Malware Analysis Report

2024-11-30 02:48

Sample ID 240407-wvfhpaba83
Target 048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e
SHA256 048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e
Tags
upx persistence spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e

Threat Level: Known bad

The file 048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e was found to be: Known bad.

Malicious Activity Summary

upx persistence spyware stealer

UPX dump on OEP (original entry point)

Detects executables containing possible sandbox analysis VM usernames

UPX dump on OEP (original entry point)

Reads user/profile data of web browsers

UPX packed file

Checks computer location settings

Adds Run key to start application

Enumerates connected drives

Drops file in System32 directory

Drops file in Program Files directory

Drops file in Windows directory

Unsigned PE

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-07 18:14

Signatures

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-07 18:14

Reported

2024-04-07 18:16

Platform

win7-20240319-en

Max time kernel

150s

Max time network

149s

Command Line

"C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe"

Signatures

Detects executables containing possible sandbox analysis VM usernames

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\IME\shared\malaysia nude [milf] fishy .zip.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\fucking cum girls stockings .mpg.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\black blowjob masturbation hole (Sonja,Jenna).rar.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Windows\System32\DriverStore\Temp\danish beast animal sleeping vagina (Sylvia,Anniston).zip.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\beast nude hidden cock .zip.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\fetish xxx several models (Tatjana).mpg.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\beastiality catfight girly (Curtney,Melissa).rar.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Windows\SysWOW64\IME\shared\horse cumshot full movie titts redhair .mpg.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Windows\System32\LogFiles\Fax\Incoming\lesbian porn catfight high heels .mpeg.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\british hardcore blowjob licking stockings (Christine,Christine).mpg.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\Microsoft Shared\french lingerie hardcore [free] fishy .zip.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Program Files\Windows Journal\Templates\nude fucking [free] (Sandy,Karin).avi.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\russian nude beast voyeur .zip.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\american horse horse voyeur (Samantha,Ashley).rar.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Program Files\DVD Maker\Shared\danish blowjob sleeping .mpeg.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\brasilian porn sleeping ash castration (Ashley,Anniston).zip.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\indian gay gay lesbian stockings (Janette).zip.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\porn sperm [milf] YEâPSè& (Britney).mpg.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Program Files\Windows Sidebar\Shared Gadgets\russian nude cumshot voyeur bondage .zip.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Program Files (x86)\Google\Update\Download\italian trambling [bangbus] swallow .rar.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\gay sleeping swallow .mpg.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Program Files (x86)\Google\Temp\brasilian horse sperm [free] cock .zip.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\xxx gang bang girls (Kathrin).mpg.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\brasilian horse trambling sleeping redhair (Sonja).mpg.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\tyrkish porn uncut .rar.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_60a2cbbf935c42b4\spanish action animal voyeur vagina (Melissa,Melissa).rar.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5d9f7d70ed4643fd\british lingerie voyeur high heels .mpeg.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e30b5ec05031d17d\spanish kicking hardcore girls femdom .rar.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8bfc34b93f0fdd42\cum cum licking .rar.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_7bfdfb15e7184c41\gay public femdom .rar.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_6.1.7600.16385_none_2958d4a31d2ec64f\nude hardcore [bangbus] (Liz,Sonja).mpeg.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Windows\assembly\tmp\japanese cumshot blowjob [free] shower (Sarah,Jenna).zip.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Windows\winsxs\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_dba3691c6002e10e\german handjob masturbation nipples hotel .zip.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_963e6ae24c653bfe\german lingerie sperm hidden bedroom .zip.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_515dc677700303ec\porn several models (Karin,Samantha).zip.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_ddab3bcb3a4ffb45\beast hardcore big (Melissa,Sylvia).mpeg.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\porn gang bang masturbation feet stockings .zip.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\british porn big ejaculation (Karin,Karin).avi.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_34400a5790d1d336\african trambling voyeur cock (Tatjana,Samantha).mpg.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\trambling lingerie hot (!) ash mistress (Janette).avi.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\russian fucking voyeur sweet .rar.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_6.1.7600.16385_none_af6f98ff87b0e3cc\beastiality action [bangbus] gorgeoushorny (Sonja).mpg.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_b7f38afb92de484f\action lesbian ash (Ashley,Kathrin).mpg.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_387a16fe7addf3b6\cum hidden nipples mistress (Melissa).zip.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\fetish cum uncut hole .avi.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_94828572f7ddbf0f\xxx lesbian (Sarah,Janette).mpeg.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b4aea777fe683838\american gay full movie pregnant .mpeg.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_1412267f4b3bb985\japanese beast hot (!) swallow .avi.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Windows\winsxs\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_16a2bb1dbab1c595\german gang bang full movie .avi.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\bukkake public Ôë .zip.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f25d066604c2ad34\lingerie big redhair .mpeg.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_de-de_5803850b2f40840e\japanese beast several models sweet (Liz,Kathrin).mpeg.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0af98f1835676d1b\beast sleeping blondie (Kathrin,Sylvia).mpeg.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\african sperm action full movie .zip.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\canadian action hidden sm .avi.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05\malaysia gay blowjob voyeur cock redhair .zip.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_00225053e03f4c04\spanish cumshot masturbation glans leather .avi.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a3772de7111797da\bukkake uncut bondage .mpg.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0ac4ebfc358e5ec0\xxx several models (Sandy).mpg.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Windows\winsxs\x86_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_dd18b2a07d49aa11\action masturbation balls (Sarah,Jenna).zip.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\horse uncut (Sarah).rar.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\norwegian cumshot sleeping hotel .zip.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_6.1.7600.16385_none_49dd84a06c7c8863\japanese cum fetish public legs leather .zip.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Windows\winsxs\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_a945e2c500c90142\african kicking lesbian .zip.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_657d9a203abeb154\canadian bukkake beastiality full movie titts ìï .mpeg.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_965db382b6fef5cb\british fetish full movie cock .avi.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_3d98a610fed70b75\spanish cum horse public lady .mpeg.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Windows\winsxs\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_5e4ff1f4cf2dee9b\chinese bukkake [milf] .mpeg.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\brasilian lesbian public boobs ejaculation .mpg.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_65b23d3c3a97bfaf\tyrkish lingerie girls girly .rar.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Windows\winsxs\amd64_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_c26c5b8280c6af34\cum horse hot (!) (Samantha,Anniston).mpeg.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_3b85bcbe4734e96a\swedish fucking beastiality [bangbus] (Jade).rar.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\Downloads\trambling uncut YEâPSè& .zip.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Windows\SoftwareDistribution\Download\african horse kicking full movie (Liz).zip.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_99b74194b7347cab\black beastiality fetish hidden titts .mpeg.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_9498b282333b64ec\british bukkake public .mpeg.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\fetish licking boobs hairy .mpeg.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5d6ada54ed6d35a2\hardcore animal [free] .mpg.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_6208b91f46896156\beast girls .mpeg.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_79642285ffd2a388\german horse kicking masturbation (Samantha,Christine).avi.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\horse public (Karin).mpeg.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\fucking gang bang uncut (Kathrin,Sonja).zip.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8d9f242de8497d58\lesbian full movie .zip.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_bacc7ceffc55dca2\beast gang bang full movie .mpg.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_3863e9ef3f804dd9\brasilian horse nude voyeur pregnant (Britney).mpg.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_d81c96999f75bd77\german gay masturbation swallow .mpeg.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_4fe2107fd06efdd8\swedish porn voyeur .mpeg.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_97a45841ff925aa0\german beastiality nude [free] (Jenna,Sarah).avi.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_cd2006602e5ee22e\spanish cumshot hidden ash bondage .rar.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1068 wrote to memory of 2580 N/A C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe
PID 1068 wrote to memory of 2580 N/A C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe
PID 1068 wrote to memory of 2580 N/A C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe
PID 1068 wrote to memory of 2580 N/A C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe
PID 2580 wrote to memory of 2416 N/A C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe
PID 2580 wrote to memory of 2416 N/A C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe
PID 2580 wrote to memory of 2416 N/A C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe
PID 2580 wrote to memory of 2416 N/A C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe
PID 1068 wrote to memory of 2976 N/A C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe
PID 1068 wrote to memory of 2976 N/A C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe
PID 1068 wrote to memory of 2976 N/A C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe
PID 1068 wrote to memory of 2976 N/A C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe

Processes

C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe

"C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe"

C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe

"C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe"

C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe

"C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe"

C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe

"C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 234.158.23.96.in-addr.arpa udp
US 8.8.8.8:53 50.36.29.15.in-addr.arpa udp
US 8.8.8.8:53 65.85.183.67.in-addr.arpa udp
US 8.8.8.8:53 241.249.22.160.in-addr.arpa udp
US 8.8.8.8:53 15.93.84.125.in-addr.arpa udp
US 8.8.8.8:53 183.79.241.104.in-addr.arpa udp
US 8.8.8.8:53 216.21.18.78.in-addr.arpa udp
US 8.8.8.8:53 204.6.38.58.in-addr.arpa udp
US 8.8.8.8:53 170.117.134.248.in-addr.arpa udp
US 8.8.8.8:53 113.203.186.155.in-addr.arpa udp
US 8.8.8.8:53 226.123.38.251.in-addr.arpa udp
US 8.8.8.8:53 83.218.170.60.in-addr.arpa udp
US 8.8.8.8:53 239.197.157.131.in-addr.arpa udp
US 8.8.8.8:53 58.115.139.245.in-addr.arpa udp
US 8.8.8.8:53 8.1.160.190.in-addr.arpa udp
US 8.8.8.8:53 20.206.60.246.in-addr.arpa udp
US 8.8.8.8:53 219.188.97.244.in-addr.arpa udp
US 8.8.8.8:53 146.26.198.28.in-addr.arpa udp
US 8.8.8.8:53 180.228.163.143.in-addr.arpa udp
US 8.8.8.8:53 64.145.59.138.in-addr.arpa udp

Files

memory/1068-0-0x0000000000400000-0x000000000041E000-memory.dmp

C:\Program Files\Windows Sidebar\Shared Gadgets\russian nude cumshot voyeur bondage .zip.exe

MD5 b8995611a7dda64d23465daeac22db8a
SHA1 80ec4391be1f4e36839c9a0c863871f11252b1de
SHA256 a63d8385bf3e57919fbff19d2ba4e43461f63915b798bd135878deaab4920cfb
SHA512 9dee4ce7d58d939ad13fb0174a16e8f8391628a7d17a924a2e1b7d744c99814e4c722c7c31cee36d86b7f8dd99501a54ab166e86e2e66ffbd2d5a3d488cbd6c1

memory/1068-16-0x0000000004A30000-0x0000000004A4E000-memory.dmp

memory/2580-17-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2580-54-0x00000000045C0000-0x00000000045DE000-memory.dmp

memory/2416-55-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2976-56-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1068-89-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2580-90-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2416-91-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2976-92-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1068-93-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1068-94-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1068-96-0x0000000004A30000-0x0000000004A4E000-memory.dmp

memory/2580-97-0x00000000045C0000-0x00000000045DE000-memory.dmp

memory/1068-101-0x0000000004FF0000-0x000000000500E000-memory.dmp

memory/1068-102-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1068-116-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1068-120-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1068-124-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1068-128-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1068-132-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1068-138-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1068-142-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1068-146-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1068-150-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1068-154-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1068-158-0x0000000000400000-0x000000000041E000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-04-07 18:14

Reported

2024-04-07 18:16

Platform

win10v2004-20240226-en

Max time kernel

150s

Max time network

152s

Command Line

"C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe"

Signatures

Detects executables containing possible sandbox analysis VM usernames

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\LogFiles\Fax\Incoming\danish gang bang lingerie hot (!) hairy .mpg.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\indian fetish blowjob girls hole mistress .avi.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\brasilian gang bang blowjob girls hole .mpg.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\trambling uncut cock femdom (Jade).rar.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\brasilian porn hardcore hot (!) .avi.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\russian cumshot trambling [milf] bedroom .mpg.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Windows\System32\DriverStore\Temp\italian horse blowjob hidden titts .mpeg.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\lingerie masturbation cock hotel .rar.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\japanese kicking beast uncut .mpg.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Windows\SysWOW64\IME\SHARED\swedish gang bang sperm big castration .mpg.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\sperm hot (!) (Sarah).zip.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Windows\SysWOW64\IME\SHARED\brasilian kicking gay hot (!) castration .mpg.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Common Files\Microsoft Shared\brasilian cum xxx hidden .mpg.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\swedish fetish trambling catfight hole (Britney,Melissa).zip.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\italian gang bang xxx big sweet .avi.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Program Files (x86)\Google\Update\Download\tyrkish porn sperm hot (!) .mpg.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\brasilian animal xxx [free] titts .rar.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Program Files\Microsoft Office\Updates\Download\horse [free] boots .rar.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\italian animal trambling big hole .avi.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\hardcore public hole castration (Tatjana).mpg.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\swedish porn fucking full movie 40+ .mpg.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\black nude xxx hot (!) titts stockings .zip.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\indian fetish trambling [free] 50+ .mpeg.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\hardcore lesbian (Jade).mpg.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Program Files\Windows Sidebar\Shared Gadgets\bukkake masturbation (Samantha).mpg.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\bukkake several models hotel .rar.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Program Files (x86)\Google\Temp\tyrkish fetish hardcore sleeping glans upskirt .rar.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Program Files\Common Files\microsoft shared\brasilian fetish horse voyeur feet leather .zip.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Program Files\dotnet\shared\black fetish horse girls ejaculation .mpg.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\japanese porn fucking licking (Jade).zip.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\WinSxS\amd64_netfx4-installsqlstatetemplate_sql_b03f5f7f11d50a3a_4.0.15805.0_none_7636d1cd418015c8\indian gang bang horse masturbation boots .rar.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_ca03036af4a5017e\canadian sperm voyeur ash .mpeg.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\brasilian cumshot hardcore uncut (Tatjana).mpg.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.746_none_d01527cffa9c25bc\german sperm masturbation feet .mpg.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.906_none_ef0e010d1381269b\japanese porn fucking full movie circumcision .rar.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_10.0.19041.1_none_096bb4dc0d5d63a0\asian blowjob girls granny .zip.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..ervices-tsfairshare_31bf3856ad364e35_10.0.19041.1_none_e32b64807ab11fd2\chinese gay lesbian 50+ .zip.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Windows\WinSxS\InstallTemp\beast [milf] feet wifey .mpg.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_5b152a8d329397ec\canadian horse masturbation cock .zip.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.1_none_fa09f84703cb02c5\japanese beastiality gay big cock .avi.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Windows\SystemResources\Windows.UI.ShellCommon\SharePickerUI\indian kicking xxx full movie .avi.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-security-ntlmshared_31bf3856ad364e35_10.0.19041.1_none_734900fc110387b6\french lesbian masturbation cock girly (Tatjana).mpg.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.746_none_96167fa49059f7a3\animal beast voyeur circumcision .zip.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-u..ell-sharedutilities_31bf3856ad364e35_10.0.19041.546_none_a93e4a2569276206\chinese lesbian hidden cock leather .mpg.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\templates\blowjob sleeping cock .zip.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1202_none_d8a1416ab7cccdcf\danish handjob hardcore several models fishy .mpg.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.1_none_abfc9db6c377b91f\canadian fucking [free] high heels .rar.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-u..ell-sharedutilities_31bf3856ad364e35_10.0.19041.1_none_813610a8a9b59e0a\cum gay several models titts sm (Sarah).avi.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_bca64d70c79f104b\cumshot beast voyeur .mpeg.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.964_none_1c1a193f5bfcf136\horse licking hole .rar.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_de-de_bc04d4fbcc35e12a\action beast several models .avi.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_en-us_64f5aaf4bb13ecef\malaysia fucking masturbation (Janette).avi.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedpc-sharedpccsp_31bf3856ad364e35_10.0.19041.746_none_4cfe603abbcbfd86\italian porn beast hidden (Janette).avi.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..acejoin-gptemplates_31bf3856ad364e35_10.0.19041.1_none_609f27436445f4da\fetish gay sleeping mature (Sonja,Sylvia).rar.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\beast big feet .zip.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\beast girls feet lady .mpeg.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_19d22204a1f3fcaf\swedish nude sperm [free] cock gorgeoushorny .zip.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_93c5f32b7859ec4f\gang bang bukkake licking gorgeoushorny .mpg.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Windows\WinSxS\amd64_netfx4-uninstallsqlstatetemplate_sql_b03f5f7f11d50a3a_4.0.15805.0_none_db70a8ec1b999dd5\black horse hardcore masturbation feet bondage .avi.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Windows\CbsTemp\tyrkish porn lesbian hidden hole sweet (Jade).mpg.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.1_none_4a03fd12cb3f16c2\indian cum bukkake lesbian feet .rar.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Windows\WinSxS\Temp\russian handjob lingerie hot (!) swallow (Britney,Janette).rar.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.1_none_b6514808f7d87b1a\sperm masturbation feet ejaculation (Samantha).avi.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.746_none_a06b29f6c4bab99e\german bukkake licking upskirt .rar.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_adfc5e0bfca53431\cum beast masturbation (Karin).mpeg.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_de-de_881b257d159a5de8\japanese cum xxx several models glans .mpeg.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-a..gement-uevtemplates_31bf3856ad364e35_10.0.19041.1_none_0d66b54875835a49\french gay catfight feet shoes (Karin).zip.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.867_none_c29826784f9429f8\cumshot xxx masturbation leather .avi.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.1_none_a7ad1894592cfa12\malaysia xxx big .rar.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedrealitysvc_31bf3856ad364e35_10.0.19041.1_none_5a23b464e1e0b15e\canadian fucking [free] titts boots (Janette).avi.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-update-upshared_31bf3856ad364e35_10.0.19041.84_none_85259eff919b7c9e\lingerie [bangbus] feet lady .mpg.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_it-it_bdb6c49fcea35732\swedish cumshot lesbian licking ejaculation .mpg.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_10.0.19041.1_none_de1581e9a275faf8\malaysia beast [milf] feet blondie .zip.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_en-us_e5f85095c4bc5d16\porn blowjob hot (!) bedroom (Jenna,Janette).mpeg.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1_none_3cfd44d351b1a8ab\chinese xxx masturbation swallow .zip.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_07787dd7ae0cf4f6\cumshot horse public hole Ôï .mpeg.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.746_none_d404daff82e97769\black gang bang sperm catfight wifey (Britney,Samantha).mpg.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1288_none_56c05939711f0938\russian gang bang gay [free] traffic .avi.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_10.0.19041.746_none_292c449ed2edefa3\xxx full movie .avi.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_b597a55b603b537d\norwegian trambling sleeping hotel .mpeg.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\swedish kicking beast full movie hotel .mpeg.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\lingerie voyeur .rar.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_5d54c0aac5c3c12c\blowjob catfight sweet .zip.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_1bbb9ab9fc52bac9\porn xxx girls glans circumcision (Curtney).rar.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Windows\WinSxS\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_10.0.19041.1_none_0341fea186758116\asian hardcore licking bedroom .mpg.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.572_none_d9e58b774d1b6e80\gay big girly .avi.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Windows\SystemResources\Windows.ShellCommon.SharedResources\italian animal bukkake [bangbus] feet .mpeg.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.1_none_0bc0f3d4cd7dc8fd\canadian fucking girls sweet .mpeg.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_10.0.19041.746_none_e2c6a972a81b8d2c\gang bang bukkake hidden feet (Kathrin,Sarah).mpg.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Windows\PLA\Templates\russian beastiality bukkake girls titts .rar.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5021dd18efc0460c\asian xxx hidden hole bedroom .mpg.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_es-es_64c107d8bb3ade94\cum blowjob [free] (Liz).mpeg.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\lingerie girls YEâPSè& .mpeg.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_57eddd48e7a74274\american fetish xxx catfight 50+ .avi.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4260 wrote to memory of 3300 N/A C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe
PID 4260 wrote to memory of 3300 N/A C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe
PID 4260 wrote to memory of 3300 N/A C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe
PID 4260 wrote to memory of 1748 N/A C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe
PID 4260 wrote to memory of 1748 N/A C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe
PID 4260 wrote to memory of 1748 N/A C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe
PID 3300 wrote to memory of 2772 N/A C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe
PID 3300 wrote to memory of 2772 N/A C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe
PID 3300 wrote to memory of 2772 N/A C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe

Processes

C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe

"C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe"

C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe

"C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe"

C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe

"C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe"

C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe

"C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 240.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 68.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 98.56.20.217.in-addr.arpa udp
US 8.8.8.8:53 188.31.202.11.in-addr.arpa udp
US 8.8.8.8:53 97.47.18.107.in-addr.arpa udp
US 8.8.8.8:53 155.117.68.217.in-addr.arpa udp
US 8.8.8.8:53 45.55.165.180.in-addr.arpa udp
US 8.8.8.8:53 224.92.115.236.in-addr.arpa udp
US 8.8.8.8:53 5.84.215.174.in-addr.arpa udp
US 8.8.8.8:53 217.64.226.22.in-addr.arpa udp
US 8.8.8.8:53 216.12.205.224.in-addr.arpa udp
US 8.8.8.8:53 235.133.226.111.in-addr.arpa udp
US 8.8.8.8:53 193.144.4.36.in-addr.arpa udp
US 8.8.8.8:53 180.206.134.97.in-addr.arpa udp
US 8.8.8.8:53 128.68.19.230.in-addr.arpa udp
US 8.8.8.8:53 68.66.160.161.in-addr.arpa udp
US 8.8.8.8:53 60.107.7.132.in-addr.arpa udp
US 8.8.8.8:53 75.72.209.30.in-addr.arpa udp
US 8.8.8.8:53 173.96.6.161.in-addr.arpa udp
US 8.8.8.8:53 2.39.84.213.in-addr.arpa udp
US 8.8.8.8:53 249.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 166.66.143.149.in-addr.arpa udp
US 8.8.8.8:53 101.69.178.210.in-addr.arpa udp
US 8.8.8.8:53 61.78.230.191.in-addr.arpa udp
US 8.8.8.8:53 237.219.242.171.in-addr.arpa udp
US 8.8.8.8:53 3.59.148.207.in-addr.arpa udp
US 8.8.8.8:53 48.163.104.249.in-addr.arpa udp
US 8.8.8.8:53 130.189.45.215.in-addr.arpa udp
US 8.8.8.8:53 197.165.226.180.in-addr.arpa udp
US 8.8.8.8:53 224.21.225.208.in-addr.arpa udp
US 8.8.8.8:53 137.62.217.15.in-addr.arpa udp
US 8.8.8.8:53 211.200.17.110.in-addr.arpa udp
US 8.8.8.8:53 73.16.241.97.in-addr.arpa udp
US 8.8.8.8:53 176.226.51.1.in-addr.arpa udp
US 8.8.8.8:53 187.217.65.190.in-addr.arpa udp
US 8.8.8.8:53 77.95.179.186.in-addr.arpa udp
US 8.8.8.8:53 223.78.107.238.in-addr.arpa udp
US 8.8.8.8:53 234.44.205.40.in-addr.arpa udp
US 8.8.8.8:53 237.234.192.221.in-addr.arpa udp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 29.61.32.186.in-addr.arpa udp
US 8.8.8.8:53 57.20.128.108.in-addr.arpa udp
US 8.8.8.8:53 196.74.6.22.in-addr.arpa udp
US 8.8.8.8:53 238.92.104.51.in-addr.arpa udp
US 8.8.8.8:53 230.155.178.188.in-addr.arpa udp
US 8.8.8.8:53 10.195.219.201.in-addr.arpa udp
US 8.8.8.8:53 169.179.104.23.in-addr.arpa udp
US 8.8.8.8:53 73.136.35.84.in-addr.arpa udp
US 8.8.8.8:53 45.109.200.121.in-addr.arpa udp
US 8.8.8.8:53 12.21.144.148.in-addr.arpa udp
US 8.8.8.8:53 20.32.116.19.in-addr.arpa udp
US 8.8.8.8:53 135.28.173.99.in-addr.arpa udp
US 8.8.8.8:53 60.161.87.138.in-addr.arpa udp
US 8.8.8.8:53 69.172.137.7.in-addr.arpa udp
US 8.8.8.8:53 83.219.98.96.in-addr.arpa udp
US 8.8.8.8:53 255.32.194.38.in-addr.arpa udp
US 8.8.8.8:53 209.220.214.239.in-addr.arpa udp
US 8.8.8.8:53 140.202.153.118.in-addr.arpa udp
US 8.8.8.8:53 19.17.8.8.in-addr.arpa udp
US 8.8.8.8:53 182.188.11.252.in-addr.arpa udp
US 8.8.8.8:53 104.115.19.188.in-addr.arpa udp
US 8.8.8.8:53 150.44.54.68.in-addr.arpa udp
US 8.8.8.8:53 198.202.28.136.in-addr.arpa udp
US 8.8.8.8:53 105.104.249.216.in-addr.arpa udp
US 8.8.8.8:53 123.10.44.20.in-addr.arpa udp

Files

memory/4260-0-0x0000000000400000-0x000000000041E000-memory.dmp

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\hardcore lesbian (Jade).mpg.exe

MD5 a9b5aae0e05b4bf14045564fa7169cc4
SHA1 3fb2c15989a1a7dca89db3cf81c6a2df1e4c7d59
SHA256 8dcebe7c7d277bb4e1d21a99a740b230bc1382be230692d6a866f7fdb7fb602f
SHA512 cde422fdc0c080c0e00ddc7585f783c81ccb69a4bd21b9f5fbb3f2b077f93fda564c337453d972fb1341c45e6b893915f456a6b7e3605bea78a03c3abc2fa741

memory/4260-184-0x0000000000400000-0x000000000041E000-memory.dmp

memory/3300-185-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2772-187-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1748-186-0x0000000000400000-0x000000000041E000-memory.dmp

memory/4260-188-0x0000000000400000-0x000000000041E000-memory.dmp

memory/4260-189-0x0000000000400000-0x000000000041E000-memory.dmp

memory/4260-196-0x0000000000400000-0x000000000041E000-memory.dmp

memory/4260-206-0x0000000000400000-0x000000000041E000-memory.dmp

memory/4260-210-0x0000000000400000-0x000000000041E000-memory.dmp

memory/4260-215-0x0000000000400000-0x000000000041E000-memory.dmp

memory/4260-219-0x0000000000400000-0x000000000041E000-memory.dmp

memory/4260-223-0x0000000000400000-0x000000000041E000-memory.dmp

memory/4260-227-0x0000000000400000-0x000000000041E000-memory.dmp

memory/4260-231-0x0000000000400000-0x000000000041E000-memory.dmp

memory/4260-235-0x0000000000400000-0x000000000041E000-memory.dmp

memory/4260-239-0x0000000000400000-0x000000000041E000-memory.dmp

memory/4260-243-0x0000000000400000-0x000000000041E000-memory.dmp

memory/4260-247-0x0000000000400000-0x000000000041E000-memory.dmp