Malware Analysis Report

2024-11-13 14:01

Sample ID 240407-2xa9mshb89
Target 84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac
SHA256 84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac
Tags
upx persistence spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac

Threat Level: Known bad

The file 84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac was found to be: Known bad.

Malicious Activity Summary

upx persistence spyware stealer

UPX dump on OEP (original entry point)

UPX dump on OEP (original entry point)

Detects executables containing possible sandbox analysis VM usernames

Reads user/profile data of web browsers

UPX packed file

Checks computer location settings

Enumerates connected drives

Adds Run key to start application

Drops file in System32 directory

Drops file in Windows directory

Drops file in Program Files directory

Enumerates physical storage devices

Unsigned PE

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-07 22:57

Signatures

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-07 22:57

Reported

2024-04-07 22:59

Platform

win7-20240221-en

Max time kernel

150s

Max time network

149s

Command Line

"C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe"

Signatures

Detects executables containing possible sandbox analysis VM usernames

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\canadian porn public high heels (Melissa).mpg.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\blowjob catfight (Sylvia,Liz).rar.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Windows\SysWOW64\IME\shared\malaysia kicking [free] bedroom .mpg.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Windows\System32\DriverStore\Temp\action [milf] feet mature .mpeg.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Windows\SysWOW64\IME\shared\gang bang sperm [free] .avi.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\brasilian trambling [bangbus] boobs traffic .rar.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Windows\System32\LogFiles\Fax\Incoming\kicking lesbian ash .zip.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\brasilian fucking blowjob uncut .avi.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\black trambling bukkake public (Anniston).mpeg.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\danish horse masturbation .zip.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\Microsoft Shared\danish lesbian animal licking black hairunshaved .mpeg.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Program Files\Windows Sidebar\Shared Gadgets\british trambling uncut YEâPSè& .zip.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\german cumshot cum [milf] .mpeg.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\japanese fetish beastiality [free] (Sandy,Anniston).zip.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\african animal horse uncut boobs shoes .mpeg.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Program Files\DVD Maker\Shared\lingerie masturbation glans hairy .zip.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\malaysia cumshot lesbian public ash .mpeg.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Program Files (x86)\Google\Update\Download\black beast uncut YEâPSè& (Anniston,Kathrin).mpg.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\chinese gay blowjob big .avi.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\xxx kicking masturbation ejaculation (Kathrin,Melissa).zip.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Program Files (x86)\Google\Temp\african horse lesbian [milf] young .avi.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\black bukkake bukkake lesbian .mpg.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Program Files\Windows Journal\Templates\fetish hidden ejaculation .avi.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\norwegian xxx girls femdom (Kathrin,Britney).avi.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\bukkake sleeping .avi.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\cumshot [free] glans boots .mpg.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_6.1.7600.16385_none_6377027f0030a06a\hardcore fucking several models titts castration .avi.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Windows\winsxs\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_a945e2c500c90142\spanish fetish gay masturbation gorgeoushorny .zip.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_1412267f4b3bb985\american gang bang masturbation .avi.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_7bfdfb15e7184c41\gay uncut glans castration .zip.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_3863e9ef3f804dd9\italian sperm [free] leather (Ashley,Ashley).mpeg.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\tyrkish gay masturbation nipples young (Karin,Samantha).mpeg.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Windows\PLA\Templates\fetish [milf] sweet .avi.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Windows\security\templates\african cum kicking lesbian (Melissa,Sandy).mpg.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\Downloads\indian nude fucking public titts young .mpg.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_2e7f079c3208e549\indian animal licking pregnant (Christine,Christine).zip.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_6.1.7600.16385_none_2958d4a31d2ec64f\spanish gay beast uncut lady (Britney,Gina).avi.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\gay beastiality hot (!) feet leather .avi.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\canadian horse cum full movie (Kathrin).mpeg.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Windows\SoftwareDistribution\Download\japanese lingerie sleeping .rar.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_it-it_18a6fde3093acac7\japanese kicking cum full movie balls .mpg.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_9498b282333b64ec\chinese horse public cock upskirt .rar.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Windows\assembly\temp\action big YEâPSè& .mpeg.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Windows\Downloaded Program Files\american blowjob voyeur boobs .zip.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_387a16fe7addf3b6\trambling hidden ash .mpg.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_965db382b6fef5cb\horse blowjob public .rar.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_aedaf3947d09fbe5\kicking kicking licking cock redhair (Tatjana,Sarah).avi.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_515dc677700303ec\porn porn catfight .zip.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\indian blowjob lingerie several models latex .mpeg.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\indian cumshot sperm [milf] gorgeoushorny .rar.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f25d066604c2ad34\chinese handjob gay several models girly .mpeg.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ea4a469ab7713182\tyrkish blowjob action lesbian legs castration (Jenna).mpg.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2fc4a33adb648f33\black horse horse several models .mpg.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\trambling hot (!) .rar.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Windows\assembly\tmp\swedish lingerie sleeping hairy (Sandy,Sarah).avi.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_de-de_5803850b2f40840e\british gang bang sperm voyeur femdom (Melissa).mpeg.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ad7c61fb28607522\porn full movie bedroom .zip.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Windows\winsxs\InstallTemp\gay cumshot uncut hole .rar.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_ddab3bcb3a4ffb45\japanese lesbian lingerie uncut boobs balls .rar.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\russian gang bang fetish [milf] blondie .mpeg.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\norwegian handjob action full movie .mpg.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_65b23d3c3a97bfaf\british handjob uncut .mpeg.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_f0ca3430257ea13f\beast action sleeping girly (Gina).avi.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_095efe9c8261401e\lingerie hidden young .mpeg.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_60a2cbbf935c42b4\african gay public .zip.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_963e6ae24c653bfe\german sperm hidden .mpeg.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\lesbian hot (!) shower (Sonja,Liz).zip.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_f27c4f066f5c6701\indian handjob handjob lesbian vagina .mpeg.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_657d9a203abeb154\russian cumshot blowjob [free] feet leather .zip.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5d6ada54ed6d35a2\french horse full movie .zip.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8bfc34b93f0fdd42\tyrkish beastiality cum masturbation titts fishy .rar.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_6f0f7833cb71e18d\indian kicking cum big nipples .rar.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8d9f242de8497d58\horse gay hidden upskirt .zip.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_en-us_00f45b041e1e8fd3\swedish lingerie masturbation legs .mpg.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e30b5ec05031d17d\lesbian fucking [milf] .mpg.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_f3c374fc18118ca2\japanese cumshot cumshot sleeping glans ejaculation .mpeg.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\beast handjob public 40+ .zip.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_60c2504d62fd4f0e\handjob fetish voyeur (Janette).mpg.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0993a1b8823a4e79\asian porn several models hotel .mpeg.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_05ea1d9b8e2bf020\british handjob kicking hidden YEâPSè& (Liz,Sarah).zip.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_4fe2107fd06efdd8\spanish cumshot hardcore public ìï (Tatjana).zip.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b4aea777fe683838\asian animal girls YEâPSè& .mpg.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Windows\winsxs\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_16a2bb1dbab1c595\african horse animal big (Sonja,Jenna).zip.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_cd2006602e5ee22e\nude girls shoes (Samantha,Christine).mpeg.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_664dbffec8693dfe\gang bang lesbian full movie femdom .mpeg.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\xxx full movie latex (Britney,Curtney).rar.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_6.1.7600.16385_none_49dd84a06c7c8863\xxx hot (!) hole ìï .rar.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_97a45841ff925aa0\black beastiality lesbian several models shower .zip.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ac16749b75335680\chinese kicking cum [bangbus] latex .avi.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1956 wrote to memory of 2648 N/A C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe
PID 1956 wrote to memory of 2648 N/A C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe
PID 1956 wrote to memory of 2648 N/A C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe
PID 1956 wrote to memory of 2648 N/A C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe
PID 2648 wrote to memory of 2832 N/A C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe
PID 2648 wrote to memory of 2832 N/A C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe
PID 2648 wrote to memory of 2832 N/A C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe
PID 2648 wrote to memory of 2832 N/A C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe

Processes

C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe

"C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe"

C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe

"C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe"

C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe

"C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 246.4.42.125.in-addr.arpa udp
US 8.8.8.8:53 203.204.244.19.in-addr.arpa udp
US 8.8.8.8:53 41.230.180.227.in-addr.arpa udp
US 8.8.8.8:53 234.70.41.69.in-addr.arpa udp
US 8.8.8.8:53 85.150.73.152.in-addr.arpa udp
US 8.8.8.8:53 117.246.142.225.in-addr.arpa udp
US 8.8.8.8:53 163.115.193.185.in-addr.arpa udp
US 8.8.8.8:53 250.218.43.48.in-addr.arpa udp
US 8.8.8.8:53 232.150.83.6.in-addr.arpa udp
US 8.8.8.8:53 201.97.89.2.in-addr.arpa udp
US 8.8.8.8:53 123.127.129.37.in-addr.arpa udp
US 8.8.8.8:53 178.184.197.92.in-addr.arpa udp
US 8.8.8.8:53 220.119.101.124.in-addr.arpa udp
US 8.8.8.8:53 218.254.91.195.in-addr.arpa udp
US 8.8.8.8:53 184.8.250.5.in-addr.arpa udp
US 8.8.8.8:53 245.185.146.99.in-addr.arpa udp
US 8.8.8.8:53 49.52.18.10.in-addr.arpa udp
US 8.8.8.8:53 157.17.6.28.in-addr.arpa udp
US 8.8.8.8:53 76.250.13.250.in-addr.arpa udp
US 8.8.8.8:53 139.123.241.191.in-addr.arpa udp
US 8.8.8.8:53 1.4.141.31.in-addr.arpa udp
US 8.8.8.8:53 225.104.88.213.in-addr.arpa udp
US 8.8.8.8:53 135.248.205.249.in-addr.arpa udp
US 8.8.8.8:53 173.242.90.92.in-addr.arpa udp
US 8.8.8.8:53 141.230.15.69.in-addr.arpa udp
US 8.8.8.8:53 20.183.242.178.in-addr.arpa udp
US 8.8.8.8:53 177.113.171.79.in-addr.arpa udp
US 8.8.8.8:53 111.64.226.176.in-addr.arpa udp
US 8.8.8.8:53 157.166.170.66.in-addr.arpa udp

Files

memory/1956-0-0x0000000000400000-0x000000000041F000-memory.dmp

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\german cumshot cum [milf] .mpeg.exe

MD5 95e60b6fd1586b25881bd83dc3ff3f04
SHA1 6324efecde9c885f89d99793b93f53e23cc3b2cd
SHA256 c9d8ead07a9b871563eef6bdbc7c769241a13ad38ed09e41732e8dab77f15fd2
SHA512 9068f2488df11ecd05d59c85f49ae5b98c93602b9c1d520c37203fee482ef020b2222322c6c7350e68d840f7f3eebe10b1241502add538e9abf8f90070bc0e74

memory/1956-61-0x0000000005130000-0x000000000514F000-memory.dmp

memory/2648-62-0x0000000000400000-0x000000000041F000-memory.dmp

memory/2648-86-0x0000000004CD0000-0x0000000004CEF000-memory.dmp

memory/2832-87-0x0000000000400000-0x000000000041F000-memory.dmp

memory/1956-103-0x0000000000400000-0x000000000041F000-memory.dmp

memory/1956-105-0x0000000005130000-0x000000000514F000-memory.dmp

memory/2648-106-0x0000000000400000-0x000000000041F000-memory.dmp

memory/2648-108-0x0000000004CD0000-0x0000000004CEF000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-04-07 22:57

Reported

2024-04-07 22:59

Platform

win10v2004-20240226-en

Max time kernel

150s

Max time network

149s

Command Line

"C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe"

Signatures

Detects executables containing possible sandbox analysis VM usernames

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\american horse lingerie [milf] hole shoes .mpeg.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\black horse fucking sleeping .mpeg.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Windows\SysWOW64\IME\SHARED\russian nude gay full movie bedroom .mpeg.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\black horse lesbian lesbian glans high heels .zip.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\italian handjob horse [milf] redhair .mpeg.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\kicking horse licking YEâPSè& .zip.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\american cumshot hardcore [bangbus] glans .mpeg.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\italian nude sperm hot (!) (Sarah).mpeg.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\indian handjob blowjob uncut feet 40+ (Samantha).mpg.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Windows\System32\DriverStore\Temp\sperm masturbation hole (Sonja,Samantha).zip.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Windows\SysWOW64\IME\SHARED\lesbian [bangbus] granny .zip.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Windows\System32\LogFiles\Fax\Incoming\beast voyeur penetration (Ashley,Melissa).mpg.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\gay full movie hairy .zip.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Program Files\Microsoft Office\Updates\Download\japanese cum fucking voyeur bondage .mpeg.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\lesbian [free] .avi.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\indian nude trambling licking balls (Sonja,Sarah).mpeg.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Program Files\Common Files\microsoft shared\lesbian lesbian .mpeg.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\lesbian big hotel .rar.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\russian cum bukkake hidden hotel .mpg.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\kicking bukkake girls feet hairy .avi.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Program Files (x86)\Google\Update\Download\sperm hot (!) leather .mpg.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Program Files\dotnet\shared\tyrkish nude fucking public feet penetration (Liz).mpeg.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\lingerie [milf] cock .rar.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\tyrkish nude trambling hidden hole penetration .mpg.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\danish kicking bukkake hot (!) .rar.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\brasilian cumshot gay [free] hole beautyfull .mpeg.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\american gang bang beast public cock sweet .avi.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Program Files\Windows Sidebar\Shared Gadgets\danish cumshot gay lesbian cock sm .avi.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Program Files (x86)\Google\Temp\horse big .rar.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\black kicking lesbian public .mpg.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.867_en-us_49453482f1fb5356\blowjob public (Janette).avi.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Windows\WinSxS\amd64_netfx-shared_registry_whidbey_31bf3856ad364e35_10.0.19041.1_none_1c68775f06732f08\danish fetish gay big titts high heels .rar.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_fe0807c37141be7a\indian kicking lesbian big ash .rar.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\indian nude trambling [free] traffic .avi.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_e79b400a6df5fd2c\french gay girls titts YEâPSè& .mpeg.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_de-de_881b257d159a5de8\black fetish sperm masturbation titts upskirt .avi.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_3a3c49005c947bac\danish handjob horse big sm .mpeg.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Windows\WinSxS\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_10.0.19041.1_none_4ab14109a3e1e067\german fucking [bangbus] cock latex .mpg.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Windows\CbsTemp\italian action lesbian uncut granny (Sonja,Jade).mpeg.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\Downloads\american cum bukkake sleeping high heels .mpg.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_89c0bf1761110f07\norwegian horse masturbation granny (Britney,Samantha).rar.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1_none_97e9c0335b4cd39a\horse hidden cock balls (Tatjana).zip.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_f8d34ba1b1eb00de\german sperm [free] glans (Britney,Jade).avi.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_2426cc56d654beaa\xxx catfight .avi.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Windows\WinSxS\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_10.0.19041.1_none_15ba23b7f1e2b81b\porn horse catfight balls .mpeg.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_211cf1c632a13851\cumshot xxx [free] leather (Sonja,Janette).mpg.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_es-es_bf79b5fcc06b3128\asian fucking several models balls (Sonja,Sarah).avi.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_adfc5e0bfca53431\cum lingerie [milf] sm .mpeg.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_es-es_e5c3ad79c4e34ebb\cum beast sleeping bedroom (Britney,Sylvia).mpg.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedrealitysvc_31bf3856ad364e35_10.0.19041.746_none_822bf1ada1526fa8\spanish bukkake [free] cock 50+ (Liz).mpeg.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_it-it_1a80ce63d483fe70\african fucking voyeur sm .rar.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Windows\assembly\temp\russian gang bang beast licking hole .mpeg.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\tyrkish handjob bukkake licking glans (Kathrin,Curtney).avi.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.1_none_7862ecae0548fb54\bukkake voyeur feet ash .mpeg.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Windows\WinSxS\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_10.0.19041.1_none_c049dbdb4e15bdd2\norwegian sperm sleeping .avi.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Windows\WinSxS\x86_netfx4-installsqlstatetemplate_sql_b03f5f7f11d50a3a_4.0.15805.0_none_bde408a455fc3ece\spanish trambling lesbian feet wifey .mpeg.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_621728fcd3c9d5f6\hardcore several models shower (Britney,Tatjana).mpeg.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_it-it_56adcc94becfef03\spanish sperm [free] .rar.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_it-it_f1a0741e853eda74\lesbian masturbation cock .avi.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.84_none_c494b3b28da10665\porn sperm girls (Tatjana).mpeg.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Windows\WinSxS\x86_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_10.0.19041.1_none_d980e9752d51efac\gay [free] hole ash (Karin).rar.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\gay catfight hole stockings .mpg.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-security-ntlmshared_31bf3856ad364e35_10.0.19041.1_none_734900fc110387b6\british blowjob public (Melissa).zip.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_19d22204a1f3fcaf\canadian gay uncut (Curtney).mpg.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_cb389cf57d74d691\malaysia hardcore hidden hotel .avi.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.1_none_6e0e425bd0e83959\beast several models cock penetration .zip.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_5d54c0aac5c3c12c\canadian sperm catfight femdom (Anniston,Curtney).avi.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.746_none_96167fa49059f7a3\canadian horse [free] feet high heels .zip.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..ces-ime-eashared-lm_31bf3856ad364e35_10.0.19041.1_none_4756d423b091d10b\swedish fetish lesbian masturbation stockings .avi.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.746_none_de598551b74a3964\beast licking titts .zip.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\fucking [bangbus] titts .mpeg.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_it-it_bdb6c49fcea35732\japanese nude lesbian big .avi.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\templates\indian animal beast catfight .avi.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_10.0.19041.1_none_de1581e9a275faf8\lingerie big glans beautyfull (Tatjana).mpg.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.1266_none_7916f7558927ae23\british sperm masturbation glans .rar.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Windows\SystemResources\Windows.ShellCommon.SharedResources\italian nude lesbian several models glans .mpeg.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_fad1fa0072ef4a3a\handjob fucking public mistress .avi.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_5abbd3c4a3f2014c\cumshot hardcore hot (!) titts beautyfull (Janette).zip.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5fdc43acc1be690d\chinese beast public shoes .zip.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_07787dd7ae0cf4f6\french gay full movie hole .zip.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_10.0.19041.746_none_e2c6a972a81b8d2c\gang bang hardcore hidden (Samantha).mpg.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_ca03036af4a5017e\french beast hidden .zip.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\brasilian cum gay [free] .avi.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\templates\black animal trambling uncut .rar.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_10.0.19041.1_none_01240756137c3159\malaysia hardcore catfight (Janette).zip.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_d58d4747b1d5988c\norwegian gay public (Curtney).avi.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.1_none_b201c2e68d8dbc0d\malaysia hardcore lesbian cock fishy .zip.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5021dd18efc0460c\swedish fetish lingerie full movie young .rar.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_855aff45853749ef\british xxx [milf] cock .rar.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..se-shared-datafiles_31bf3856ad364e35_10.0.19041.1_none_2f5f00d280dce9f6\horse beast full movie blondie .rar.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..ervices-tsfairshare_31bf3856ad364e35_10.0.19041.1_none_e32b64807ab11fd2\action blowjob several models Ôï .mpeg.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-u..ell-sharedutilities_31bf3856ad364e35_10.0.19041.546_none_a93e4a2569276206\action blowjob full movie .mpg.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_6242879b1c08046f\gay public hole .avi.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\trambling [milf] feet (Jenna,Curtney).avi.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2044 wrote to memory of 3596 N/A C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe
PID 2044 wrote to memory of 3596 N/A C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe
PID 2044 wrote to memory of 3596 N/A C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe
PID 3596 wrote to memory of 920 N/A C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe
PID 3596 wrote to memory of 920 N/A C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe
PID 3596 wrote to memory of 920 N/A C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe

Processes

C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe

"C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe"

C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe

"C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe"

C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe

"C:\Users\Admin\AppData\Local\Temp\84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 68.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 11.57.123.166.in-addr.arpa udp
US 8.8.8.8:53 86.217.45.175.in-addr.arpa udp
US 8.8.8.8:53 38.188.31.127.in-addr.arpa udp
US 8.8.8.8:53 27.97.37.121.in-addr.arpa udp
US 8.8.8.8:53 111.131.94.152.in-addr.arpa udp
US 8.8.8.8:53 243.200.23.132.in-addr.arpa udp
US 8.8.8.8:53 86.166.112.114.in-addr.arpa udp
US 8.8.8.8:53 72.59.246.60.in-addr.arpa udp
US 8.8.8.8:53 54.48.228.195.in-addr.arpa udp
US 8.8.8.8:53 5.69.157.20.in-addr.arpa udp
US 8.8.8.8:53 28.76.134.26.in-addr.arpa udp
US 8.8.8.8:53 97.15.54.20.in-addr.arpa udp
US 8.8.8.8:53 137.37.53.37.in-addr.arpa udp
US 8.8.8.8:53 198.196.76.72.in-addr.arpa udp
US 8.8.8.8:53 97.63.107.33.in-addr.arpa udp
US 8.8.8.8:53 202.107.28.145.in-addr.arpa udp
US 8.8.8.8:53 148.209.6.201.in-addr.arpa udp
US 8.8.8.8:53 152.234.98.137.in-addr.arpa udp
US 8.8.8.8:53 132.221.60.100.in-addr.arpa udp
US 8.8.8.8:53 225.112.210.123.in-addr.arpa udp
US 8.8.8.8:53 54.211.149.102.in-addr.arpa udp
US 8.8.8.8:53 4.121.203.16.in-addr.arpa udp
US 8.8.8.8:53 2.35.220.114.in-addr.arpa udp
US 8.8.8.8:53 57.67.54.20.in-addr.arpa udp
US 8.8.8.8:53 199.167.162.59.in-addr.arpa udp
US 8.8.8.8:53 29.116.30.106.in-addr.arpa udp
US 8.8.8.8:53 239.149.236.32.in-addr.arpa udp
US 8.8.8.8:53 222.211.6.74.in-addr.arpa udp
US 8.8.8.8:53 93.50.229.168.in-addr.arpa udp
US 8.8.8.8:53 80.189.223.136.in-addr.arpa udp
US 8.8.8.8:53 222.98.25.35.in-addr.arpa udp
US 8.8.8.8:53 117.117.125.20.in-addr.arpa udp
US 8.8.8.8:53 251.149.239.29.in-addr.arpa udp
US 8.8.8.8:53 202.238.11.119.in-addr.arpa udp
US 8.8.8.8:53 9.221.156.11.in-addr.arpa udp
US 8.8.8.8:53 153.125.168.185.in-addr.arpa udp
US 8.8.8.8:53 252.236.93.83.in-addr.arpa udp
US 8.8.8.8:53 172.182.156.113.in-addr.arpa udp
US 8.8.8.8:53 98.56.20.217.in-addr.arpa udp
US 8.8.8.8:53 112.82.130.26.in-addr.arpa udp
US 8.8.8.8:53 245.28.179.194.in-addr.arpa udp
US 8.8.8.8:53 209.197.223.48.in-addr.arpa udp
US 8.8.8.8:53 15.93.254.130.in-addr.arpa udp
US 8.8.8.8:53 30.195.109.40.in-addr.arpa udp
US 8.8.8.8:53 220.46.193.16.in-addr.arpa udp
US 8.8.8.8:53 64.43.210.59.in-addr.arpa udp
US 8.8.8.8:53 42.172.248.186.in-addr.arpa udp
US 8.8.8.8:53 192.9.116.250.in-addr.arpa udp
US 8.8.8.8:53 193.46.112.241.in-addr.arpa udp
US 8.8.8.8:53 118.26.75.21.in-addr.arpa udp
US 8.8.8.8:53 146.50.8.119.in-addr.arpa udp
US 8.8.8.8:53 164.218.157.89.in-addr.arpa udp
US 8.8.8.8:53 82.164.25.25.in-addr.arpa udp
US 8.8.8.8:53 20.93.83.89.in-addr.arpa udp
US 8.8.8.8:53 151.82.237.142.in-addr.arpa udp
US 8.8.8.8:53 7.153.188.240.in-addr.arpa udp
US 8.8.8.8:53 96.189.148.13.in-addr.arpa udp
US 8.8.8.8:53 150.79.63.200.in-addr.arpa udp
US 8.8.8.8:53 100.247.204.107.in-addr.arpa udp
US 8.8.8.8:53 222.84.207.62.in-addr.arpa udp
US 8.8.8.8:53 239.144.58.219.in-addr.arpa udp
US 8.8.8.8:53 134.255.232.107.in-addr.arpa udp
US 8.8.8.8:53 127.15.72.122.in-addr.arpa udp
US 8.8.8.8:53 197.191.76.27.in-addr.arpa udp

Files

memory/2044-0-0x0000000000400000-0x000000000041F000-memory.dmp

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\lesbian big hotel .rar.exe

MD5 60e2a23d1b8033ba97b275c4d4ca47e9
SHA1 c0742c1f7b2ba5f4f64eb6aff9d3431f6253708e
SHA256 88e168435dbb98016844ca1746f5b7da0c524dbcf0a2b2273539b4ff88806d3c
SHA512 94d132298d2c2b02bde3a2c16ca7503dea5d8b3b2b859b6b052809a26ad2e87ea79aecac1fa1b7982dffc6e56d64e12a84cbb889d4b96ff36cf009206d4ae03a

memory/3596-38-0x0000000000400000-0x000000000041F000-memory.dmp

memory/920-163-0x0000000000400000-0x000000000041F000-memory.dmp

memory/2044-190-0x0000000000400000-0x000000000041F000-memory.dmp

memory/3596-191-0x0000000000400000-0x000000000041F000-memory.dmp

memory/920-193-0x0000000000400000-0x000000000041F000-memory.dmp