Malware Analysis Report

2024-11-15 06:06

Sample ID 240407-x468facb7s
Target 249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1
SHA256 249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1
Tags
persistence spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1

Threat Level: Known bad

The file 249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1 was found to be: Known bad.

Malicious Activity Summary

persistence spyware stealer

Detects executables containing possible sandbox analysis VM usernames

Detects executables containing possible sandbox analysis VM usernames

Checks computer location settings

Reads user/profile data of web browsers

Enumerates connected drives

Adds Run key to start application

Drops file in System32 directory

Drops file in Program Files directory

Drops file in Windows directory

Enumerates physical storage devices

Unsigned PE

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-07 19:25

Signatures

Detects executables containing possible sandbox analysis VM usernames

Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-07 19:25

Reported

2024-04-07 19:28

Platform

win7-20240221-en

Max time kernel

149s

Max time network

144s

Command Line

"C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe"

Signatures

Detects executables containing possible sandbox analysis VM usernames

Description Indicator Process Target
N/A N/A N/A N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\config\systemprofile\american lesbian lesbian latex .zip.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Windows\System32\DriverStore\Temp\nude blowjob voyeur redhair .avi.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\fetish hardcore [bangbus] .rar.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\cumshot hot (!) sweet .mpg.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\chinese kicking hot (!) (Anniston).rar.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Windows\SysWOW64\IME\shared\canadian cumshot xxx [milf] (Gina,Janette).mpg.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\lesbian nude public .zip.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Windows\SysWOW64\IME\shared\hardcore [milf] .avi.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Windows\System32\LogFiles\Fax\Incoming\british kicking girls ash high heels .zip.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\african gay action hot (!) glans hairy .zip.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\Microsoft Shared\chinese action cumshot lesbian fishy (Ashley).mpg.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Program Files\Windows Sidebar\Shared Gadgets\asian fucking xxx public balls .avi.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\brasilian porn [bangbus] glans .mpg.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\norwegian horse licking ¤ã .zip.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Program Files (x86)\Google\Temp\asian nude masturbation .mpg.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Program Files (x86)\Google\Update\Download\danish lingerie kicking uncut vagina .zip.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\porn public redhair .avi.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\cumshot full movie (Karin,Janette).zip.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Program Files\Windows Journal\Templates\fucking xxx girls .mpg.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\brasilian horse blowjob hidden glans 40+ .rar.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\chinese fetish action sleeping cock .mpeg.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Program Files\DVD Maker\Shared\blowjob handjob hidden ash swallow (Kathrin).mpg.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\tyrkish beastiality licking hole .mpg.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\swedish beast porn public (Kathrin,Sonja).mpg.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\horse [free] ash .rar.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\assembly\temp\italian porn cum catfight circumcision .avi.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b4aea777fe683838\bukkake porn hidden hotel .rar.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_79642285ffd2a388\trambling public gorgeoushorny .mpg.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Windows\winsxs\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_dba3691c6002e10e\gay porn [free] castration .avi.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_7f84cd98a7a56fd8\british gay [free] feet upskirt .mpg.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\Downloads\brasilian sperm lesbian penetration .mpg.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\Downloads\fetish xxx hot (!) cock mistress .mpg.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_6.1.7600.16385_none_a727eb798dcfb185\beast lesbian castration .mpeg.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Windows\Downloaded Program Files\chinese trambling [free] .mpg.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_6.1.7600.16385_none_af6f98ff87b0e3cc\gang bang public .zip.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_664dbffec8693dfe\tyrkish sperm masturbation 50+ .avi.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8bc7919d3f36cee7\italian blowjob licking feet ìï .mpg.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_f0ca3430257ea13f\cum [bangbus] penetration .zip.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_bcc167434bb9b3ea\beastiality licking .mpg.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_2e7f079c3208e549\african handjob horse sleeping circumcision (Christine).zip.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_6.1.7600.16385_none_5499606faffb3f9f\tyrkish bukkake licking black hairunshaved .mpeg.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ad7c61fb28607522\xxx uncut legs .mpg.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_f3c374fc18118ca2\tyrkish action beast public glans ash (Tatjana,Karin).avi.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_b7f38afb92de484f\blowjob [free] (Curtney).rar.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\chinese gang bang gay catfight stockings .rar.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\chinese blowjob girls hole boots (Sonja,Sylvia).mpeg.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_94828572f7ddbf0f\tyrkish beast beastiality [free] sm (Janette).zip.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_6f0f7833cb71e18d\danish cumshot porn public 40+ .rar.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Windows\winsxs\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_a945e2c500c90142\chinese handjob licking .mpg.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0993a1b8823a4e79\gay horse [milf] redhair .zip.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_aedaf3947d09fbe5\fetish sleeping vagina .mpg.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\japanese nude several models shower (Anniston,Tatjana).mpg.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_d81c96999f75bd77\trambling uncut glans bedroom .mpg.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8c6fc5a7aa8c435d\danish horse nude hot (!) mature (Jenna,Christine).avi.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\brasilian lingerie bukkake sleeping .rar.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05\indian handjob blowjob [bangbus] beautyfull .mpg.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\tyrkish hardcore public titts .zip.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\malaysia horse licking ash traffic (Liz,Tatjana).mpg.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\italian cum girls nipples gorgeoushorny .zip.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_1412267f4b3bb985\kicking big (Samantha,Sylvia).zip.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Windows\winsxs\Temp\cum beastiality sleeping black hairunshaved .mpeg.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Windows\SoftwareDistribution\Download\cum sleeping ash .zip.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_65b23d3c3a97bfaf\horse beastiality catfight .mpeg.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_6208b91f46896156\swedish trambling hot (!) bedroom .mpeg.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\russian beastiality hot (!) lady (Jenna,Anniston).zip.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_3c93ac15fd731acf\cumshot cum public (Jade,Curtney).mpeg.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_3d98a610fed70b75\sperm several models cock redhair .zip.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_6.1.7600.16385_none_2958d4a31d2ec64f\british cumshot [free] glans (Sylvia,Sarah).zip.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\blowjob lesbian [bangbus] .mpeg.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_39c9d74ef2ad6c7b\blowjob gay hidden .mpeg.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_6b16fa9f975e1109\xxx [bangbus] balls .mpg.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Windows\mssrv.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\blowjob horse uncut boobs bedroom .rar.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Windows\winsxs\x86_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_dd18b2a07d49aa11\xxx licking 50+ .zip.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Windows\assembly\tmp\french trambling uncut traffic (Sylvia,Christine).mpg.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Windows\PLA\Templates\nude uncut mistress .rar.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_6.1.7600.16385_none_6377027f0030a06a\tyrkish horse gang bang big circumcision .avi.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-m..-temptable-provider_31bf3856ad364e35_6.1.7600.16385_none_1dd3ce8d1e7524cd\blowjob handjob full movie pregnant .avi.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Windows\winsxs\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_5e4ff1f4cf2dee9b\swedish trambling action sleeping nipples (Liz,Liz).avi.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_f27c4f066f5c6701\german hardcore hot (!) (Sonja).rar.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_en-us_00f45b041e1e8fd3\beastiality horse catfight ash .rar.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Windows\winsxs\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_16a2bb1dbab1c595\horse uncut young .avi.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\horse full movie glans hotel .mpeg.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8bfc34b93f0fdd42\fetish licking vagina girly (Anniston).avi.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\xxx uncut .rar.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\handjob handjob hot (!) (Christine,Christine).mpeg.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5d9f7d70ed4643fd\sperm uncut hole .rar.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_de-de_5803850b2f40840e\german porn sperm full movie mistress .mpeg.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_6.1.7600.16385_none_49dd84a06c7c8863\african xxx lesbian ash .zip.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1460 wrote to memory of 2796 N/A C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe
PID 1460 wrote to memory of 2796 N/A C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe
PID 1460 wrote to memory of 2796 N/A C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe
PID 1460 wrote to memory of 2796 N/A C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe
PID 2796 wrote to memory of 1820 N/A C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe
PID 2796 wrote to memory of 1820 N/A C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe
PID 2796 wrote to memory of 1820 N/A C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe
PID 2796 wrote to memory of 1820 N/A C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe

Processes

C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe

"C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe"

C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe

"C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe"

C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe

"C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 38.58.58.202.in-addr.arpa udp
US 8.8.8.8:53 48.239.28.211.in-addr.arpa udp
US 8.8.8.8:53 160.222.113.53.in-addr.arpa udp
US 8.8.8.8:53 61.11.132.212.in-addr.arpa udp
US 8.8.8.8:53 253.4.209.80.in-addr.arpa udp
US 8.8.8.8:53 16.251.161.230.in-addr.arpa udp
US 8.8.8.8:53 230.102.46.199.in-addr.arpa udp
US 8.8.8.8:53 56.176.245.167.in-addr.arpa udp
US 8.8.8.8:53 149.151.208.188.in-addr.arpa udp
US 8.8.8.8:53 198.200.169.210.in-addr.arpa udp
US 8.8.8.8:53 233.94.165.16.in-addr.arpa udp
US 8.8.8.8:53 130.199.235.7.in-addr.arpa udp
US 8.8.8.8:53 86.15.119.13.in-addr.arpa udp
US 8.8.8.8:53 23.83.103.197.in-addr.arpa udp
US 8.8.8.8:53 38.46.13.109.in-addr.arpa udp
US 8.8.8.8:53 135.222.133.147.in-addr.arpa udp
US 8.8.8.8:53 207.95.58.50.in-addr.arpa udp
US 8.8.8.8:53 93.83.211.254.in-addr.arpa udp
US 8.8.8.8:53 115.112.190.17.in-addr.arpa udp
US 8.8.8.8:53 111.42.65.101.in-addr.arpa udp
US 8.8.8.8:53 59.130.199.104.in-addr.arpa udp
US 8.8.8.8:53 107.204.148.136.in-addr.arpa udp
US 8.8.8.8:53 191.121.9.60.in-addr.arpa udp
US 8.8.8.8:53 76.10.86.169.in-addr.arpa udp
US 8.8.8.8:53 8.16.196.146.in-addr.arpa udp
US 8.8.8.8:53 153.8.169.174.in-addr.arpa udp

Files

C:\Program Files\Windows Sidebar\Shared Gadgets\asian fucking xxx public balls .avi.exe

MD5 741d1d9099dc8c36202dd3b5e1308cbd
SHA1 05a9ffac1021738bfcc8f8c2bd09342153e71512
SHA256 6ed8a3827a67faa95c2fde09b845fa71f2a353c3ac1e2efdc7cabb0980d1ce12
SHA512 d1a686ea1f72bbcc4d331761be633233a7a1a942d4d596b9b7fa95e9d52e892b6804906d3a203a03d7a7913b0d05c546f835bad5e025a23a4250cc88e96505d6

C:\debug.txt

MD5 fc1b25acc90daa65f01e4e08a3e07b22
SHA1 07398d8339c9fa169ef3edbeb68d7d40fa88f791
SHA256 c2a29a6be316e922d24821946cb312f7e8c9f32993c4b8be3ef256f7880a6ab7
SHA512 4424fd956e969c485efba3175f38e8f4b1ac94c7a913bc302ba073e8de471c978f95c3c8e35c270de9f89a6c609565e45130574ad78f62ba2c2f85a38def5e0f

Analysis: behavioral2

Detonation Overview

Submitted

2024-04-07 19:25

Reported

2024-04-07 19:28

Platform

win10v2004-20240226-en

Max time kernel

150s

Max time network

156s

Command Line

"C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe"

Signatures

Detects executables containing possible sandbox analysis VM usernames

Description Indicator Process Target
N/A N/A N/A N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\danish kicking big feet (Melissa).avi.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\sperm public sm .mpeg.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\fetish catfight bondage .rar.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Windows\System32\LogFiles\Fax\Incoming\fetish cum licking .avi.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Windows\System32\DriverStore\Temp\chinese lesbian voyeur glans shower (Anniston).avi.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\lesbian girls shoes .zip.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Windows\SysWOW64\IME\SHARED\lingerie full movie hotel .mpeg.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\lingerie cum hot (!) feet latex (Gina).mpg.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\african blowjob [milf] black hairunshaved .mpeg.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Windows\SysWOW64\IME\SHARED\indian kicking trambling voyeur (Karin,Jade).rar.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\canadian porn sperm masturbation .rar.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\kicking handjob hidden .avi.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\animal gang bang [milf] black hairunshaved (Sonja,Curtney).rar.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\tyrkish fucking licking blondie (Jenna,Jenna).mpg.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\british cumshot [free] .mpg.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\american action sleeping wifey (Karin,Anniston).mpeg.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\american handjob animal lesbian glans femdom .rar.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Program Files\dotnet\shared\porn horse hot (!) girly .zip.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\beast horse public hotel (Samantha).rar.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Program Files\Microsoft Office\Updates\Download\russian bukkake [bangbus] .mpg.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\japanese sperm uncut cock YEâPSè& (Samantha,Sarah).mpeg.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Program Files\Common Files\microsoft shared\nude cum sleeping beautyfull .rar.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Program Files (x86)\Google\Update\Download\lesbian uncut boobs .avi.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Program Files (x86)\Google\Temp\spanish trambling lesbian .zip.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\african lingerie hot (!) sweet (Sarah,Melissa).mpeg.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\indian fucking masturbation ash shoes .avi.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Program Files\Windows Sidebar\Shared Gadgets\animal horse big sm .zip.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\malaysia cumshot masturbation ash .zip.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\fucking hardcore girls (Karin,Britney).mpg.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\black xxx horse hot (!) vagina shoes .mpg.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d38ece58f77171b4\african lingerie kicking uncut glans blondie .avi.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_cb389cf57d74d691\british action cumshot uncut redhair .avi.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.1_none_fa09f84703cb02c5\german horse uncut sweet .zip.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1_none_0b596e2a33be7d4c\norwegian cum blowjob voyeur .mpg.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Windows\InputMethod\SHARED\bukkake trambling hot (!) hole .avi.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_10.0.19041.1_none_de1581e9a275faf8\canadian nude beast hot (!) ash balls (Jenna,Tatjana).avi.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..se-shared-datafiles_31bf3856ad364e35_10.0.19041.1_none_2f5f00d280dce9f6\spanish cum xxx public castration .rar.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_bfae5918c0443f83\german sperm kicking several models .zip.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.1266_none_7916f7558927ae23\tyrkish cum gang bang [free] feet .zip.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.153_none_e23c926e32d07dc1\swedish lingerie xxx hot (!) black hairunshaved .zip.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_en-us_64f5aaf4bb13ecef\tyrkish cum gang bang voyeur boobs (Janette,Janette).avi.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_10.0.19041.746_none_e2c6a972a81b8d2c\black lesbian sleeping .mpeg.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\african lesbian cum full movie legs castration .mpeg.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_es-es_30d7585a049f5b52\horse big YEâPSè& .zip.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_855aff45853749ef\japanese fucking xxx [milf] .mpeg.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_9aa486d790131d4e\spanish nude beast licking high heels (Ashley,Christine).rar.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.1_none_6e0e425bd0e83959\french cumshot girls sm .zip.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedpc-sharedpccsp_31bf3856ad364e35_10.0.19041.1_none_24f622f1fc5a3f3c\bukkake blowjob catfight stockings .avi.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..ervices-tsfairshare_31bf3856ad364e35_10.0.19041.1_none_e32b64807ab11fd2\japanese gay beastiality big bedroom (Melissa).avi.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_adfc5e0bfca53431\italian blowjob sperm hidden feet .rar.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Windows\PLA\Templates\action lingerie public .mpg.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Windows\SoftwareDistribution\Download\SharedFileCache\french blowjob horse uncut (Sonja).avi.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_7860bee9439c3ae7\gay lesbian catfight YEâPSè& (Tatjana).mpg.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.1_none_0bc0f3d4cd7dc8fd\gang bang [free] .rar.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5fdc43acc1be690d\japanese fetish sperm catfight 40+ .mpeg.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_e79b400a6df5fd2c\lingerie blowjob full movie leather (Samantha,Sandy).rar.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_en-us_e5f85095c4bc5d16\danish hardcore beastiality full movie shower (Karin).avi.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Windows\assembly\tmp\black beastiality full movie vagina .mpg.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.1_none_c6da8048542fddc7\african horse full movie castration .zip.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedrealitysvc_31bf3856ad364e35_10.0.19041.1_none_5a23b464e1e0b15e\italian cumshot hidden stockings .avi.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.1_none_a7ad1894592cfa12\chinese nude handjob [milf] high heels (Christine).mpeg.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\templates\cumshot handjob girls ash .mpeg.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Windows\SystemResources\Windows.UI.ShellCommon\SharePickerUI\action horse big granny .rar.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-composable-sharepicker_31bf3856ad364e35_10.0.19041.1_none_c87e96327faffd0e\japanese xxx hidden bedroom (Ashley).avi.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_it-it_bdb6c49fcea35732\asian porn gay uncut 50+ .rar.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..mon-sharedresources_31bf3856ad364e35_10.0.19041.1_none_5417ea1f38dbb76b\beast hardcore voyeur .mpg.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedrealitysvc_31bf3856ad364e35_10.0.19041.746_none_822bf1ada1526fa8\russian horse cumshot masturbation traffic (Kathrin,Tatjana).rar.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\german fucking fucking full movie (Jade).mpg.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-a..gement-uevtemplates_31bf3856ad364e35_10.0.19041.1_none_0d66b54875835a49\indian trambling beast several models 50+ .zip.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_57eddd48e7a74274\japanese porn sperm masturbation feet (Britney,Britney).zip.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Windows\security\templates\black kicking animal masturbation hole YEâPSè& .zip.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_215194e2327a46ac\tyrkish trambling beastiality licking high heels .mpg.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_f07d4fae3e8e883f\bukkake uncut (Gina,Kathrin).avi.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1151_none_fbdc4c5f677dc2ec\american lingerie fetish hot (!) nipples .avi.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Windows\mssrv.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_211cf1c632a13851\russian beast beast big feet high heels .mpeg.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_it-it_72a319bf8ee74a9b\black fetish licking redhair (Tatjana).rar.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_10.0.19041.1_none_096bb4dc0d5d63a0\italian fucking sleeping femdom .avi.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\danish hardcore beastiality hot (!) ash (Liz).avi.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_it-it_4c5922428a6f2d08\lingerie hot (!) bondage (Samantha).mpg.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_10.0.19041.1_none_a3d9a07cf2290837\british bukkake [free] cock mistress .mpeg.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Windows\CbsTemp\norwegian nude catfight femdom .avi.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Windows\SystemResources\Windows.ShellCommon.SharedResources\german nude full movie nipples black hairunshaved .mpeg.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.928_none_33e0d5558cdd7c61\animal fucking [free] legs upskirt .mpeg.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.789_en-us_58ebf9ecc407e3c0\xxx fetish uncut YEâPSè& .avi.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.906_none_ef0e010d1381269b\trambling sperm public .mpg.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Windows\assembly\temp\animal [free] .mpeg.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_833abdc06c68d338\norwegian gay kicking [free] lady .mpeg.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.1_none_a80cea873b2a6772\indian cum fucking licking .mpeg.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..s-ime-eashared-ihds_31bf3856ad364e35_10.0.19041.1_none_e8996b7d3512363f\spanish animal full movie (Karin).mpg.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.867_en-us_49453482f1fb5356\hardcore fetish public traffic .mpeg.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_89c0bf1761110f07\black fetish fetish lesbian .zip.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1288_none_56c05939711f0938\fucking bukkake [free] young .zip.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1692 wrote to memory of 1760 N/A C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe
PID 1692 wrote to memory of 1760 N/A C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe
PID 1692 wrote to memory of 1760 N/A C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe
PID 1692 wrote to memory of 2312 N/A C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe
PID 1692 wrote to memory of 2312 N/A C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe
PID 1692 wrote to memory of 2312 N/A C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe
PID 1760 wrote to memory of 4172 N/A C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe
PID 1760 wrote to memory of 4172 N/A C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe
PID 1760 wrote to memory of 4172 N/A C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe

Processes

C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe

"C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe"

C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe

"C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe"

C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe

"C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe"

C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe

"C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe"

Network

Country Destination Domain Proto
GB 23.44.234.16:80 tcp
US 8.8.8.8:53 79.121.231.20.in-addr.arpa udp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 249.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 0.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 159.113.53.23.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 121.118.77.104.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 11.173.189.20.in-addr.arpa udp

Files

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\indian fucking masturbation ash shoes .avi.exe

MD5 a6eb3622a0a7ae3f281958920c768710
SHA1 b78e6980d843f7a2f4e506fbebfb4f1a725858ed
SHA256 82c28577ae11fa76775d787ae6832a88102d18198dce7308bb19967274a393fe
SHA512 d8f68b740b27994208da51ffb6d6271a20c18506434ea98f26bf490de4f5a4724e2f0d5d69e3614e802fe771dae24f175baa5d1278f92ab2d457ce1ee4d38322