Malware Analysis Report

2025-03-14 22:45

Sample ID 240406-1mh13acf29
Target 64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7
SHA256 64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7
Tags
persistence spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7

Threat Level: Known bad

The file 64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7 was found to be: Known bad.

Malicious Activity Summary

persistence spyware stealer

Detects executables containing possible sandbox analysis VM usernames

Detects executables containing possible sandbox analysis VM usernames

Checks computer location settings

Reads user/profile data of web browsers

Adds Run key to start application

Enumerates connected drives

Drops file in System32 directory

Drops file in Program Files directory

Drops file in Windows directory

Unsigned PE

Enumerates physical storage devices

Program crash

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-06 21:45

Signatures

Detects executables containing possible sandbox analysis VM usernames

Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-06 21:45

Reported

2024-04-06 21:48

Platform

win7-20240221-en

Max time kernel

152s

Max time network

127s

Command Line

"C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe"

Signatures

Detects executables containing possible sandbox analysis VM usernames

Description Indicator Process Target
N/A N/A N/A N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\LogFiles\Fax\Incoming\trambling voyeur glans .mpg.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Windows\SysWOW64\IME\shared\blowjob hidden cock .rar.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\beast hidden titts (Kathrin,Janette).rar.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Windows\System32\DriverStore\Temp\lingerie [milf] bondage .mpg.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\russian kicking blowjob several models .zip.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Windows\SysWOW64\IME\shared\bukkake hidden (Jade).mpeg.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\bukkake masturbation cock penetration .mpg.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\sperm voyeur glans 50+ (Sylvia).avi.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\lingerie hot (!) glans (Sandy,Liz).mpg.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\indian beastiality hardcore uncut .mpg.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\brasilian animal beast several models .mpeg.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\bukkake [bangbus] feet swallow .mpg.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\lingerie masturbation hole .rar.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Program Files (x86)\Google\Update\Download\russian action horse girls cock blondie .rar.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\brasilian beastiality hardcore hidden titts hotel (Jade).zip.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\american action gay hidden cock penetration .mpeg.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Program Files\Windows Journal\Templates\russian horse blowjob voyeur .rar.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Program Files\Windows Sidebar\Shared Gadgets\tyrkish cum fucking sleeping (Liz).mpeg.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Program Files (x86)\Google\Temp\japanese porn sperm big upskirt .rar.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\xxx lesbian (Sarah).rar.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\lingerie sleeping .rar.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Program Files\DVD Maker\Shared\gay public YEâPSè& .mpeg.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\black kicking fucking girls sweet .avi.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\brasilian animal lingerie voyeur circumcision .rar.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\tyrkish nude blowjob lesbian (Janette).mpeg.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_en-us_00f45b041e1e8fd3\chinese hardcore [milf] titts .zip.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_2e7f079c3208e549\horse xxx licking boots (Kathrin,Sylvia).avi.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_6.1.7600.16385_none_a727eb798dcfb185\tyrkish cumshot hardcore licking castration (Gina,Jade).mpeg.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Windows\winsxs\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_39374e2435a71b47\malaysia lesbian hidden .mpeg.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\lesbian voyeur (Samantha).mpeg.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0835101f2d90c7b6\beastiality trambling girls feet (Sonja,Sarah).mpg.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2fc4a33adb648f33\porn lesbian sleeping hole .rar.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0af98f1835676d1b\brasilian handjob trambling [bangbus] titts wifey .zip.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_9498b282333b64ec\danish porn bukkake hot (!) (Melissa).rar.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Windows\mssrv.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_6.1.7600.16385_none_49dd84a06c7c8863\gay catfight traffic (Anniston,Sarah).zip.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ad7c61fb28607522\chinese sperm sleeping hole wifey .rar.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-m..-temptable-provider_31bf3856ad364e35_6.1.7600.16385_none_1dd3ce8d1e7524cd\russian cumshot beast lesbian gorgeoushorny .avi.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\american beastiality trambling hot (!) bondage .zip.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_34400a5790d1d336\tyrkish horse bukkake masturbation glans shoes .zip.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_4d274741486b900c\black horse lingerie voyeur titts black hairunshaved .avi.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5d9f7d70ed4643fd\spanish lesbian full movie glans girly (Tatjana).zip.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_it-it_18a6fde3093acac7\porn trambling hidden (Samantha).avi.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_94ab98ac6d213009\bukkake girls blondie .rar.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_4fe2107fd06efdd8\japanese porn xxx full movie cock pregnant .rar.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_97a45841ff925aa0\canadian xxx several models 50+ (Kathrin,Karin).mpg.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\trambling [bangbus] sm (Sonja,Curtney).rar.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\italian handjob horse hidden titts young .avi.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Windows\assembly\temp\japanese animal hardcore public titts (Christine,Liz).mpg.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_99b74194b7347cab\norwegian xxx catfight hole blondie (Jade).mpeg.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_d81c96999f75bd77\cumshot lesbian uncut .avi.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_94828572f7ddbf0f\cum beast public titts .zip.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Windows\winsxs\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_dba3691c6002e10e\malaysia fucking licking cock .rar.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_3d98a610fed70b75\american porn trambling girls titts balls (Karin).rar.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_f27c4f066f5c6701\canadian beast girls .mpg.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_65b23d3c3a97bfaf\brasilian animal beast [milf] titts .rar.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_657d9a203abeb154\italian beastiality horse [free] (Jade).zip.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Windows\winsxs\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_16a2bb1dbab1c595\beastiality sperm several models .rar.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_3863e9ef3f804dd9\beastiality blowjob several models feet .avi.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\swedish action bukkake sleeping cock granny (Sylvia).mpeg.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\black beastiality hardcore lesbian .zip.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_6b16fa9f975e1109\russian nude gay masturbation titts .avi.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5d6ada54ed6d35a2\handjob xxx uncut glans (Sonja,Sarah).mpeg.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_963e6ae24c653bfe\porn beast voyeur titts (Sonja,Janette).avi.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\russian cum gay public (Sarah).avi.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_aedaf3947d09fbe5\animal gay sleeping penetration (Anniston,Sarah).rar.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ea4a469ab7713182\action hardcore [bangbus] sm .zip.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_f3c374fc18118ca2\black cum horse lesbian cock young .rar.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Windows\assembly\tmp\tyrkish animal trambling hidden YEâPSè& .rar.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\sperm lesbian redhair .mpeg.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_6.1.7600.16385_none_af6f98ff87b0e3cc\malaysia lingerie hidden (Melissa).mpeg.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\italian handjob sperm girls titts .mpeg.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Windows\security\templates\action bukkake licking upskirt (Sonja,Sylvia).mpg.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Windows\PLA\Templates\brasilian handjob fucking hidden YEâPSè& (Ashley,Melissa).mpg.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\horse [bangbus] leather .zip.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\Downloads\indian kicking horse lesbian stockings .mpg.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_de-de_5803850b2f40840e\horse trambling hidden .mpeg.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8d9f242de8497d58\african lingerie [milf] hole (Sonja,Melissa).mpeg.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\american porn fucking sleeping feet .rar.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\russian beastiality beast uncut (Karin).avi.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\fucking big femdom .rar.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8bc7919d3f36cee7\american horse gay big titts hairy .mpeg.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_387a16fe7addf3b6\danish animal trambling [free] cock .mpg.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_664dbffec8693dfe\cum blowjob public hole beautyfull (Karin).avi.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\trambling [milf] balls .rar.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_1412267f4b3bb985\cum beast full movie pregnant .mpg.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_05ea1d9b8e2bf020\brasilian gang bang beast several models high heels (Britney,Jade).avi.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_515dc677700303ec\blowjob [bangbus] hairy (Britney,Tatjana).rar.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\swedish handjob hardcore sleeping glans circumcision .mpg.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1932 wrote to memory of 1676 N/A C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe
PID 1932 wrote to memory of 1676 N/A C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe
PID 1932 wrote to memory of 1676 N/A C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe
PID 1932 wrote to memory of 1676 N/A C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe
PID 1676 wrote to memory of 3056 N/A C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe
PID 1676 wrote to memory of 3056 N/A C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe
PID 1676 wrote to memory of 3056 N/A C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe
PID 1676 wrote to memory of 3056 N/A C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe
PID 1932 wrote to memory of 940 N/A C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe C:\Windows\SysWOW64\WerFault.exe
PID 1932 wrote to memory of 940 N/A C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe C:\Windows\SysWOW64\WerFault.exe
PID 1932 wrote to memory of 940 N/A C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe C:\Windows\SysWOW64\WerFault.exe
PID 1932 wrote to memory of 940 N/A C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe C:\Windows\SysWOW64\WerFault.exe

Processes

C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe

"C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe"

C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe

"C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe"

C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe

"C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1932 -s 564

Network

N/A

Files

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\brasilian animal lingerie voyeur circumcision .rar.exe

MD5 766cff4d819fcda9388119f2bd0cec38
SHA1 1cd1d23a106299f9b6d6c243184389a10a3e61e4
SHA256 a649fb7a096031962de64bc6c3894fc37860794f22a99c96e151996bb13abfcd
SHA512 85294f93edfeec92225a6c0441c06c4d331757f48a1029de2ba600c1489f494506c72202bb7103e1ade19671ea4b4e25ef93525fff8f08755a12d832f1ac231a

Analysis: behavioral2

Detonation Overview

Submitted

2024-04-06 21:45

Reported

2024-04-06 21:48

Platform

win10v2004-20240226-en

Max time kernel

150s

Max time network

155s

Command Line

"C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe"

Signatures

Detects executables containing possible sandbox analysis VM usernames

Description Indicator Process Target
N/A N/A N/A N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\config\systemprofile\beastiality catfight cock .avi.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\swedish trambling blowjob public .mpeg.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Windows\System32\LogFiles\Fax\Incoming\animal horse girls .rar.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\malaysia cum lesbian several models .mpeg.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\black bukkake hidden feet .mpg.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Windows\System32\DriverStore\Temp\horse lesbian mature .zip.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Windows\SysWOW64\IME\SHARED\british lesbian big high heels (Sandy).mpg.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\black lingerie [milf] .zip.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\norwegian blowjob sperm uncut fishy (Liz,Janette).zip.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\brasilian lingerie full movie legs granny .avi.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Windows\SysWOW64\IME\SHARED\blowjob handjob voyeur circumcision .zip.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\cumshot horse hidden vagina .mpg.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Common Files\Microsoft Shared\asian horse fucking catfight legs girly .mpg.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Program Files (x86)\Google\Temp\hardcore lesbian stockings .avi.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Program Files\Common Files\microsoft shared\chinese lingerie fetish masturbation titts (Ashley,Janette).mpg.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Program Files\dotnet\shared\malaysia gay beastiality [bangbus] .avi.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\horse beastiality public ash .mpg.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\chinese gay hidden (Liz,Samantha).mpeg.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\beastiality lingerie licking boobs .avi.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\hardcore lesbian sleeping titts .rar.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\swedish xxx lingerie hidden fishy .mpg.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\american animal voyeur nipples mature .rar.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Program Files\Windows Sidebar\Shared Gadgets\african porn [milf] .mpeg.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\black lingerie masturbation cock .mpeg.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Program Files (x86)\Google\Update\Download\canadian action [milf] .zip.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\xxx horse uncut (Ashley).mpg.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Program Files\Microsoft Office\Updates\Download\horse [milf] titts .mpeg.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\canadian action hot (!) YEâPSè& .mpg.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\beast nude [free] .mpeg.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_ee7ea14f7d8a3ee3\animal big (Melissa,Melissa).mpg.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.572_none_cf90e12518baac85\spanish lingerie fucking sleeping .mpeg.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.1_none_6e0e425bd0e83959\malaysia horse public .mpg.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_de-de_21122d7205c6f5b9\kicking horse [bangbus] .avi.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\bukkake blowjob full movie .rar.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Windows\Downloaded Program Files\british gang bang beastiality girls ash redhair .zip.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\swedish xxx full movie castration (Liz,Sandy).mpeg.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_62312bfbb33d478a\fucking sleeping .rar.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Windows\WinSxS\x86_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_10.0.19041.1_none_34e3bab50607a64b\british gay girls swallow .rar.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\canadian handjob action [bangbus] .mpg.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.1_none_f42978969c79336a\xxx several models 40+ (Jenna,Sandy).mpg.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_de-de_e4e52f411b7b0526\norwegian blowjob hot (!) (Christine,Liz).rar.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Windows\WinSxS\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_10.0.19041.1_none_359f84f8e5af60e2\british handjob lingerie girls (Sylvia).zip.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1_none_a23e6a858fad9595\fetish [milf] titts (Curtney).mpeg.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\norwegian horse hot (!) (Jenna).mpeg.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..se-shared-datafiles_31bf3856ad364e35_10.0.19041.1_none_2f5f00d280dce9f6\gang bang sleeping bondage (Janette).rar.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Windows\InputMethod\SHARED\french action public .mpeg.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..acejoin-gptemplates_31bf3856ad364e35_10.0.19041.1_none_609f27436445f4da\trambling lesbian girls ash (Sonja,Gina).zip.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.1_none_4a03fd12cb3f16c2\handjob kicking public feet 50+ .avi.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Windows\WinSxS\x86_microsoft-windows-m..-temptable-provider_31bf3856ad364e35_10.0.19041.1_none_77cfea69a421a4a1\brasilian gay full movie upskirt .zip.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.1266_none_7916f7558927ae23\indian lingerie several models ash .zip.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..-kf-commondownloads_31bf3856ad364e35_10.0.19041.1_none_a914e3e3f19ceda1\american fetish uncut .mpg.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_es-es_8da1621e0a800290\american sperm full movie nipples .mpeg.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.746_none_a06b29f6c4bab99e\malaysia fetish fucking voyeur titts (Britney).avi.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_de-de_bc04d4fbcc35e12a\japanese trambling cum several models vagina upskirt (Kathrin,Sarah).rar.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedrealitysvc_31bf3856ad364e35_10.0.19041.1_none_5a23b464e1e0b15e\blowjob lesbian [milf] hotel .mpeg.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Windows\assembly\tmp\british action catfight black hairunshaved .avi.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.1_none_c6da8048542fddc7\spanish trambling [bangbus] redhair .rar.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_07787dd7ae0cf4f6\animal horse public black hairunshaved .mpg.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Windows\WinSxS\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_10.0.19041.1_none_a723631dce180fe0\trambling [milf] pregnant .mpg.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-m..ineshared.resources_31bf3856ad364e35_10.0.19041.1_en-us_99ddc8ce8d3d6dac\beastiality catfight (Gina).mpeg.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_10.0.19041.1_none_8c0b126c198fcf70\french handjob licking traffic (Sonja).rar.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_it-it_56adcc94becfef03\japanese lingerie animal girls bondage .rar.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_10.0.19041.1_none_965fbcbe4df0916b\norwegian gang bang public .zip.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_fad1fa0072ef4a3a\american porn fucking catfight boobs leather .mpg.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.1_none_d12f2a9a88909fc2\black horse [free] bedroom (Curtney).mpeg.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_10.0.19041.1_none_c513167c1d0a90dd\horse masturbation .zip.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1_none_97e9c0335b4cd39a\norwegian lingerie voyeur ejaculation (Tatjana,Janette).zip.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_2426cc56d654beaa\chinese beast lesbian masturbation (Sarah,Jade).zip.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Windows\WinSxS\x86_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_10.0.19041.1_none_d980e9752d51efac\brasilian gay girls castration (Anniston).mpeg.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_f07d4fae3e8e883f\malaysia blowjob voyeur .mpeg.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_adfc5e0bfca53431\horse kicking [milf] (Liz,Curtney).avi.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.746_none_2212358fc33cc10f\gay animal public .mpg.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_fd7349c396c417ae\african gay bukkake catfight .rar.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.746_none_b53f8b98f2b3a373\chinese animal catfight .zip.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Windows\security\templates\canadian beast lesbian .rar.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\templates\japanese fucking big legs granny .mpeg.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_es-es_30d7585a049f5b52\indian bukkake lesbian lesbian redhair .rar.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1288_none_ca3007304990b2ea\animal public .mpg.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_5b152a8d329397ec\indian gay full movie glans hairy .zip.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_621728fcd3c9d5f6\malaysia gang bang gay voyeur latex .mpg.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Windows\WinSxS\x86_netfx4-uninstallsqlstatetemplate_sql_b03f5f7f11d50a3a_4.0.15805.0_none_231ddfc33015c6db\african nude bukkake uncut Ôï .rar.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Windows\mssrv.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_ab42fb092bda9182\fucking masturbation ash .mpeg.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_2fe79eae2833b9b1\american gang bang sleeping boots (Anniston,Gina).zip.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.867_none_c29826784f9429f8\african gang bang xxx hot (!) ash .rar.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_10.0.19041.207_none_e2f2dfeea7fa44fc\malaysia trambling xxx lesbian nipples femdom (Sylvia,Britney).mpeg.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.746_none_aaeae146be52e178\swedish beastiality uncut boobs granny .mpg.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_a4f93129c473df49\japanese nude handjob hidden stockings .zip.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_es-es_c9ce604ef4cbf323\danish fetish lingerie [bangbus] hotel (Christine,Anniston).avi.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_6c85d64de79e0985\indian porn uncut black hairunshaved (Melissa,Tatjana).mpeg.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\tyrkish beast public titts mistress .zip.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\swedish fucking porn girls (Karin).mpg.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_19d22204a1f3fcaf\italian porn [milf] nipples swallow .mpeg.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2108 wrote to memory of 752 N/A C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe
PID 2108 wrote to memory of 752 N/A C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe
PID 2108 wrote to memory of 752 N/A C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe
PID 2108 wrote to memory of 2148 N/A C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe
PID 2108 wrote to memory of 2148 N/A C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe
PID 2108 wrote to memory of 2148 N/A C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe
PID 752 wrote to memory of 3452 N/A C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe
PID 752 wrote to memory of 3452 N/A C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe
PID 752 wrote to memory of 3452 N/A C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe

Processes

C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe

"C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe"

C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe

"C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe"

C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe

"C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe"

C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe

"C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 188 -p 2108 -ip 2108

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2108 -s 1144

Network

Country Destination Domain Proto
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 2.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 105.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 214.143.182.52.in-addr.arpa udp

Files

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\xxx horse uncut (Ashley).mpg.exe

MD5 dab7c49d7ea0b36dbc33e63523d7c61d
SHA1 89e1fdb571e2f764655cc9bff089142206f447e8
SHA256 27dd68baa1523f8d899cf2f55689942bde32d11ca3b7b81a1426926355da9506
SHA512 7fc3e361d31f171b2ec5e6b49ade5c6f0157c1678ad15e6fbe880c76f82bf0a121159c66290aa4b3ffdb4ce79155bdda21f19e5df0c3153ac85b8e7b7ac23df6