Malware Analysis Report

2025-06-15 19:50

Sample ID 240406-fmkjnsbc3w
Target fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b
SHA256 fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b
Tags
persistence spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b

Threat Level: Known bad

The file fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b was found to be: Known bad.

Malicious Activity Summary

persistence spyware stealer

Detects executables containing possible sandbox analysis VM usernames

Detects executables containing possible sandbox analysis VM usernames

Reads user/profile data of web browsers

Checks computer location settings

Adds Run key to start application

Enumerates connected drives

Drops file in System32 directory

Drops file in Program Files directory

Drops file in Windows directory

Unsigned PE

Enumerates physical storage devices

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-06 04:59

Signatures

Detects executables containing possible sandbox analysis VM usernames

Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-06 04:59

Reported

2024-04-06 05:01

Platform

win7-20240221-en

Max time kernel

150s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe"

Signatures

Detects executables containing possible sandbox analysis VM usernames

Description Indicator Process Target
N/A N/A N/A N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\DriverStore\Temp\porn public .mpg.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Windows\SysWOW64\IME\shared\japanese hardcore uncut (Sandy).avi.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\spanish sperm fucking catfight femdom (Melissa).avi.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Windows\SysWOW64\IME\shared\japanese action licking (Liz,Kathrin).avi.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\nude uncut gorgeoushorny .avi.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\gay hidden .mpg.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\lesbian several models .avi.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Windows\System32\LogFiles\Fax\Incoming\italian gang bang lesbian .zip.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\lingerie horse hot (!) sm (Sylvia,Karin).avi.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\spanish handjob lesbian voyeur titts hairy .zip.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\handjob masturbation ejaculation (Ashley).rar.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\malaysia action xxx big bondage .avi.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\brasilian horse lingerie [milf] (Kathrin,Ashley).mpeg.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\horse hardcore hidden ash (Melissa,Sonja).mpg.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Program Files (x86)\Google\Temp\norwegian bukkake xxx catfight .mpg.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Program Files (x86)\Google\Update\Download\french nude full movie .mpeg.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\lesbian gang bang catfight swallow (Sylvia).mpeg.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\japanese beastiality sleeping glans leather .mpg.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\canadian gang bang girls sweet .mpg.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\chinese horse nude catfight ash .mpg.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\blowjob horse catfight boobs ash (Gina).avi.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Program Files\DVD Maker\Shared\asian trambling uncut (Liz,Sylvia).mpg.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Program Files\Windows Journal\Templates\gang bang hot (!) ash .zip.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Program Files\Windows Sidebar\Shared Gadgets\spanish horse animal hot (!) black hairunshaved (Anniston).avi.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\norwegian blowjob blowjob girls .zip.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\danish bukkake gay [bangbus] young .rar.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\chinese lingerie hot (!) titts ejaculation .avi.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_99b74194b7347cab\fetish uncut feet pregnant .mpeg.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0ac4ebfc358e5ec0\nude cum hot (!) legs .avi.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\japanese sperm action catfight black hairunshaved .mpeg.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\fetish [free] swallow .avi.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\trambling fetish hidden (Sonja,Sonja).mpg.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_4fe2107fd06efdd8\swedish hardcore action public .zip.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_3c93ac15fd731acf\brasilian blowjob [free] .mpeg.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_515dc677700303ec\danish fucking hot (!) legs stockings (Gina,Jade).zip.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_1412267f4b3bb985\black cumshot horse public hole granny (Karin).avi.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_f0ca3430257ea13f\tyrkish cumshot porn girls .mpg.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_aedaf3947d09fbe5\action fetish full movie vagina gorgeoushorny .mpeg.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\tyrkish action porn voyeur legs .zip.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8c6fc5a7aa8c435d\xxx gay [free] (Gina,Sandy).avi.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_es-es_00bfb7e81e458178\fucking masturbation beautyfull .avi.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_94ab98ac6d213009\kicking licking .avi.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_095efe9c8261401e\gang bang sleeping sweet .avi.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-m..-temptable-provider_31bf3856ad364e35_6.1.7600.16385_none_1dd3ce8d1e7524cd\asian cum nude sleeping black hairunshaved .mpg.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\cumshot fucking hidden .zip.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\blowjob beast [milf] hole (Kathrin,Sylvia).zip.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\xxx voyeur ¼ç .mpeg.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_94828572f7ddbf0f\asian lesbian girls cock hotel (Janette).mpeg.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_6b16fa9f975e1109\brasilian blowjob hardcore several models boobs (Gina).rar.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_7f84cd98a7a56fd8\lesbian gay uncut .rar.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_4d274741486b900c\british beastiality fetish masturbation vagina (Janette,Sonja).zip.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\brasilian lesbian licking nipples (Sonja).mpeg.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_965db382b6fef5cb\french nude hot (!) .mpeg.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_3b85bcbe4734e96a\french beastiality [milf] .avi.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Windows\winsxs\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_5e4ff1f4cf2dee9b\american nude hidden 50+ .avi.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_f27c4f066f5c6701\canadian cumshot bukkake hidden hairy .mpg.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_d8216ed3d8746200\chinese nude full movie wifey .mpg.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a3772de7111797da\spanish beastiality beast lesbian .avi.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Windows\winsxs\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_16a2bb1dbab1c595\danish horse beastiality masturbation lady .avi.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_79642285ffd2a388\swedish bukkake cum lesbian vagina lady .rar.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0993a1b8823a4e79\handjob handjob several models swallow .rar.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8bfc34b93f0fdd42\indian bukkake horse hot (!) .mpeg.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_bacc7ceffc55dca2\malaysia beast girls .mpeg.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_f3c374fc18118ca2\fucking lesbian boobs .zip.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Windows\winsxs\x86_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_dd18b2a07d49aa11\malaysia trambling uncut latex .mpeg.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_6.1.7600.16385_none_2958d4a31d2ec64f\canadian horse gang bang full movie leather (Christine,Tatjana).mpeg.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\danish kicking fetish big .avi.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\beastiality catfight glans high heels .avi.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0835101f2d90c7b6\canadian action gang bang [free] feet .zip.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_it-it_18a6fde3093acac7\russian fetish lesbian lesbian beautyfull .zip.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Windows\Downloaded Program Files\malaysia sperm hidden glans ô (Gina,Ashley).rar.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\french action nude voyeur .avi.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2fc4a33adb648f33\norwegian horse hidden (Anniston).avi.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_39c9d74ef2ad6c7b\canadian trambling fetish big upskirt .zip.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_664dbffec8693dfe\indian blowjob bukkake hidden feet redhair .avi.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\french nude trambling hidden (Tatjana).avi.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\american bukkake sleeping blondie (Liz).avi.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\tyrkish kicking big YEâPSè& .zip.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_de-de_5803850b2f40840e\norwegian animal catfight fishy (Jenna,Kathrin).avi.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\german bukkake gay lesbian .mpg.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05\action lesbian cock black hairunshaved .mpg.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ad7c61fb28607522\french blowjob masturbation girly .mpg.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_963e6ae24c653bfe\brasilian nude [free] legs gorgeoushorny .avi.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_293ea1e3e6bc5364\american handjob sperm girls cock .mpeg.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_bcc167434bb9b3ea\bukkake sleeping titts beautyfull .rar.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0af98f1835676d1b\hardcore horse hidden hole (Anniston,Sonja).mpg.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Windows\winsxs\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_a945e2c500c90142\beast hot (!) cock young .mpg.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Windows\assembly\temp\italian fucking licking pregnant .zip.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ac16749b75335680\tyrkish bukkake several models 40+ (Karin,Curtney).avi.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2132 wrote to memory of 2412 N/A C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe
PID 2132 wrote to memory of 2412 N/A C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe
PID 2132 wrote to memory of 2412 N/A C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe
PID 2132 wrote to memory of 2412 N/A C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe
PID 2412 wrote to memory of 2928 N/A C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe
PID 2412 wrote to memory of 2928 N/A C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe
PID 2412 wrote to memory of 2928 N/A C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe
PID 2412 wrote to memory of 2928 N/A C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe

Processes

C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe

"C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe"

C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe

"C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe"

C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe

"C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 58.37.229.40.in-addr.arpa udp
US 8.8.8.8:53 248.199.47.149.in-addr.arpa udp
US 8.8.8.8:53 212.194.127.201.in-addr.arpa udp
US 8.8.8.8:53 206.91.251.219.in-addr.arpa udp
US 8.8.8.8:53 42.180.230.206.in-addr.arpa udp
US 8.8.8.8:53 34.175.91.140.in-addr.arpa udp
US 8.8.8.8:53 78.253.156.12.in-addr.arpa udp
US 8.8.8.8:53 254.1.192.42.in-addr.arpa udp
US 8.8.8.8:53 173.135.70.109.in-addr.arpa udp
US 8.8.8.8:53 59.14.132.231.in-addr.arpa udp
US 8.8.8.8:53 43.238.177.229.in-addr.arpa udp
US 8.8.8.8:53 208.130.34.140.in-addr.arpa udp
US 8.8.8.8:53 255.37.126.25.in-addr.arpa udp
US 8.8.8.8:53 229.147.198.29.in-addr.arpa udp
US 8.8.8.8:53 158.128.160.178.in-addr.arpa udp
US 8.8.8.8:53 170.233.36.205.in-addr.arpa udp
US 8.8.8.8:53 170.175.1.187.in-addr.arpa udp
US 8.8.8.8:53 253.108.98.229.in-addr.arpa udp
US 8.8.8.8:53 81.26.211.23.in-addr.arpa udp
US 8.8.8.8:53 228.227.57.220.in-addr.arpa udp
US 8.8.8.8:53 104.174.108.24.in-addr.arpa udp
US 8.8.8.8:53 224.129.156.141.in-addr.arpa udp
US 8.8.8.8:53 142.117.144.215.in-addr.arpa udp
US 8.8.8.8:53 166.56.104.216.in-addr.arpa udp
US 8.8.8.8:53 193.44.100.19.in-addr.arpa udp

Files

C:\Program Files\Windows Sidebar\Shared Gadgets\spanish horse animal hot (!) black hairunshaved (Anniston).avi.exe

MD5 29287739022b6e8317b8592c86d85008
SHA1 5cb48119ea10e6c7a22fa524adf050099375960e
SHA256 e0665d4f6188e1e498df80510fb5d98365536ee08d169e0416bba0f5cf9b4869
SHA512 b6586253052806d1e529eb78f47e0d9b59228a44363025cc48100575e5dd0f127656d2a5eb6b2fe8febbb4c0f8dcf9ff9649f49083d3e0fb06a82f7fbf1675d1

Analysis: behavioral2

Detonation Overview

Submitted

2024-04-06 04:59

Reported

2024-04-06 05:01

Platform

win10v2004-20240226-en

Max time kernel

150s

Max time network

148s

Command Line

"C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe"

Signatures

Detects executables containing possible sandbox analysis VM usernames

Description Indicator Process Target
N/A N/A N/A N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\russian fetish xxx hot (!) feet bedroom .avi.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\trambling catfight YEâPSè& .avi.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Windows\SysWOW64\IME\SHARED\xxx [free] sm .mpeg.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\beast hot (!) wifey .avi.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\bukkake hot (!) mistress .mpeg.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Windows\SysWOW64\IME\SHARED\xxx voyeur .avi.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Windows\System32\LogFiles\Fax\Incoming\sperm masturbation cock granny .mpeg.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\lingerie girls mature .avi.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\japanese handjob bukkake catfight feet .rar.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\japanese beastiality horse public titts girly (Curtney).rar.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Windows\System32\DriverStore\Temp\black gang bang beast full movie girly .mpg.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\russian kicking lingerie licking femdom .mpg.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\blowjob masturbation glans .rar.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\hardcore several models glans (Jenna,Janette).avi.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\bukkake masturbation shower .mpg.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\lesbian lesbian .rar.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\lingerie [free] glans swallow .avi.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Program Files\Microsoft Office\Updates\Download\fucking [milf] sweet .mpeg.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\gay several models glans bondage .avi.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\indian gang bang beast sleeping glans .rar.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\tyrkish cumshot gay voyeur beautyfull .mpeg.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Program Files\Windows Sidebar\Shared Gadgets\black cum hardcore [milf] cock .mpg.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\tyrkish cumshot sperm licking hotel (Anniston,Liz).avi.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\horse hardcore girls boots .rar.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\lesbian sleeping (Janette).rar.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Program Files (x86)\Google\Update\Download\indian beastiality gay [free] feet wifey (Tatjana).avi.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Program Files\Common Files\microsoft shared\hardcore uncut gorgeoushorny .rar.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Program Files\dotnet\shared\fucking hidden ejaculation (Kathrin,Janette).mpg.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\danish cumshot beast public sweet .avi.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Program Files (x86)\Google\Temp\russian beastiality lingerie full movie .mpg.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_833abdc06c68d338\xxx [milf] .mpeg.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_fe0807c37141be7a\asian gay [bangbus] hole hairy (Jade).avi.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Windows\WinSxS\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_10.0.19041.1_none_359f84f8e5af60e2\animal lingerie licking shower .rar.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\danish fetish lingerie [milf] cock 50+ .mpeg.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_621728fcd3c9d5f6\horse several models stockings .avi.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1202_none_d8a1416ab7cccdcf\japanese nude lesbian [milf] bondage .zip.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedpc-sharedpccsp_31bf3856ad364e35_10.0.19041.746_none_4cfe603abbcbfd86\danish cum lingerie full movie femdom .zip.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.746_none_b53f8b98f2b3a373\horse horse licking (Karin).rar.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_a4f93129c473df49\lingerie hot (!) hotel (Jenna,Sylvia).avi.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.1_none_b201c2e68d8dbc0d\canadian beast several models .zip.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_19d22204a1f3fcaf\brasilian porn fucking uncut blondie .avi.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_10.0.19041.1_none_8c0b126c198fcf70\norwegian fucking hot (!) high heels .zip.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1288_none_56c05939711f0938\german hardcore [milf] hole stockings (Jade).mpg.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_10.0.19041.1_none_ee94ce5eb8e7e4c0\canadian trambling licking (Sylvia).zip.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_de-de_21122d7205c6f5b9\xxx uncut hole black hairunshaved .mpeg.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.1_none_b6514808f7d87b1a\horse several models feet fishy .zip.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\templates\russian fetish lesbian [free] sweet .avi.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-composable-sharepicker_31bf3856ad364e35_10.0.19041.1_none_c87e96327faffd0e\brasilian beastiality trambling masturbation castration (Sandy,Sarah).mpg.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.1_none_a7ad1894592cfa12\british bukkake uncut upskirt .zip.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_10.0.19041.1_none_ae957c4c35a7bf73\nude xxx masturbation ash .zip.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\american porn xxx [free] leather .mpeg.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.572_none_cf90e12518baac85\lesbian big feet .mpeg.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_adfc5e0bfca53431\xxx several models titts beautyfull .rar.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_07787dd7ae0cf4f6\canadian sperm [free] hairy .rar.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_6c85d64de79e0985\blowjob girls (Jade).avi.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.746_none_96167fa49059f7a3\sperm full movie glans 40+ .mpeg.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.546_none_cd016aa683e5a345\spanish lingerie big fishy .rar.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.906_none_f962ab5f47e1e896\horse gay uncut glans (Ashley,Jade).zip.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.746_none_de598551b74a3964\chinese horse public .zip.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\danish porn blowjob several models hole .mpeg.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.867_en-us_49453482f1fb5356\spanish lesbian lesbian .mpeg.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.1_none_c6da8048542fddc7\asian lesbian big latex .zip.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_89c0bf1761110f07\norwegian fucking licking .rar.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_de-de_bc04d4fbcc35e12a\lesbian big (Sylvia).zip.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Windows\WinSxS\InstallTemp\asian lingerie lesbian feet hotel (Karin).avi.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Windows\mssrv.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\templates\italian fetish gay full movie girly .zip.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-update-upshared_31bf3856ad364e35_10.0.19041.84_none_85259eff919b7c9e\cum beast hot (!) .zip.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_5af076e0a3cb0fa7\french gay lesbian 50+ (Sonja,Tatjana).mpg.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Windows\WinSxS\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_10.0.19041.1_none_0341fea186758116\brasilian handjob blowjob several models mature .mpg.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Windows\WinSxS\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_10.0.19041.1_none_a723631dce180fe0\trambling sleeping 50+ .mpg.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Windows\assembly\temp\trambling [milf] (Tatjana).rar.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Windows\SystemResources\Windows.ShellCommon.SharedResources\horse uncut titts (Kathrin,Curtney).mpg.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.1_none_0bc0f3d4cd7dc8fd\british bukkake girls lady .zip.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ces-ime-eashared-lm_31bf3856ad364e35_10.0.19041.1_none_3d0229d17c310f10\porn lingerie hot (!) .mpeg.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_6c6bd34f082a97f1\horse lingerie sleeping high heels .rar.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_f8d34ba1b1eb00de\italian horse sperm sleeping .mpg.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Windows\SoftwareDistribution\Download\SharedFileCache\japanese action horse [bangbus] (Janette).mpg.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-a..gement-uevtemplates_31bf3856ad364e35_10.0.19041.1_none_0d66b54875835a49\animal hardcore voyeur latex .mpeg.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_1bbb9ab9fc52bac9\african horse hot (!) cock .mpeg.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-u..ell-sharedutilities_31bf3856ad364e35_10.0.19041.1_none_813610a8a9b59e0a\brasilian gang bang beast several models cock circumcision .zip.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Windows\CbsTemp\tyrkish action blowjob masturbation ash (Ashley,Sarah).mpg.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Windows\Downloaded Program Files\american horse lesbian uncut feet femdom .avi.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_10.0.19041.1_none_de1581e9a275faf8\brasilian gang bang blowjob licking glans sweet .mpg.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-u..tyvm-sysprep-shared_31bf3856ad364e35_10.0.19041.1_none_3ba048793ab5eb3f\indian action trambling big glans latex .zip.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-m..ineshared.resources_31bf3856ad364e35_10.0.19041.1_en-us_a4327320c19e2fa7\african xxx voyeur mature .mpeg.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-sx-shared_31bf3856ad364e35_10.0.19041.1_none_f8e978b0ed48a6bb\canadian hardcore several models glans bondage .mpg.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Windows\WinSxS\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_10.0.19041.1_none_15ba23b7f1e2b81b\malaysia horse big (Sarah).mpeg.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\fucking hidden glans wifey (Liz).avi.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c3d467c525734eb3\spanish beast hot (!) balls .mpg.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_en-us_64f5aaf4bb13ecef\handjob trambling masturbation .mpeg.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_d58d4747b1d5988c\tyrkish kicking beast uncut .avi.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_es-es_30d7585a049f5b52\xxx sleeping latex .avi.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_14c898cc82025c76\malaysia horse catfight .avi.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3680 wrote to memory of 4776 N/A C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe
PID 3680 wrote to memory of 4776 N/A C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe
PID 3680 wrote to memory of 4776 N/A C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe
PID 4776 wrote to memory of 4668 N/A C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe
PID 4776 wrote to memory of 4668 N/A C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe
PID 4776 wrote to memory of 4668 N/A C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe

Processes

C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe

"C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe"

C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe

"C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe"

C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe

"C:\Users\Admin\AppData\Local\Temp\fc5f4a4ad33385460e01995fd59c26edf2519b0b70f36eab9e1c5dd9008c488b.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 96.136.73.23.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 68.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 24.139.73.23.in-addr.arpa udp
US 8.8.8.8:53 62.216.251.36.in-addr.arpa udp
US 8.8.8.8:53 19.52.248.35.in-addr.arpa udp
US 8.8.8.8:53 236.39.10.204.in-addr.arpa udp
US 8.8.8.8:53 58.44.212.223.in-addr.arpa udp
US 8.8.8.8:53 121.117.179.218.in-addr.arpa udp
US 8.8.8.8:53 53.65.220.39.in-addr.arpa udp
US 8.8.8.8:53 158.53.162.159.in-addr.arpa udp
US 8.8.8.8:53 98.66.242.241.in-addr.arpa udp
US 8.8.8.8:53 192.241.192.182.in-addr.arpa udp
US 8.8.8.8:53 236.156.168.93.in-addr.arpa udp
US 8.8.8.8:53 56.167.186.26.in-addr.arpa udp
US 8.8.8.8:53 253.156.151.91.in-addr.arpa udp
US 8.8.8.8:53 211.97.47.49.in-addr.arpa udp
US 8.8.8.8:53 159.230.187.129.in-addr.arpa udp
US 8.8.8.8:53 92.169.206.172.in-addr.arpa udp
US 8.8.8.8:53 163.97.222.118.in-addr.arpa udp
US 8.8.8.8:53 99.184.72.233.in-addr.arpa udp
US 8.8.8.8:53 253.18.187.225.in-addr.arpa udp
US 8.8.8.8:53 191.218.216.50.in-addr.arpa udp
US 8.8.8.8:53 59.216.248.1.in-addr.arpa udp
US 8.8.8.8:53 207.26.28.92.in-addr.arpa udp
US 8.8.8.8:53 26.51.222.232.in-addr.arpa udp
US 8.8.8.8:53 240.222.161.133.in-addr.arpa udp
US 8.8.8.8:53 224.24.157.40.in-addr.arpa udp
US 8.8.8.8:53 129.95.70.239.in-addr.arpa udp
US 8.8.8.8:53 217.16.205.79.in-addr.arpa udp
US 8.8.8.8:53 121.60.229.229.in-addr.arpa udp
US 8.8.8.8:53 113.224.206.28.in-addr.arpa udp
US 8.8.8.8:53 58.58.137.193.in-addr.arpa udp
US 8.8.8.8:53 220.245.49.216.in-addr.arpa udp
US 8.8.8.8:53 24.168.129.215.in-addr.arpa udp
US 8.8.8.8:53 218.50.142.153.in-addr.arpa udp
US 8.8.8.8:53 247.90.212.71.in-addr.arpa udp
US 8.8.8.8:53 14.218.251.27.in-addr.arpa udp
US 8.8.8.8:53 77.236.153.112.in-addr.arpa udp
US 8.8.8.8:53 80.107.173.208.in-addr.arpa udp
US 8.8.8.8:53 65.133.220.6.in-addr.arpa udp
US 8.8.8.8:53 43.42.108.35.in-addr.arpa udp
US 8.8.8.8:53 119.209.205.180.in-addr.arpa udp
US 8.8.8.8:53 244.149.111.192.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 62.104.17.63.in-addr.arpa udp
US 8.8.8.8:53 164.88.106.21.in-addr.arpa udp
US 8.8.8.8:53 55.9.10.181.in-addr.arpa udp
US 8.8.8.8:53 45.210.166.239.in-addr.arpa udp
US 8.8.8.8:53 133.140.242.103.in-addr.arpa udp
US 8.8.8.8:53 101.16.3.185.in-addr.arpa udp
US 8.8.8.8:53 164.36.225.108.in-addr.arpa udp
US 8.8.8.8:53 171.12.184.89.in-addr.arpa udp
US 8.8.8.8:53 112.79.75.135.in-addr.arpa udp
US 8.8.8.8:53 146.17.187.69.in-addr.arpa udp
US 8.8.8.8:53 90.49.55.41.in-addr.arpa udp
US 8.8.8.8:53 159.10.217.199.in-addr.arpa udp
US 8.8.8.8:53 194.41.126.147.in-addr.arpa udp
US 8.8.8.8:53 232.36.17.57.in-addr.arpa udp
US 8.8.8.8:53 8.147.134.204.in-addr.arpa udp
US 8.8.8.8:53 29.12.49.186.in-addr.arpa udp
US 8.8.8.8:53 60.243.180.211.in-addr.arpa udp
US 8.8.8.8:53 184.66.209.211.in-addr.arpa udp
US 8.8.8.8:53 159.8.228.179.in-addr.arpa udp
US 8.8.8.8:53 64.17.24.16.in-addr.arpa udp
US 8.8.8.8:53 34.121.175.44.in-addr.arpa udp
US 8.8.8.8:53 44.100.116.206.in-addr.arpa udp

Files

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\blowjob masturbation glans .rar.exe

MD5 25dd1a42ffaac33b6f9169b9a18e3569
SHA1 4c11f2a286a2882338630983a033af4924e21e09
SHA256 7561552d4094e74db8a7c916b166305055be5b4c880938aec987ae2756f8b923
SHA512 1e38a15d803bb4c844b6a18cc153283ecfff88938bc5e2f1bab67f4babd5e832e63f8150113a59976d7bdefa7e88574951aaf6b4b01db7289f587e62ee1cc5f9