Malware Analysis Report

2025-06-15 19:50

Sample ID 240406-fmenesbh68
Target fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9
SHA256 fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9
Tags
upx persistence spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9

Threat Level: Known bad

The file fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9 was found to be: Known bad.

Malicious Activity Summary

upx persistence spyware stealer

UPX dump on OEP (original entry point)

UPX dump on OEP (original entry point)

Checks computer location settings

UPX packed file

Reads user/profile data of web browsers

Enumerates connected drives

Adds Run key to start application

Drops file in System32 directory

Drops file in Windows directory

Drops file in Program Files directory

Unsigned PE

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-06 04:59

Signatures

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-06 04:59

Reported

2024-04-06 05:01

Platform

win7-20240215-en

Max time kernel

150s

Max time network

154s

Command Line

"C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe"

Signatures

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\FxsTmp\swedish beastiality horse sleeping stockings .mpeg.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Windows\SysWOW64\IME\shared\trambling hidden (Melissa).rar.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Windows\System32\DriverStore\Temp\indian horse xxx lesbian ash .rar.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\japanese fetish horse uncut (Sarah).zip.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Windows\SysWOW64\IME\shared\horse hidden 40+ (Sonja,Sylvia).avi.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Windows\System32\LogFiles\Fax\Incoming\black fetish lingerie masturbation sm (Anniston,Karin).mpg.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\beast public feet .zip.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\swedish cum trambling lesbian (Karin).avi.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\italian handjob horse licking mistress .mpeg.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\hardcore [free] ejaculation (Jenna,Karin).rar.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\danish kicking fucking [free] .mpg.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Program Files\DVD Maker\Shared\danish cum xxx several models hole black hairunshaved .zip.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Program Files\Windows Journal\Templates\american gang bang beast sleeping blondie .mpg.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Program Files (x86)\Google\Temp\japanese cum bukkake hidden sm .zip.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\brasilian cum fucking uncut YEâPSè& .rar.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\tyrkish kicking blowjob uncut titts balls (Sarah).mpg.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\tyrkish fetish blowjob hot (!) lady (Sonja,Sylvia).rar.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\horse lesbian cock .rar.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\italian kicking hardcore catfight pregnant .avi.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Program Files (x86)\Google\Update\Download\sperm voyeur high heels .mpg.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\sperm girls .mpg.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\russian gang bang horse [milf] cock granny .zip.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\danish horse xxx hidden (Karin).avi.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Program Files\Windows Sidebar\Shared Gadgets\japanese beastiality sperm masturbation glans granny .zip.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\italian cum blowjob sleeping young .mpg.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\winsxs\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_6.1.7600.16385_none_49dd84a06c7c8863\spanish sperm [milf] sm (Kathrin,Jade).mpeg.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_2e7f079c3208e549\japanese fetish hardcore licking penetration .avi.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0af98f1835676d1b\horse beast public young (Christine,Jade).mpg.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_515dc677700303ec\nude gay masturbation (Karin).avi.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_bacc7ceffc55dca2\beastiality horse full movie feet castration (Karin).avi.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Windows\winsxs\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_5e4ff1f4cf2dee9b\african blowjob licking stockings .mpg.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\indian kicking gay big hole hotel .mpeg.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\japanese kicking xxx [milf] hairy .mpeg.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_657d9a203abeb154\american kicking sperm [bangbus] feet .mpg.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f25d066604c2ad34\cumshot horse big titts high heels (Curtney).zip.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_00225053e03f4c04\cum bukkake [free] cock ìï .mpg.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a3772de7111797da\tyrkish porn hardcore girls hole (Christine,Sylvia).rar.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\black fetish hardcore public cock beautyfull (Curtney).zip.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Windows\Downloaded Program Files\brasilian cumshot blowjob several models cock bondage (Karin).mpeg.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\Downloads\bukkake girls glans (Anniston,Samantha).avi.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8d9f242de8497d58\spanish sperm masturbation .avi.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8bc7919d3f36cee7\trambling [milf] blondie .zip.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_3d98a610fed70b75\brasilian horse gay sleeping mature .rar.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_aea650787d30ed8a\russian porn xxx [bangbus] glans shower .zip.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_f27c4f066f5c6701\cum bukkake big (Samantha).avi.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_99b74194b7347cab\chinese lingerie sleeping feet shoes .mpg.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_b7f38afb92de484f\horse [bangbus] .zip.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\lesbian hot (!) mistress .zip.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\tyrkish kicking lingerie several models shoes .mpg.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_94828572f7ddbf0f\spanish lingerie masturbation .avi.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Windows\winsxs\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_39374e2435a71b47\nude blowjob several models .avi.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_aedaf3947d09fbe5\canadian horse voyeur titts .mpeg.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Windows\winsxs\x86_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_dd18b2a07d49aa11\nude horse full movie titts bondage .mpeg.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_es-es_00bfb7e81e458178\italian animal trambling hidden blondie .avi.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\Downloads\italian nude trambling catfight .mpg.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\swedish gang bang beast [bangbus] titts ejaculation .avi.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_39c9d74ef2ad6c7b\indian cumshot xxx sleeping hole girly .zip.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Windows\winsxs\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_16a2bb1dbab1c595\german gay licking glans beautyfull .zip.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Windows\winsxs\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_a945e2c500c90142\french beast public (Sarah).mpg.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_4d274741486b900c\kicking trambling [bangbus] femdom .mpg.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\indian nude trambling hot (!) cock granny (Sylvia).avi.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\indian animal bukkake hidden hole YEâPSè& (Sarah).rar.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_293ea1e3e6bc5364\norwegian blowjob hot (!) titts traffic .mpeg.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_d81c96999f75bd77\norwegian sperm [bangbus] hole ejaculation .rar.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Windows\winsxs\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_dba3691c6002e10e\action lesbian hidden titts pregnant (Curtney).avi.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-m..-temptable-provider_31bf3856ad364e35_6.1.7600.16385_none_1dd3ce8d1e7524cd\asian lingerie public castration .mpg.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\sperm catfight feet gorgeoushorny .mpeg.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_6.1.7600.16385_none_5499606faffb3f9f\beastiality horse public glans .zip.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_963e6ae24c653bfe\german xxx several models circumcision .mpg.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05\cum blowjob girls glans gorgeoushorny .rar.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_de-de_5803850b2f40840e\malaysia sperm full movie shoes .rar.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_en-us_00f45b041e1e8fd3\black beastiality hardcore public redhair .avi.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Windows\winsxs\Temp\swedish cumshot xxx uncut cock girly (Sylvia).zip.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\tyrkish porn blowjob hot (!) feet penetration (Melissa).avi.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_f3c374fc18118ca2\fucking big bedroom .avi.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5d9f7d70ed4643fd\spanish lingerie hot (!) .zip.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Windows\mssrv.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_bcc167434bb9b3ea\porn gay big ash .mpeg.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_6b16fa9f975e1109\tyrkish fetish trambling [bangbus] .mpeg.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_387a16fe7addf3b6\horse gay public hotel .zip.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\russian animal sperm [milf] .zip.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Windows\security\templates\japanese porn sperm [bangbus] glans .mpg.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\horse voyeur hole beautyfull .zip.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b4aea777fe683838\blowjob [milf] feet pregnant .mpg.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ea4a469ab7713182\gang bang trambling girls shower .zip.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_6f0f7833cb71e18d\danish porn blowjob masturbation stockings .mpeg.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_965db382b6fef5cb\gang bang lesbian masturbation glans hotel .mpeg.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0993a1b8823a4e79\animal sperm masturbation feet .zip.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\brasilian fetish gay several models .rar.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2700 wrote to memory of 2484 N/A C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe
PID 2700 wrote to memory of 2484 N/A C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe
PID 2700 wrote to memory of 2484 N/A C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe
PID 2700 wrote to memory of 2484 N/A C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe
PID 2484 wrote to memory of 2320 N/A C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe
PID 2484 wrote to memory of 2320 N/A C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe
PID 2484 wrote to memory of 2320 N/A C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe
PID 2484 wrote to memory of 2320 N/A C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe

Processes

C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe

"C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe"

C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe

"C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe"

C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe

"C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 121.47.161.171.in-addr.arpa udp
US 8.8.8.8:53 10.8.190.32.in-addr.arpa udp
US 8.8.8.8:53 176.225.177.198.in-addr.arpa udp
US 8.8.8.8:53 163.170.214.188.in-addr.arpa udp
US 8.8.8.8:53 67.204.133.152.in-addr.arpa udp
US 8.8.8.8:53 110.223.2.126.in-addr.arpa udp
US 8.8.8.8:53 97.2.162.58.in-addr.arpa udp
US 8.8.8.8:53 84.244.213.152.in-addr.arpa udp
US 8.8.8.8:53 178.94.9.182.in-addr.arpa udp
US 8.8.8.8:53 82.131.88.164.in-addr.arpa udp
US 8.8.8.8:53 127.112.126.34.in-addr.arpa udp
US 8.8.8.8:53 174.226.73.98.in-addr.arpa udp
US 8.8.8.8:53 94.86.51.138.in-addr.arpa udp
US 8.8.8.8:53 104.160.133.244.in-addr.arpa udp
US 8.8.8.8:53 87.13.243.39.in-addr.arpa udp
US 8.8.8.8:53 126.227.198.57.in-addr.arpa udp
US 8.8.8.8:53 17.215.144.113.in-addr.arpa udp
US 8.8.8.8:53 138.246.82.137.in-addr.arpa udp
US 8.8.8.8:53 119.107.5.171.in-addr.arpa udp
US 8.8.8.8:53 176.208.8.152.in-addr.arpa udp
US 8.8.8.8:53 11.45.181.87.in-addr.arpa udp
US 8.8.8.8:53 131.165.195.240.in-addr.arpa udp
US 8.8.8.8:53 158.99.132.24.in-addr.arpa udp
US 8.8.8.8:53 41.35.174.93.in-addr.arpa udp
US 8.8.8.8:53 80.207.12.34.in-addr.arpa udp
US 8.8.8.8:53 21.186.31.178.in-addr.arpa udp
US 8.8.8.8:53 219.112.95.68.in-addr.arpa udp

Files

memory/2700-0-0x0000000000400000-0x000000000041E000-memory.dmp

C:\Program Files\Windows Sidebar\Shared Gadgets\japanese beastiality sperm masturbation glans granny .zip.exe

MD5 fa5adf27193bf2ffb4d8b15bbf7df042
SHA1 1fff25b3a709eb338e11f9922a9dc4131aaa8623
SHA256 6821c89baf457dfc8dec7f458b58b1cd3e731d3769686f421e396903b860145f
SHA512 b858190f545bbbc81488629b42a926a0fb487ede026e43097ffc334a100fa84cf05d10eb4e9f3beabcd9b3ff4b27c055d6d37b312f3ef8cfb2024bdcf3a18a67

memory/2484-59-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2700-58-0x0000000005090000-0x00000000050AE000-memory.dmp

memory/2484-88-0x0000000001E20000-0x0000000001E3E000-memory.dmp

memory/2320-89-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2700-105-0x0000000005090000-0x00000000050AE000-memory.dmp

memory/2700-104-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2484-108-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2484-110-0x0000000001E20000-0x0000000001E3E000-memory.dmp

memory/2320-111-0x0000000000400000-0x000000000041E000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-04-06 04:59

Reported

2024-04-06 05:01

Platform

win10v2004-20240226-en

Max time kernel

150s

Max time network

153s

Command Line

"C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe"

Signatures

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\DriverStore\Temp\indian kicking gay public glans redhair (Tatjana).mpeg.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Windows\SysWOW64\IME\SHARED\lingerie [milf] fishy .avi.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\fucking catfight titts .mpg.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\sperm hot (!) bondage .rar.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\horse hidden fishy .mpg.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Windows\SysWOW64\IME\SHARED\italian nude gay sleeping titts .mpeg.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\american animal beast masturbation titts bondage (Melissa).avi.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\russian action lesbian [bangbus] .rar.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\african beast big feet .mpg.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Windows\System32\LogFiles\Fax\Incoming\trambling big glans .mpeg.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\lingerie masturbation feet .zip.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\russian cum beast masturbation young (Britney,Samantha).rar.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\japanese beastiality sperm masturbation glans granny .zip.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\tyrkish fetish blowjob hot (!) lady (Sonja,Sylvia).rar.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Program Files\Windows Sidebar\Shared Gadgets\horse lesbian cock .rar.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Program Files\Microsoft Office\Updates\Download\sperm voyeur high heels .mpg.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\sperm girls .mpg.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\swedish gang bang lingerie big titts ejaculation .mpg.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Program Files\dotnet\shared\danish cum xxx several models hole black hairunshaved .zip.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\italian cum blowjob sleeping young .mpg.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\japanese cum bukkake hidden sm .zip.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\xxx voyeur (Liz).mpg.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Program Files (x86)\Google\Temp\indian action hardcore voyeur feet sm .mpg.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\swedish fetish beast masturbation YEâPSè& .rar.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Program Files\Common Files\microsoft shared\danish horse xxx hidden (Karin).avi.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\american gang bang beast sleeping blondie .mpg.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\british fucking [bangbus] hole .zip.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Program Files (x86)\Google\Update\Download\swedish kicking fucking girls ash .rar.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\american animal xxx several models girly .rar.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\tyrkish nude xxx full movie hole latex (Sylvia).mpeg.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\PLA\Templates\american nude bukkake hot (!) feet shoes (Jade).mpeg.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1151_none_fbdc4c5f677dc2ec\cumshot trambling [free] mature .rar.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_10.0.19041.1_none_bd731e5b85dd203e\gang bang lingerie hidden glans beautyfull .mpg.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_es-es_64c107d8bb3ade94\african bukkake big cock (Kathrin,Samantha).rar.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.84_none_c494b3b28da10665\horse hardcore big cock hairy .mpeg.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-update-upshared_31bf3856ad364e35_10.0.19041.84_none_85259eff919b7c9e\cum sperm full movie black hairunshaved .mpg.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_b597a55b603b537d\black horse fucking hidden latex .avi.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedrealitysvc_31bf3856ad364e35_10.0.19041.1_none_5a23b464e1e0b15e\blowjob [bangbus] feet stockings .rar.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1202_none_e2f5ebbcec2d8fca\animal horse [bangbus] YEâPSè& .rar.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_de-de_881b257d159a5de8\gang bang hardcore big titts upskirt (Curtney).mpeg.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_57eddd48e7a74274\african lingerie big titts hairy (Curtney).zip.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_fd7349c396c417ae\handjob lesbian sleeping feet pregnant (Tatjana).rar.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..acejoin-gptemplates_31bf3856ad364e35_10.0.19041.1_none_609f27436445f4da\asian blowjob [milf] .mpeg.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_10.0.19041.1_none_91025638be651781\british lesbian hidden circumcision .avi.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.906_none_f962ab5f47e1e896\porn fucking [bangbus] glans leather .rar.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\brasilian nude lesbian uncut .rar.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-a..gement-uevtemplates_31bf3856ad364e35_10.0.19041.1_none_0d66b54875835a49\kicking trambling full movie titts boots .zip.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Windows\WinSxS\amd64_netfx-shared_registry_whidbey_31bf3856ad364e35_10.0.19041.1_none_1c68775f06732f08\norwegian lesbian catfight hole leather .rar.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Windows\WinSxS\x86_netfx4-installsqlstatetemplate_sql_b03f5f7f11d50a3a_4.0.15805.0_none_bde408a455fc3ece\cum lesbian uncut (Karin).mpeg.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_14c898cc82025c76\nude hardcore full movie .mpeg.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-security-ntlmshared_31bf3856ad364e35_10.0.19041.1_none_7d9dab4e456449b1\british lesbian licking black hairunshaved .avi.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d38ece58f77171b4\black cumshot trambling hidden titts latex .mpeg.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_2fe79eae2833b9b1\fucking girls 50+ (Britney,Tatjana).avi.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_10.0.19041.746_none_e2c6a972a81b8d2c\xxx hidden cock balls (Melissa).mpeg.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.572_none_d9e58b774d1b6e80\canadian blowjob masturbation cock granny (Karin).mpeg.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Windows\CbsTemp\gay several models young .mpeg.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1288_none_ca3007304990b2ea\bukkake [bangbus] hairy .zip.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_it-it_72a319bf8ee74a9b\spanish horse [bangbus] feet (Sonja,Curtney).avi.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-update-upshared_31bf3856ad364e35_10.0.19041.1151_none_025296d718a7b3a8\lingerie masturbation titts traffic .rar.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_6c6bd34f082a97f1\gay girls ejaculation (Christine,Karin).mpeg.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\trambling voyeur titts (Sonja,Liz).zip.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\italian porn beast public latex .zip.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_it-it_bdb6c49fcea35732\norwegian gay masturbation (Curtney).avi.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.1_none_c6da8048542fddc7\beast [milf] pregnant .mpeg.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_6242879b1c08046f\brasilian gang bang bukkake [bangbus] sm .rar.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Windows\security\templates\swedish animal lesbian full movie feet (Kathrin,Samantha).mpg.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_it-it_4c5922428a6f2d08\malaysia trambling big .avi.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_10.0.19041.1_none_096bb4dc0d5d63a0\action xxx [bangbus] bedroom .mpg.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_en-us_8dd6053a0a5910eb\german xxx masturbation glans .mpg.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Windows\WinSxS\msil_microsoft.powershel..filedownloadmanager_31bf3856ad364e35_10.0.19041.1_none_cb69bad627df9263\black nude beast hot (!) titts swallow (Tatjana).rar.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-sx-shared_31bf3856ad364e35_10.0.19041.1_none_f8e978b0ed48a6bb\spanish horse uncut glans sm .zip.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_10.0.19041.1_none_ee94ce5eb8e7e4c0\canadian beast [free] .rar.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Windows\WinSxS\amd64_netfx-aspnet-nonwow64-shared_b03f5f7f11d50a3a_4.0.19041.1_none_d66d07dacac85e2d\sperm hot (!) hole boots (Sylvia).rar.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Windows\mssrv.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_211cf1c632a13851\german fucking sleeping sweet .mpeg.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\indian beastiality fucking uncut (Sylvia).rar.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.867_none_c29826784f9429f8\indian action trambling [bangbus] titts girly .mpeg.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1_none_0b596e2a33be7d4c\brasilian animal trambling voyeur cock shower (Sylvia).zip.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Windows\WinSxS\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_10.0.19041.1_none_359f84f8e5af60e2\nude blowjob catfight leather .zip.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Windows\WinSxS\Temp\chinese blowjob hidden YEâPSè& .avi.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_2426cc56d654beaa\brasilian fetish sperm big .zip.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\american porn lingerie catfight hole .rar.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedrealitysvc_31bf3856ad364e35_10.0.19041.746_none_822bf1ada1526fa8\british hardcore uncut titts ejaculation .mpg.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_de-de_e4e52f411b7b0526\french lingerie licking cock boots .mpeg.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_2610450c30b37cc4\chinese blowjob big cock stockings (Janette).zip.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_3a3c49005c947bac\fucking public hole .mpeg.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Windows\WinSxS\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_10.0.19041.1_none_a723631dce180fe0\british gay catfight feet .rar.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.1_none_abfc9db6c377b91f\african sperm hidden upskirt .avi.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..ervices-tsfairshare_31bf3856ad364e35_10.0.19041.1_none_e32b64807ab11fd2\african blowjob public feet .mpg.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-u..ell-sharedutilities_31bf3856ad364e35_10.0.19041.1_none_813610a8a9b59e0a\norwegian lesbian big shoes .mpeg.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_8d8f6812a0c99533\canadian lesbian several models hole .rar.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\horse full movie circumcision .mpeg.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.1_none_0bc0f3d4cd7dc8fd\trambling hidden titts young .mpg.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..se-shared-datafiles_31bf3856ad364e35_10.0.19041.1_none_2f5f00d280dce9f6\kicking xxx several models titts 50+ .mpg.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3756 wrote to memory of 3016 N/A C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe
PID 3756 wrote to memory of 3016 N/A C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe
PID 3756 wrote to memory of 3016 N/A C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe
PID 3756 wrote to memory of 2240 N/A C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe
PID 3756 wrote to memory of 2240 N/A C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe
PID 3756 wrote to memory of 2240 N/A C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe
PID 3016 wrote to memory of 4784 N/A C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe
PID 3016 wrote to memory of 4784 N/A C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe
PID 3016 wrote to memory of 4784 N/A C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe

Processes

C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe

"C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe"

C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe

"C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe"

C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe

"C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe"

C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe

"C:\Users\Admin\AppData\Local\Temp\fc3d678593c7b9a2179076884cdc16f5e1633b7b273d135a68f43be5abdbaed9.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 138.136.73.23.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 24.139.73.23.in-addr.arpa udp
US 8.8.8.8:53 154.86.215.130.in-addr.arpa udp
US 8.8.8.8:53 187.84.76.28.in-addr.arpa udp
US 8.8.8.8:53 47.31.107.28.in-addr.arpa udp
US 8.8.8.8:53 58.163.131.117.in-addr.arpa udp
US 8.8.8.8:53 236.161.162.138.in-addr.arpa udp
US 8.8.8.8:53 71.197.2.65.in-addr.arpa udp
US 8.8.8.8:53 11.202.94.132.in-addr.arpa udp
US 8.8.8.8:53 29.114.191.111.in-addr.arpa udp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 112.218.99.107.in-addr.arpa udp
US 8.8.8.8:53 31.58.155.4.in-addr.arpa udp
US 8.8.8.8:53 29.211.227.183.in-addr.arpa udp
US 8.8.8.8:53 203.187.11.223.in-addr.arpa udp
US 8.8.8.8:53 215.64.185.84.in-addr.arpa udp
US 8.8.8.8:53 206.197.218.34.in-addr.arpa udp
US 8.8.8.8:53 129.91.25.149.in-addr.arpa udp
US 8.8.8.8:53 100.130.68.73.in-addr.arpa udp
US 8.8.8.8:53 224.135.154.36.in-addr.arpa udp
US 8.8.8.8:53 153.229.175.154.in-addr.arpa udp
US 8.8.8.8:53 183.97.176.38.in-addr.arpa udp
US 8.8.8.8:53 226.90.180.101.in-addr.arpa udp
US 8.8.8.8:53 41.8.72.116.in-addr.arpa udp
US 8.8.8.8:53 230.230.144.134.in-addr.arpa udp
US 8.8.8.8:53 161.55.22.19.in-addr.arpa udp
US 8.8.8.8:53 52.122.53.206.in-addr.arpa udp
US 8.8.8.8:53 120.82.250.63.in-addr.arpa udp
US 8.8.8.8:53 114.113.135.198.in-addr.arpa udp
US 8.8.8.8:53 217.230.163.102.in-addr.arpa udp
US 8.8.8.8:53 223.141.31.166.in-addr.arpa udp
US 8.8.8.8:53 109.185.203.229.in-addr.arpa udp
US 8.8.8.8:53 118.214.220.159.in-addr.arpa udp
US 8.8.8.8:53 86.182.90.141.in-addr.arpa udp
US 8.8.8.8:53 193.95.85.39.in-addr.arpa udp
US 8.8.8.8:53 31.192.65.49.in-addr.arpa udp
US 8.8.8.8:53 123.250.18.10.in-addr.arpa udp
US 8.8.8.8:53 239.244.46.183.in-addr.arpa udp
US 8.8.8.8:53 204.246.70.251.in-addr.arpa udp
US 8.8.8.8:53 104.49.184.163.in-addr.arpa udp
US 8.8.8.8:53 90.197.70.72.in-addr.arpa udp
US 8.8.8.8:53 125.195.217.110.in-addr.arpa udp
US 8.8.8.8:53 10.129.11.182.in-addr.arpa udp
US 8.8.8.8:53 161.142.65.167.in-addr.arpa udp
US 8.8.8.8:53 154.118.214.218.in-addr.arpa udp
US 8.8.8.8:53 61.124.190.52.in-addr.arpa udp
US 8.8.8.8:53 189.67.3.204.in-addr.arpa udp
US 8.8.8.8:53 83.115.67.233.in-addr.arpa udp
US 8.8.8.8:53 192.113.28.121.in-addr.arpa udp
US 8.8.8.8:53 14.179.89.13.in-addr.arpa udp

Files

memory/3756-0-0x0000000000400000-0x000000000041E000-memory.dmp

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\japanese beastiality sperm masturbation glans granny .zip.exe

MD5 fa5adf27193bf2ffb4d8b15bbf7df042
SHA1 1fff25b3a709eb338e11f9922a9dc4131aaa8623
SHA256 6821c89baf457dfc8dec7f458b58b1cd3e731d3769686f421e396903b860145f
SHA512 b858190f545bbbc81488629b42a926a0fb487ede026e43097ffc334a100fa84cf05d10eb4e9f3beabcd9b3ff4b27c055d6d37b312f3ef8cfb2024bdcf3a18a67

memory/3016-25-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2240-61-0x0000000000400000-0x000000000041E000-memory.dmp

memory/4784-72-0x0000000000400000-0x000000000041E000-memory.dmp

memory/3756-190-0x0000000000400000-0x000000000041E000-memory.dmp

memory/3016-193-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2240-196-0x0000000000400000-0x000000000041E000-memory.dmp

memory/4784-210-0x0000000000400000-0x000000000041E000-memory.dmp