Malware Analysis Report

2024-11-13 13:58

Sample ID 240407-ypm2padd59
Target 33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4
SHA256 33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4
Tags
upx persistence spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4

Threat Level: Known bad

The file 33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4 was found to be: Known bad.

Malicious Activity Summary

upx persistence spyware stealer

UPX dump on OEP (original entry point)

UPX dump on OEP (original entry point)

Checks computer location settings

UPX packed file

Reads user/profile data of web browsers

Adds Run key to start application

Enumerates connected drives

Drops file in System32 directory

Drops file in Program Files directory

Drops file in Windows directory

Enumerates physical storage devices

Unsigned PE

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-07 19:57

Signatures

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-07 19:57

Reported

2024-04-07 20:00

Platform

win7-20240221-en

Max time kernel

150s

Max time network

158s

Command Line

"C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe"

Signatures

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\IME\shared\lingerie lesbian (Liz).avi.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\japanese cum lingerie voyeur YEâPSè& .mpg.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\american action horse public hole .zip.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\american cumshot beast hidden mistress (Jenna,Liz).rar.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\french trambling [milf] feet ejaculation .mpeg.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\horse lesbian bedroom .mpg.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Windows\System32\DriverStore\Temp\indian beastiality blowjob masturbation Ôë (Gina,Melissa).mpeg.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Windows\System32\LogFiles\Fax\Incoming\lingerie public (Janette).mpg.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Windows\SysWOW64\IME\shared\american action bukkake hot (!) fishy (Ashley,Jade).avi.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\fucking masturbation titts penetration .mpg.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\Microsoft Shared\danish handjob xxx full movie cock mistress .mpeg.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Program Files (x86)\Google\Temp\fucking sleeping .avi.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\bukkake hot (!) titts (Anniston,Curtney).mpg.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Program Files\DVD Maker\Shared\brasilian cum gay [milf] titts .zip.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Program Files\Windows Sidebar\Shared Gadgets\fucking [bangbus] hole .avi.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Program Files (x86)\Google\Update\Download\tyrkish action lingerie [milf] granny .zip.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\trambling masturbation high heels .rar.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\american action hardcore licking mistress .mpeg.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\lesbian catfight leather .mpg.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\japanese cumshot fucking sleeping black hairunshaved .zip.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\japanese porn hardcore hidden .mpg.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Program Files\Windows Journal\Templates\blowjob full movie cock (Sonja,Liz).mpg.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\japanese animal hardcore licking mistress .mpg.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\gay masturbation glans sm .avi.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\russian gang bang lingerie big balls (Sonja,Samantha).rar.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_6.1.7600.16385_none_af6f98ff87b0e3cc\lesbian voyeur redhair .mpeg.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ac16749b75335680\danish nude trambling hidden .avi.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_6.1.7600.16385_none_2958d4a31d2ec64f\american cumshot beast big .zip.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Windows\winsxs\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_39374e2435a71b47\blowjob masturbation titts mature .zip.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Windows\winsxs\x86_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_dd18b2a07d49aa11\handjob bukkake full movie glans .zip.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\swedish animal lesbian big feet sm .mpeg.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_f27c4f066f5c6701\xxx lesbian penetration .mpg.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_293ea1e3e6bc5364\gay several models (Sylvia).avi.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5d9f7d70ed4643fd\cumshot beast lesbian (Tatjana).mpeg.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8bc7919d3f36cee7\chinese sperm girls ash .mpeg.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Windows\winsxs\amd64_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_c26c5b8280c6af34\american beastiality beast public bondage .mpeg.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\japanese cum bukkake [bangbus] (Sarah).zip.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\danish fetish blowjob hot (!) sweet .rar.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_bcc167434bb9b3ea\african sperm catfight bondage .rar.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_94828572f7ddbf0f\italian kicking hardcore lesbian .avi.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8d9f242de8497d58\action blowjob several models titts .rar.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_657d9a203abeb154\horse girls (Curtney).mpeg.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ea4a469ab7713182\asian sperm sleeping .zip.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a3772de7111797da\malaysia beast licking .zip.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_cd2006602e5ee22e\chinese blowjob uncut hotel (Sonja,Janette).mpg.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5d6ada54ed6d35a2\cumshot fucking sleeping castration .zip.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_9498b282333b64ec\american porn hardcore uncut sweet .mpeg.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Windows\winsxs\InstallTemp\bukkake [milf] circumcision (Ashley,Liz).avi.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_79642285ffd2a388\african hardcore big swallow (Christine,Curtney).mpg.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\indian animal hardcore sleeping YEâPSè& (Sonja,Liz).avi.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_6.1.7600.16385_none_49dd84a06c7c8863\gang bang gay masturbation feet .rar.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_aedaf3947d09fbe5\norwegian beast hidden black hairunshaved .mpeg.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_515dc677700303ec\handjob gay several models feet traffic (Sarah).avi.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_34400a5790d1d336\tyrkish nude xxx uncut .zip.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_39c9d74ef2ad6c7b\hardcore hot (!) glans femdom .avi.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_f0ca3430257ea13f\swedish cumshot bukkake lesbian feet pregnant (Tatjana).zip.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_387a16fe7addf3b6\british fucking catfight glans .zip.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Windows\mssrv.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0835101f2d90c7b6\canadian fucking hidden redhair .zip.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_94ab98ac6d213009\tyrkish fetish lingerie [bangbus] (Jade).avi.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e30b5ec05031d17d\fucking masturbation redhair .mpg.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_ddab3bcb3a4ffb45\brasilian action gay hidden .mpeg.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Windows\winsxs\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_5e4ff1f4cf2dee9b\american handjob gay sleeping hole .avi.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\indian cumshot hardcore hot (!) titts .mpg.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05\brasilian cum lesbian public (Melissa).mpeg.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_d81c96999f75bd77\chinese gay catfight mistress (Sonja,Jade).mpg.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_de-de_5803850b2f40840e\gang bang fucking big feet traffic .zip.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-m..-temptable-provider_31bf3856ad364e35_6.1.7600.16385_none_1dd3ce8d1e7524cd\danish cum beast [bangbus] girly (Britney,Sylvia).zip.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0ac4ebfc358e5ec0\japanese animal blowjob [free] glans boots .zip.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_60c2504d62fd4f0e\malaysia trambling lesbian titts .mpg.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_f3c374fc18118ca2\fucking voyeur glans pregnant .mpg.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_664dbffec8693dfe\russian porn bukkake public cock ash (Sarah).mpg.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\indian nude lesbian masturbation upskirt .mpeg.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_97a45841ff925aa0\nude horse lesbian bondage .rar.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_095efe9c8261401e\animal horse [bangbus] beautyfull .mpeg.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\italian horse xxx catfight feet swallow (Karin).zip.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\horse [free] blondie (Kathrin,Curtney).mpg.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_4fe2107fd06efdd8\chinese bukkake catfight black hairunshaved .mpg.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_6.1.7600.16385_none_5499606faffb3f9f\animal trambling uncut black hairunshaved .rar.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_6b16fa9f975e1109\norwegian fucking hot (!) ìï .zip.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\Downloads\sperm [milf] cock pregnant (Janette).avi.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Windows\winsxs\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_16a2bb1dbab1c595\animal lingerie masturbation titts blondie (Curtney).mpg.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_965db382b6fef5cb\black porn gay catfight femdom (Ashley,Curtney).avi.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0af98f1835676d1b\spanish hardcore several models YEâPSè& .mpeg.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_05ea1d9b8e2bf020\gang bang fucking licking .zip.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_4d274741486b900c\horse lingerie full movie pregnant .mpeg.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\russian fetish hardcore hidden hairy .rar.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f25d066604c2ad34\sperm voyeur ash .avi.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_00225053e03f4c04\russian animal hardcore lesbian (Sylvia).rar.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2816 wrote to memory of 2676 N/A C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe
PID 2816 wrote to memory of 2676 N/A C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe
PID 2816 wrote to memory of 2676 N/A C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe
PID 2816 wrote to memory of 2676 N/A C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe
PID 2816 wrote to memory of 2512 N/A C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe
PID 2816 wrote to memory of 2512 N/A C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe
PID 2816 wrote to memory of 2512 N/A C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe
PID 2816 wrote to memory of 2512 N/A C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe
PID 2676 wrote to memory of 2488 N/A C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe
PID 2676 wrote to memory of 2488 N/A C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe
PID 2676 wrote to memory of 2488 N/A C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe
PID 2676 wrote to memory of 2488 N/A C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe

Processes

C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe

"C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe"

C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe

"C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe"

C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe

"C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe"

C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe

"C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 252.242.141.188.in-addr.arpa udp
US 8.8.8.8:53 153.93.157.195.in-addr.arpa udp
US 8.8.8.8:53 172.74.255.87.in-addr.arpa udp
US 8.8.8.8:53 45.240.12.43.in-addr.arpa udp
US 8.8.8.8:53 104.239.30.35.in-addr.arpa udp
US 8.8.8.8:53 88.213.27.195.in-addr.arpa udp
US 8.8.8.8:53 54.40.104.35.in-addr.arpa udp
US 8.8.8.8:53 209.9.205.101.in-addr.arpa udp
US 8.8.8.8:53 161.196.111.95.in-addr.arpa udp
US 8.8.8.8:53 21.86.241.1.in-addr.arpa udp
US 8.8.8.8:53 226.183.248.167.in-addr.arpa udp
US 8.8.8.8:53 114.50.41.3.in-addr.arpa udp
US 8.8.8.8:53 40.169.193.144.in-addr.arpa udp
US 8.8.8.8:53 41.34.220.84.in-addr.arpa udp
US 8.8.8.8:53 174.174.130.165.in-addr.arpa udp
US 8.8.8.8:53 6.156.206.252.in-addr.arpa udp
US 8.8.8.8:53 111.45.191.37.in-addr.arpa udp
US 8.8.8.8:53 174.207.159.172.in-addr.arpa udp
US 8.8.8.8:53 36.242.149.7.in-addr.arpa udp
US 8.8.8.8:53 94.115.202.148.in-addr.arpa udp
US 8.8.8.8:53 98.177.210.101.in-addr.arpa udp
US 8.8.8.8:53 18.13.129.162.in-addr.arpa udp

Files

memory/2816-0-0x0000000000400000-0x000000000041E000-memory.dmp

C:\Program Files\Windows Sidebar\Shared Gadgets\fucking [bangbus] hole .avi.exe

MD5 e365511adbd4b7eed7ee96e00546a5da
SHA1 e8e247a8eef17b666373b5b27292f0a5e07dac89
SHA256 377d60a44df50106c11148ed62cf592d44f8026ad6096401a852f2f7dfc1a541
SHA512 d4f7c27fc55f94a9e215af22cbfd8c207c37b963b2ea9bdf24d20ba660ee8c0459d61e86b62f331245414712ba0bbfc8c7fb9b3a4bc31139a613a6120944322b

memory/2816-16-0x0000000004DC0000-0x0000000004DDE000-memory.dmp

memory/2676-17-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2816-60-0x0000000005700000-0x000000000571E000-memory.dmp

memory/2676-61-0x0000000004460000-0x000000000447E000-memory.dmp

memory/2512-62-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2488-63-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2816-96-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2816-99-0x0000000004DC0000-0x0000000004DDE000-memory.dmp

memory/2676-100-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2816-101-0x0000000005700000-0x000000000571E000-memory.dmp

memory/2676-102-0x0000000004460000-0x000000000447E000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-04-07 19:57

Reported

2024-04-07 20:00

Platform

win10v2004-20240226-en

Max time kernel

148s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe"

Signatures

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\config\systemprofile\beast hardcore catfight .avi.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\cumshot [free] ash .mpg.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Windows\System32\LogFiles\Fax\Incoming\lesbian lesbian [milf] hairy (Sarah,Sandy).mpg.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Windows\SysWOW64\IME\SHARED\beast handjob voyeur (Ashley).rar.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Windows\System32\DriverStore\Temp\fucking big mistress (Ashley,Samantha).mpeg.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Windows\SysWOW64\IME\SHARED\fetish licking vagina traffic (Jenna,Melissa).rar.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\trambling cumshot sleeping .zip.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\tyrkish porn fetish catfight sm .zip.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\black xxx masturbation sm (Tatjana,Gina).mpg.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\cumshot beast hot (!) glans Ôï .rar.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\horse full movie .mpeg.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\african fucking several models titts .mpeg.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Windows Sidebar\Shared Gadgets\beastiality lesbian nipples granny .avi.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\german xxx beastiality [milf] boots .avi.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\horse public fishy (Sarah,Christine).avi.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Program Files\dotnet\shared\norwegian fetish lesbian .mpg.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\brasilian sperm gay girls .zip.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\black action cumshot full movie legs fishy .mpg.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Program Files\Microsoft Office\Updates\Download\xxx cumshot several models beautyfull .rar.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\tyrkish xxx public wifey .avi.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\brasilian lesbian fucking masturbation .mpg.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\french xxx catfight glans .rar.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Program Files (x86)\Google\Temp\fucking xxx big sweet .mpeg.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Program Files (x86)\Google\Update\Download\brasilian blowjob cumshot licking upskirt .mpg.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\british fucking big swallow .rar.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\asian nude full movie mature .zip.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Program Files\Common Files\microsoft shared\lesbian lesbian licking (Kathrin).mpeg.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\norwegian beast blowjob hot (!) (Ashley).avi.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\italian lingerie hardcore uncut black hairunshaved .avi.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\gang bang horse [free] titts ash .mpg.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Downloaded Program Files\norwegian animal gay sleeping penetration .zip.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\beast porn several models glans stockings .avi.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_es-es_bf79b5fcc06b3128\xxx animal lesbian wifey .zip.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..acejoin-gptemplates_31bf3856ad364e35_10.0.19041.1_none_609f27436445f4da\canadian sperm hot (!) ejaculation (Sarah,Anniston).mpeg.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_de-de_e4e52f411b7b0526\american horse masturbation hole black hairunshaved (Anniston).avi.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Windows\WinSxS\amd64_netfx4-_dataperfcou.._shared12_neutral_h_b03f5f7f11d50a3a_4.0.15805.0_none_24ed4511dcc3019e\canadian trambling [milf] (Britney).zip.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_it-it_56adcc94becfef03\british blowjob kicking masturbation traffic (Janette,Melissa).mpeg.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Windows\WinSxS\x86_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_10.0.19041.1_none_34e3bab50607a64b\swedish porn horse [bangbus] blondie .mpeg.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\cum xxx public sm .mpg.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_it-it_bdb6c49fcea35732\african kicking uncut titts (Sandy).avi.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1_none_0b596e2a33be7d4c\brasilian gang bang [free] ejaculation .zip.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-security-ntlmshared_31bf3856ad364e35_10.0.19041.1_none_734900fc110387b6\french kicking [milf] .rar.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_215194e2327a46ac\french beastiality beast catfight ejaculation .mpeg.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_ee7ea14f7d8a3ee3\chinese xxx lesbian boobs young (Jenna,Kathrin).mpg.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_10.0.19041.1_none_a3d9a07cf2290837\indian hardcore masturbation .zip.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.1_none_4a03fd12cb3f16c2\gang bang hidden circumcision .mpg.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\hardcore masturbation mistress (Karin,Janette).mpeg.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_211cf1c632a13851\porn [free] hairy .mpg.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..se-shared-datafiles_31bf3856ad364e35_10.0.19041.1_none_2f5f00d280dce9f6\asian lesbian animal [bangbus] high heels .mpeg.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_fe0807c37141be7a\xxx voyeur .mpeg.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\danish xxx cum catfight cock upskirt .rar.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.1_none_abfc9db6c377b91f\indian kicking kicking girls (Janette,Liz).zip.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_en-us_64f5aaf4bb13ecef\african cum hardcore several models (Curtney,Sonja).rar.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedrealitysvc_31bf3856ad364e35_10.0.19041.1_none_5a23b464e1e0b15e\brasilian handjob uncut circumcision (Anniston).rar.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_2426cc56d654beaa\beast uncut ash .avi.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1288_none_6115038ba57fcb33\action lesbian (Gina,Sonja).avi.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_ab42fb092bda9182\danish porn [bangbus] .zip.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_1bbb9ab9fc52bac9\canadian beast fetish lesbian boobs (Sonja).mpeg.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.1266_none_7916f7558927ae23\japanese fetish licking young .mpeg.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Windows\WinSxS\x86_netfx4-installsqlstatetemplate_sql_b03f5f7f11d50a3a_4.0.15805.0_none_bde408a455fc3ece\fetish horse [free] traffic .zip.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.1_none_0bc0f3d4cd7dc8fd\beast uncut leather .mpg.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-update-upshared_31bf3856ad364e35_10.0.19041.84_none_85259eff919b7c9e\brasilian kicking girls (Sylvia,Sonja).mpg.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_19d22204a1f3fcaf\nude horse lesbian .mpg.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..ervices-tsfairshare_31bf3856ad364e35_10.0.19041.1_none_e32b64807ab11fd2\bukkake lesbian [free] hairy (Anniston,Britney).rar.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1_none_3cfd44d351b1a8ab\black bukkake catfight .zip.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..ces-ime-eashared-lm_31bf3856ad364e35_10.0.19041.1_none_4756d423b091d10b\asian horse licking (Gina).rar.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_10.0.19041.1_none_bd731e5b85dd203e\kicking big (Sarah).mpeg.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_10.0.19041.1_none_ae957c4c35a7bf73\german blowjob nude full movie black hairunshaved .avi.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Windows\WinSxS\amd64_netfx-shared_registry_whidbey_31bf3856ad364e35_10.0.19041.1_none_1c68775f06732f08\norwegian fucking kicking [bangbus] (Sonja).zip.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_56cd15352969a8d0\indian blowjob hidden glans pregnant .rar.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_es-es_30d7585a049f5b52\horse action masturbation wifey .mpeg.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.964_none_1c1a193f5bfcf136\brasilian fucking nude uncut .zip.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-m..ineshared.resources_31bf3856ad364e35_10.0.19041.1_en-us_99ddc8ce8d3d6dac\japanese sperm [free] .mpg.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Windows\WinSxS\x86_microsoft-windows-m..-temptable-provider_31bf3856ad364e35_10.0.19041.1_none_77cfea69a421a4a1\action xxx big .mpg.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_b1ffa0e7b4ed03e2\nude big .avi.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_es-es_64c107d8bb3ade94\spanish animal masturbation feet circumcision (Britney).avi.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Windows\SoftwareDistribution\Download\SharedFileCache\brasilian handjob sleeping high heels .avi.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_it-it_f1a0741e853eda74\kicking xxx masturbation cock upskirt .mpeg.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_6c6bd34f082a97f1\lingerie hardcore several models redhair (Sandy).rar.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Windows\WinSxS\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_10.0.19041.1_none_0341fea186758116\spanish trambling masturbation cock .mpg.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_ca03036af4a5017e\black cum sleeping feet (Sonja).zip.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-security-ntlmshared_31bf3856ad364e35_10.0.19041.1_none_7d9dab4e456449b1\malaysia trambling animal [bangbus] ejaculation .mpeg.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\Downloads\norwegian gang bang lingerie big ash .zip.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-a..gement-uevtemplates_31bf3856ad364e35_10.0.19041.1_none_0d66b54875835a49\porn catfight .zip.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.867_none_c29826784f9429f8\american blowjob lesbian penetration .mpg.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-u..ell-sharedutilities_31bf3856ad364e35_10.0.19041.1_none_813610a8a9b59e0a\sperm fetish girls hotel .avi.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Windows\WinSxS\amd64_netfx4-installsqlstatetemplate_sql_b03f5f7f11d50a3a_4.0.15805.0_none_7636d1cd418015c8\action nude lesbian hole .mpg.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Windows\WinSxS\amd64_netfx4-_dataoraclec.._shared12_neutral_h_b03f5f7f11d50a3a_4.0.15805.0_none_3b8d4dacc2ea6b71\gang bang animal licking stockings (Samantha,Sonja).mpeg.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_b597a55b603b537d\spanish sperm gang bang public .mpeg.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\cum [free] (Janette).rar.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_62312bfbb33d478a\hardcore hardcore hidden ejaculation (Sonja,Sonja).zip.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.153_none_e23c926e32d07dc1\spanish porn gay uncut sm (Ashley).mpeg.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedrealitysvc_31bf3856ad364e35_10.0.19041.746_none_822bf1ada1526fa8\chinese hardcore cum hidden blondie (Sarah).mpeg.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_8d8f6812a0c99533\swedish action beast [bangbus] mistress .avi.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3480 wrote to memory of 4376 N/A C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe
PID 3480 wrote to memory of 4376 N/A C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe
PID 3480 wrote to memory of 4376 N/A C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe
PID 3480 wrote to memory of 2984 N/A C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe
PID 3480 wrote to memory of 2984 N/A C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe
PID 3480 wrote to memory of 2984 N/A C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe
PID 4376 wrote to memory of 3156 N/A C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe
PID 4376 wrote to memory of 3156 N/A C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe
PID 4376 wrote to memory of 3156 N/A C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe

Processes

C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe

"C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe"

C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe

"C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe"

C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe

"C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe"

C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe

"C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 240.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 130.118.77.104.in-addr.arpa udp
US 8.8.8.8:53 78.45.87.18.in-addr.arpa udp
US 8.8.8.8:53 145.42.139.90.in-addr.arpa udp
US 8.8.8.8:53 235.183.150.191.in-addr.arpa udp
US 8.8.8.8:53 150.219.31.83.in-addr.arpa udp
US 8.8.8.8:53 130.151.23.246.in-addr.arpa udp
US 8.8.8.8:53 166.37.22.220.in-addr.arpa udp
US 8.8.8.8:53 158.239.163.58.in-addr.arpa udp
US 8.8.8.8:53 53.151.240.192.in-addr.arpa udp
US 8.8.8.8:53 57.32.7.241.in-addr.arpa udp
US 8.8.8.8:53 42.57.7.98.in-addr.arpa udp
US 8.8.8.8:53 249.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 72.150.216.236.in-addr.arpa udp
US 8.8.8.8:53 36.184.187.213.in-addr.arpa udp
US 8.8.8.8:53 99.235.195.250.in-addr.arpa udp
US 8.8.8.8:53 186.200.34.156.in-addr.arpa udp
US 8.8.8.8:53 112.231.174.88.in-addr.arpa udp
US 8.8.8.8:53 184.8.25.157.in-addr.arpa udp
US 8.8.8.8:53 21.84.5.243.in-addr.arpa udp
US 8.8.8.8:53 50.206.36.148.in-addr.arpa udp
US 8.8.8.8:53 246.4.57.53.in-addr.arpa udp
US 8.8.8.8:53 120.134.38.91.in-addr.arpa udp
US 8.8.8.8:53 125.42.189.64.in-addr.arpa udp
US 8.8.8.8:53 211.93.232.8.in-addr.arpa udp
US 8.8.8.8:53 105.126.123.59.in-addr.arpa udp
US 8.8.8.8:53 45.25.35.55.in-addr.arpa udp
US 8.8.8.8:53 48.69.210.75.in-addr.arpa udp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 212.24.247.30.in-addr.arpa udp
US 8.8.8.8:53 47.127.173.127.in-addr.arpa udp
US 8.8.8.8:53 21.249.12.186.in-addr.arpa udp
US 8.8.8.8:53 248.100.152.154.in-addr.arpa udp
US 8.8.8.8:53 102.190.189.173.in-addr.arpa udp
US 8.8.8.8:53 243.21.22.223.in-addr.arpa udp
US 8.8.8.8:53 102.195.185.206.in-addr.arpa udp
US 8.8.8.8:53 1.240.195.27.in-addr.arpa udp
US 8.8.8.8:53 121.175.79.38.in-addr.arpa udp
US 8.8.8.8:53 62.89.84.45.in-addr.arpa udp
US 8.8.8.8:53 10.102.249.72.in-addr.arpa udp
US 8.8.8.8:53 69.89.94.137.in-addr.arpa udp
US 8.8.8.8:53 193.66.149.102.in-addr.arpa udp
US 8.8.8.8:53 84.153.56.57.in-addr.arpa udp
US 8.8.8.8:53 106.64.57.129.in-addr.arpa udp
US 8.8.8.8:53 120.42.135.74.in-addr.arpa udp
US 8.8.8.8:53 92.92.84.211.in-addr.arpa udp
US 8.8.8.8:53 182.124.171.37.in-addr.arpa udp
US 8.8.8.8:53 249.206.98.20.in-addr.arpa udp
US 8.8.8.8:53 155.79.63.141.in-addr.arpa udp
US 8.8.8.8:53 115.159.5.47.in-addr.arpa udp
US 8.8.8.8:53 231.243.70.148.in-addr.arpa udp
US 8.8.8.8:53 77.225.181.55.in-addr.arpa udp
US 8.8.8.8:53 219.56.183.1.in-addr.arpa udp
US 8.8.8.8:53 133.96.241.125.in-addr.arpa udp
US 8.8.8.8:53 79.143.255.150.in-addr.arpa udp
US 8.8.8.8:53 166.255.224.133.in-addr.arpa udp
US 8.8.8.8:53 59.116.91.146.in-addr.arpa udp
US 8.8.8.8:53 78.46.162.28.in-addr.arpa udp
US 8.8.8.8:53 234.173.42.148.in-addr.arpa udp
US 8.8.8.8:53 161.213.173.56.in-addr.arpa udp
US 8.8.8.8:53 163.109.82.98.in-addr.arpa udp
US 8.8.8.8:53 84.113.246.240.in-addr.arpa udp
US 8.8.8.8:53 73.171.56.227.in-addr.arpa udp
US 8.8.8.8:53 139.186.133.212.in-addr.arpa udp
US 8.8.8.8:53 9.20.246.67.in-addr.arpa udp
US 8.8.8.8:53 13.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 150.239.183.245.in-addr.arpa udp
US 8.8.8.8:53 59.175.8.227.in-addr.arpa udp

Files

memory/3480-0-0x0000000000400000-0x000000000041E000-memory.dmp

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\brasilian lesbian fucking masturbation .mpg.exe

MD5 a8ab3a9270f56c5d28502be8b3c31332
SHA1 97fcfa3d209a93a4e9091522c4b7ebfcc29c77d7
SHA256 6bfc2428501711875acbd887b986d3ce22d9c6eaf89228f947408b26a4920f23
SHA512 42255e76a39e42e5c9c54e9cf7031f8cbba543eb44a4728ddd0430ae7bc3d45bcbc589227eddde06d3dc36f5d8d788d2bcc02099d7f600a4e0a7f4625ac7e5c1

memory/4376-57-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2984-157-0x0000000000400000-0x000000000041E000-memory.dmp

memory/3156-158-0x0000000000400000-0x000000000041E000-memory.dmp

memory/3480-188-0x0000000000400000-0x000000000041E000-memory.dmp

memory/4376-193-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2984-194-0x0000000000400000-0x000000000041E000-memory.dmp

memory/3156-195-0x0000000000400000-0x000000000041E000-memory.dmp

C:\debug.txt

MD5 6ae2bef8f6aa6ba58dc44aaa60df5a0f
SHA1 2719a5ac786fa0e27580ce7e192cdfc9ed10102a
SHA256 9a4127086ea21f9498466058686dd8795fcc647f6af330dae28d892467e69158
SHA512 5521c5baffe2887fe65b18974f2e22673be4452e3e9f00a295a967ff208cb785ef99a7ebf87ac4475ddfa002fa75db5e2090b973f43c528e61644f6a20c6dcf1