in-addr.arpa udp
US 8.8.8.8:53 107.38.12.116.in-addr.arpa udp
US 8.8.8.8:53 237.35.189.154.in-addr.arpa udp
US 8.8.8.8:53 175.164.116.238.in-addr.arpa udp
US 8.8.8.8:53 71.98.36.196.in-addr.arpa udp
US 8.8.8.8:53 29.100.227.251.in-addr.arpa udp
US 8.8.8.8:53 209.171.212.61.in-addr.arpa udp
US 8.8.8.8:53 42.195.173.187.in-addr.arpa udp
US 8.8.8.8:53 10.181.136.78.in-addr.arpa udp
US 8.8.8.8:53 82.76.137.180.in-addr.arpa udp
US 8.8.8.8:53 43.153.107.82.in-addr.arpa udp
US 8.8.8.8:53 223.236.181.201.in-addr.arpa udp
US 8.8.8.8:53 156.221.15.141.in-addr.arpa udp

Files

memory/848-0-0x0000000000400000-0x0000000000420000-memory.dmp

C:\Program Files\Windows Sidebar\Shared Gadgets\indian cumshot sperm masturbation (Melissa).avi.exe

MD5 cbae8d6f810ae5dd55e277ca9535e70b
SHA1 f3d056b3e4ed3f6688775fd9c446a37c861936b0
SHA256 2bb8d3505a0952ee88ccb22d654d38fd58506dd99dab872f4abba2fe881e5fb9
SHA512 9f69fcefcaed174cc74ff79c409adfefd2b9efda19649e6f835d412d80d84a1c6e174c8f3bf3e48fd2b64089d255015a3322e8ea9953afecd2080d7bbbd217f2

memory/2728-8-0x0000000000400000-0x0000000000420000-memory.dmp

memory/2528-55-0x0000000000400000-0x0000000000420000-memory.dmp

memory/848-94-0x0000000000400000-0x0000000000420000-memory.dmp

memory/2728-98-0x0000000000400000-0x0000000000420000-memory.dmp

memory/2728-99-0x00000000045C0000-0x00000000045E0000-memory.dmp

memory/2528-100-0x0000000000400000-0x0000000000420000-memory.dmp