Malware Analysis Report

2024-11-30 04:13

Sample ID 240408-bdm6zsbh81
Target bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91
SHA256 bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91
Tags
upx persistence spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91

Threat Level: Known bad

The file bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91 was found to be: Known bad.

Malicious Activity Summary

upx persistence spyware stealer

UPX dump on OEP (original entry point)

UPX dump on OEP (original entry point)

Reads user/profile data of web browsers

UPX packed file

Checks computer location settings

Enumerates connected drives

Adds Run key to start application

Drops file in System32 directory

Drops file in Windows directory

Drops file in Program Files directory

Unsigned PE

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-08 01:01

Signatures

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-08 01:01

Reported

2024-04-08 01:04

Platform

win7-20240221-en

Max time kernel

150s

Max time network

154s

Command Line

"C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe"

Signatures

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\DriverStore\Temp\indian gang bang hardcore masturbation feet hotel (Jade).avi.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\canadian fucking public cock .mpg.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Windows\System32\LogFiles\Fax\Incoming\indian handjob beast licking hairy .zip.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\xxx public mistress .mpg.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\fucking [free] mature .mpeg.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\japanese nude sperm voyeur feet .zip.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Windows\SysWOW64\IME\shared\tyrkish beastiality lingerie catfight 50+ .mpg.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\gay catfight .mpg.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\danish animal sperm catfight ash .avi.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Windows\SysWOW64\IME\shared\horse full movie (Melissa).zip.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Google\Temp\american action beast [free] girly .mpg.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\indian nude horse masturbation (Sarah).zip.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\lingerie several models feet ejaculation (Melissa).zip.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\blowjob catfight (Liz).avi.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\japanese gang bang beast several models hole castration (Jade).rar.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\sperm full movie (Sylvia).rar.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Program Files\Windows Journal\Templates\danish nude xxx catfight (Janette).rar.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Program Files\Windows Sidebar\Shared Gadgets\danish kicking fucking several models titts swallow (Karin).mpeg.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\bukkake [bangbus] titts gorgeoushorny .mpg.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Program Files\DVD Maker\Shared\bukkake girls granny .zip.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\tyrkish porn bukkake licking sm .rar.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\brasilian fetish trambling big feet .rar.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Program Files (x86)\Google\Update\Download\bukkake uncut latex .avi.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\japanese nude trambling hot (!) penetration .zip.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\hardcore [milf] feet .zip.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\winsxs\x86_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_3c93ac15fd731acf\lingerie [free] shower .mpeg.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_aea650787d30ed8a\malaysia bukkake lesbian glans .zip.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Windows\assembly\temp\black kicking trambling masturbation .avi.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\Downloads\horse several models .mpeg.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_94828572f7ddbf0f\malaysia bukkake lesbian bedroom .mpg.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_515dc677700303ec\sperm catfight cock .zip.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\hardcore uncut circumcision .mpg.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_en-us_00f45b041e1e8fd3\nude bukkake girls (Janette).rar.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e30b5ec05031d17d\indian handjob hardcore girls ejaculation (Christine,Melissa).mpeg.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_f0ca3430257ea13f\xxx [free] 50+ .zip.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Windows\winsxs\Temp\beast full movie penetration (Sonja,Jade).mpeg.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_94ab98ac6d213009\danish beastiality hardcore big titts penetration (Sarah).zip.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\japanese beastiality blowjob hot (!) circumcision .mpg.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\italian horse gay voyeur feet .zip.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\lesbian girls (Melissa).zip.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\swedish cumshot bukkake [bangbus] .mpg.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_34400a5790d1d336\horse several models hairy .zip.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_79642285ffd2a388\nude fucking full movie 50+ .zip.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Windows\winsxs\x86_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_dd18b2a07d49aa11\kicking blowjob [free] .rar.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\bukkake full movie titts .mpeg.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_00225053e03f4c04\indian kicking blowjob full movie hole .zip.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_es-es_00bfb7e81e458178\fetish fucking lesbian feet circumcision .rar.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Windows\winsxs\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_dba3691c6002e10e\spanish xxx hot (!) (Tatjana).avi.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Windows\winsxs\InstallTemp\chinese beast voyeur mistress .rar.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_387a16fe7addf3b6\nude hardcore catfight balls .rar.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\Downloads\xxx girls feet fishy .zip.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_65b23d3c3a97bfaf\asian hardcore big (Jade).rar.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f25d066604c2ad34\malaysia blowjob voyeur feet bondage .mpeg.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\lingerie sleeping .rar.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5d9f7d70ed4643fd\african lingerie uncut .avi.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2fc4a33adb648f33\asian beast [free] (Melissa).rar.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_3b85bcbe4734e96a\american action bukkake big cock .mpg.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\tyrkish kicking fucking hidden hole (Sonja,Samantha).zip.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_6f0f7833cb71e18d\trambling catfight feet .avi.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Windows\winsxs\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_5e4ff1f4cf2dee9b\animal sperm voyeur beautyfull .avi.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_6.1.7600.16385_none_49dd84a06c7c8863\hardcore hidden hole .rar.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8bfc34b93f0fdd42\british sperm [free] feet 50+ (Janette).avi.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ad7c61fb28607522\fetish trambling sleeping hole hotel (Liz).avi.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_05ea1d9b8e2bf020\fucking [free] leather .avi.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_4d274741486b900c\porn hardcore full movie black hairunshaved .avi.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_664dbffec8693dfe\american fetish gay voyeur cock black hairunshaved .mpeg.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Windows\winsxs\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_39374e2435a71b47\british sperm catfight .zip.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ac16749b75335680\asian trambling hot (!) fishy .mpeg.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_963e6ae24c653bfe\horse full movie black hairunshaved .avi.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_6.1.7600.16385_none_2958d4a31d2ec64f\danish gang bang lingerie [free] hole ash .avi.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\american action gay hidden shower .rar.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\brasilian beastiality trambling catfight cock high heels (Tatjana).rar.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_bacc7ceffc55dca2\cum beast hot (!) feet lady .avi.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Windows\SoftwareDistribution\Download\lingerie uncut hole .mpeg.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_6.1.7600.16385_none_a727eb798dcfb185\lesbian uncut .mpeg.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_de-de_5803850b2f40840e\bukkake girls feet girly (Samantha).mpg.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_965db382b6fef5cb\malaysia lingerie several models hotel (Sonja,Sylvia).mpeg.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_cd2006602e5ee22e\beastiality hardcore several models cock femdom .mpg.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05\black cum lesbian [bangbus] (Sylvia).zip.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_7bfdfb15e7184c41\american nude gay [bangbus] glans .zip.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Windows\PLA\Templates\swedish kicking sperm hot (!) hole femdom .mpeg.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_4fe2107fd06efdd8\tyrkish handjob horse voyeur titts .rar.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a3772de7111797da\african trambling hidden glans redhair .mpg.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8d9f242de8497d58\norwegian hardcore lesbian (Curtney).zip.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_9498b282333b64ec\asian xxx [free] cock .zip.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\japanese kicking sperm [free] traffic (Sonja,Samantha).avi.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8bc7919d3f36cee7\british xxx public titts .rar.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_it-it_18a6fde3093acac7\italian cum lingerie uncut feet upskirt .avi.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_6.1.7600.16385_none_af6f98ff87b0e3cc\cum beast [milf] mistress .mpg.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2208 wrote to memory of 2508 N/A C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe
PID 2208 wrote to memory of 2508 N/A C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe
PID 2208 wrote to memory of 2508 N/A C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe
PID 2208 wrote to memory of 2508 N/A C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe
PID 2508 wrote to memory of 2400 N/A C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe
PID 2508 wrote to memory of 2400 N/A C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe
PID 2508 wrote to memory of 2400 N/A C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe
PID 2508 wrote to memory of 2400 N/A C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe

Processes

C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe

"C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe"

C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe

"C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe"

C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe

"C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 82.113.49.128.in-addr.arpa udp
US 8.8.8.8:53 26.25.45.247.in-addr.arpa udp
US 8.8.8.8:53 227.134.186.226.in-addr.arpa udp
US 8.8.8.8:53 155.54.220.100.in-addr.arpa udp
US 8.8.8.8:53 1.157.82.157.in-addr.arpa udp
US 8.8.8.8:53 111.57.181.104.in-addr.arpa udp
US 8.8.8.8:53 171.47.59.108.in-addr.arpa udp
US 8.8.8.8:53 207.50.246.232.in-addr.arpa udp
US 8.8.8.8:53 227.35.137.208.in-addr.arpa udp
US 8.8.8.8:53 147.11.84.61.in-addr.arpa udp
US 8.8.8.8:53 68.171.63.115.in-addr.arpa udp
US 8.8.8.8:53 59.224.232.189.in-addr.arpa udp
US 8.8.8.8:53 153.19.188.65.in-addr.arpa udp
US 8.8.8.8:53 167.250.201.50.in-addr.arpa udp
US 8.8.8.8:53 110.91.20.13.in-addr.arpa udp
US 8.8.8.8:53 199.37.227.146.in-addr.arpa udp
US 8.8.8.8:53 65.218.106.205.in-addr.arpa udp
US 8.8.8.8:53 210.118.11.11.in-addr.arpa udp
US 8.8.8.8:53 84.122.165.79.in-addr.arpa udp
US 8.8.8.8:53 143.71.192.41.in-addr.arpa udp
US 8.8.8.8:53 189.211.220.54.in-addr.arpa udp
US 8.8.8.8:53 74.148.39.47.in-addr.arpa udp

Files

memory/2208-0-0x0000000000400000-0x000000000041E000-memory.dmp

C:\Program Files\Windows Sidebar\Shared Gadgets\danish kicking fucking several models titts swallow (Karin).mpeg.exe

MD5 a03f9a0e0dfdfeebd66a6baa213339d6
SHA1 c9157aa94a3a7a812896e85fead2d0414ddefa0b
SHA256 461ce891dbb6a9462612d342d9f58ecd8957ecce724e1c2cbff3ec6e2dfc8a39
SHA512 f3bbd53cd2352c85359d107af54cab89e302f3bc3a23a48e434b976896167fe4afd400748ff81de4929f7425f5024724962b90e7a3302e40534501efe79ab1af

memory/2508-11-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2508-52-0x0000000004A40000-0x0000000004A5E000-memory.dmp

memory/2400-53-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2208-91-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2208-93-0x0000000004930000-0x000000000494E000-memory.dmp

memory/2508-96-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2508-98-0x0000000004A40000-0x0000000004A5E000-memory.dmp

memory/2400-99-0x0000000000400000-0x000000000041E000-memory.dmp

C:\debug.txt

MD5 e93afa9244194756059efb7d6c5ed678
SHA1 4376d05f7f1615ff5a0aa8c9afdef0f1a51e61a3
SHA256 cc5a168b47c2a45bfa5b6504dcb271002bcf673e38b3ddc030d39d1f6f5dbece
SHA512 2ed701cffd9fe6f6df344b8d9e3804a4c7ccbfe6fff6a59516a711472ae2c332a143a6cf51bde0fa166ebc79d3c96a22ef1c0d26e2006c38801da8f7392f2d26

Analysis: behavioral2

Detonation Overview

Submitted

2024-04-08 01:01

Reported

2024-04-08 01:04

Platform

win10v2004-20240319-en

Max time kernel

150s

Max time network

157s

Command Line

"C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe"

Signatures

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\config\systemprofile\blowjob girls (Curtney).rar.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Windows\System32\DriverStore\Temp\american nude hardcore lesbian stockings .rar.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\beast girls (Liz).zip.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Windows\System32\LogFiles\Fax\Incoming\american beastiality xxx lesbian pregnant .zip.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\sperm lesbian lady .mpg.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\danish porn horse licking .zip.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\xxx uncut 50+ .rar.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Windows\SysWOW64\IME\SHARED\gay [free] (Janette).mpg.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\fucking hidden glans femdom (Janette).zip.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\black beastiality hardcore full movie balls .mpeg.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\italian animal xxx uncut feet sm .mpeg.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Windows\SysWOW64\IME\SHARED\indian nude horse hidden bondage .avi.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\microsoft shared\gay lesbian (Karin).rar.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\italian porn gay masturbation hairy .rar.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\tyrkish horse lingerie [milf] wifey .avi.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\japanese beastiality horse uncut titts YEâPSè& (Janette).zip.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Program Files (x86)\Google\Temp\beastiality fucking big (Karin).mpeg.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Program Files\dotnet\shared\trambling girls glans mature .mpeg.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Program Files\Microsoft Office\Updates\Download\indian nude trambling catfight upskirt .avi.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Program Files\Windows Sidebar\Shared Gadgets\gay big cock .rar.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\indian beastiality lesbian [bangbus] titts girly .zip.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\horse [bangbus] titts .rar.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\horse big titts hotel (Sylvia).mpg.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\horse girls shoes .mpeg.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Install\{D3EA2F86-0081-495C-8439-1E64CA71F999}\EDGEMITMP_57EE5.tmp\tyrkish animal lingerie catfight femdom .mpeg.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\brasilian action beast full movie titts .zip.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\japanese fetish xxx several models balls .avi.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\german bukkake several models .avi.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Program Files (x86)\Google\Update\Download\horse licking titts bondage .avi.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\tyrkish nude lingerie girls titts .mpg.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\brasilian beastiality gay [milf] girly (Kathrin,Sylvia).mpeg.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\assembly\temp\black action beast voyeur traffic .mpeg.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.1_none_abfc9db6c377b91f\gang bang lesbian [free] (Samantha).avi.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_10.0.19041.1_none_bd731e5b85dd203e\british xxx masturbation shower (Sonja,Karin).mpg.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..-kf-commondownloads_31bf3856ad364e35_10.0.19041.1_none_a914e3e3f19ceda1\black gang bang bukkake several models blondie .mpeg.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_5b152a8d329397ec\norwegian lesbian [milf] (Liz).avi.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_62312bfbb33d478a\malaysia lesbian girls hole high heels .rar.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_e79b400a6df5fd2c\chinese beast lesbian hole (Sandy,Sarah).rar.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_ab42fb092bda9182\danish horse gay uncut Ôï .mpeg.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_10.0.19041.1_none_4ac6500cab2b2113\german xxx [bangbus] feet (Christine,Jade).avi.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Windows\WinSxS\amd64_netfx4-uninstallsqlstatetemplate_sql_b03f5f7f11d50a3a_4.0.15805.0_none_db70a8ec1b999dd5\canadian lingerie hot (!) YEâPSè& .mpeg.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_10.0.19041.1_none_551afa5edf8be30e\gay lesbian .zip.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_9aa486d790131d4e\asian fucking catfight girly .zip.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedpc-sharedpccsp_31bf3856ad364e35_10.0.19041.1_none_24f622f1fc5a3f3c\hardcore catfight .mpg.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.746_none_a06b29f6c4bab99e\danish gang bang xxx hidden traffic .zip.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_de-de_16bd831fd16633be\danish kicking xxx voyeur feet .mpg.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.1_none_a7ad1894592cfa12\cum xxx several models ash .mpg.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c3d467c525734eb3\action xxx public ejaculation .avi.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.1_none_0bc0f3d4cd7dc8fd\italian gang bang gay lesbian hole swallow .avi.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_887b2378b7b5651d\trambling girls feet hotel .avi.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_en-us_8dd6053a0a5910eb\danish handjob bukkake voyeur hotel .zip.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-sx-shared_31bf3856ad364e35_10.0.19041.1_none_f8e978b0ed48a6bb\black fetish sperm [bangbus] cock .zip.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Windows\assembly\tmp\italian action sperm lesbian hole black hairunshaved (Tatjana).rar.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Windows\CbsTemp\horse licking black hairunshaved .zip.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_855aff45853749ef\chinese hardcore [bangbus] feet sm (Karin).mpg.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-u..ell-sharedutilities_31bf3856ad364e35_10.0.19041.1_none_813610a8a9b59e0a\british xxx girls feet 40+ .mpeg.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_es-es_c9ce604ef4cbf323\spanish horse [bangbus] femdom .zip.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1288_none_6115038ba57fcb33\swedish gang bang xxx [milf] circumcision .rar.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Windows\InputMethod\SHARED\lesbian big cock .mpg.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_6242879b1c08046f\italian fetish beast [free] cock YEâPSè& .avi.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Windows\SystemResources\Windows.ShellCommon.SharedResources\american horse trambling sleeping girly .mpg.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.746_none_2212358fc33cc10f\handjob blowjob [bangbus] hole Ôï (Melissa).zip.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..se-shared-datafiles_31bf3856ad364e35_10.0.19041.1_none_2f5f00d280dce9f6\kicking trambling voyeur cock (Anniston,Janette).mpeg.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_en-us_64f5aaf4bb13ecef\swedish gang bang lingerie hidden cock YEâPSè& .mpg.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Windows\WinSxS\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_10.0.19041.1_none_15ba23b7f1e2b81b\american animal trambling hidden hole leather .rar.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\indian horse beast licking hole beautyfull .rar.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5fdc43acc1be690d\spanish bukkake lesbian cock ash .mpg.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_en-us_e5f85095c4bc5d16\blowjob full movie boots (Ashley,Janette).mpg.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Windows\WinSxS\amd64_netfx4-_dataperfcou.._shared12_neutral_h_b03f5f7f11d50a3a_4.0.15805.0_none_24ed4511dcc3019e\asian trambling masturbation .mpeg.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_de-de_3d077a9cd5de5151\black fetish lingerie [bangbus] feet .avi.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.906_none_f962ab5f47e1e896\british blowjob full movie .mpeg.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1_none_a23e6a858fad9595\indian beastiality hardcore several models blondie (Britney,Samantha).mpg.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\tyrkish handjob lingerie girls beautyfull .mpeg.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_it-it_bdb6c49fcea35732\african sperm hot (!) cock lady .mpeg.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..ces-ime-eashared-lm_31bf3856ad364e35_10.0.19041.1_none_4756d423b091d10b\malaysia lingerie uncut hole .avi.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_211cf1c632a13851\german horse catfight titts girly (Tatjana).zip.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_fd7349c396c417ae\trambling lesbian .rar.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_de-de_e4e52f411b7b0526\sperm hidden 50+ .avi.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_it-it_1a80ce63d483fe70\gang bang lingerie girls (Sarah).mpeg.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Windows\WinSxS\amd64_netfx-aspnet-nonwow64-shared_b03f5f7f11d50a3a_4.0.19041.1_none_d66d07dacac85e2d\norwegian lingerie sleeping (Tatjana).avi.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_es-es_bf79b5fcc06b3128\chinese fucking sleeping titts traffic .zip.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.572_none_cf90e12518baac85\russian fetish gay hidden hole sweet (Sarah).mpg.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Windows\WinSxS\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_10.0.19041.1_none_c049dbdb4e15bdd2\japanese fetish gay full movie gorgeoushorny (Anniston,Tatjana).avi.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\gay catfight hole sm .mpeg.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Windows\WinSxS\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_10.0.19041.1_none_03040a328f65b761\gang bang horse masturbation sm .zip.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_fe0807c37141be7a\italian horse lesbian [bangbus] mistress .avi.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_bca64d70c79f104b\nude xxx hidden glans traffic (Liz).zip.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1288_none_ca3007304990b2ea\british hardcore uncut cock .mpeg.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedrealitysvc_31bf3856ad364e35_10.0.19041.746_none_822bf1ada1526fa8\handjob lesbian full movie cock upskirt .avi.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Windows\WinSxS\x86_netfx4-installsqlstatetemplate_sql_b03f5f7f11d50a3a_4.0.15805.0_none_bde408a455fc3ece\chinese trambling masturbation cock mistress .mpg.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\russian horse lingerie girls upskirt .avi.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_56cd15352969a8d0\beastiality lesbian catfight titts granny .mpg.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_621728fcd3c9d5f6\fetish lingerie catfight circumcision .zip.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_8d8f6812a0c99533\asian blowjob [milf] balls .zip.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.546_none_cd016aa683e5a345\porn sperm uncut .mpg.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2748 wrote to memory of 3776 N/A C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe
PID 2748 wrote to memory of 3776 N/A C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe
PID 2748 wrote to memory of 3776 N/A C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe
PID 2748 wrote to memory of 4996 N/A C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe
PID 2748 wrote to memory of 4996 N/A C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe
PID 2748 wrote to memory of 4996 N/A C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe
PID 3776 wrote to memory of 1856 N/A C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe
PID 3776 wrote to memory of 1856 N/A C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe
PID 3776 wrote to memory of 1856 N/A C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe

Processes

C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe

"C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe"

C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe

"C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe"

C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe

"C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe"

C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe

"C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4092 --field-trial-handle=2292,i,2927097380497635931,2014459809064723663,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 134.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 21.114.53.23.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
NL 142.250.179.138:443 tcp
GB 172.165.61.93:443 tcp
IE 94.245.104.56:443 tcp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
GB 51.140.244.186:443 tcp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 13.107.246.64:443 tcp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 153.190.182.194.in-addr.arpa udp
US 8.8.8.8:53 178.231.107.143.in-addr.arpa udp
US 8.8.8.8:53 74.229.106.147.in-addr.arpa udp
US 8.8.8.8:53 239.245.56.19.in-addr.arpa udp
US 8.8.8.8:53 162.113.151.125.in-addr.arpa udp
US 8.8.8.8:53 246.91.6.3.in-addr.arpa udp
US 8.8.8.8:53 236.42.206.173.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 193.7.233.58.in-addr.arpa udp
US 8.8.8.8:53 92.153.172.152.in-addr.arpa udp
US 8.8.8.8:53 63.234.34.236.in-addr.arpa udp
US 8.8.8.8:53 106.43.168.166.in-addr.arpa udp
US 8.8.8.8:53 62.32.65.178.in-addr.arpa udp
US 8.8.8.8:53 166.111.181.25.in-addr.arpa udp
US 8.8.8.8:53 194.167.146.11.in-addr.arpa udp
US 8.8.8.8:53 180.156.82.95.in-addr.arpa udp
US 8.8.8.8:53 63.167.7.155.in-addr.arpa udp
US 8.8.8.8:53 210.132.107.25.in-addr.arpa udp
US 8.8.8.8:53 103.251.132.130.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 211.247.166.255.in-addr.arpa udp
US 8.8.8.8:53 227.90.188.181.in-addr.arpa udp
US 8.8.8.8:53 146.69.245.93.in-addr.arpa udp
US 8.8.8.8:53 64.37.30.198.in-addr.arpa udp
US 8.8.8.8:53 172.114.18.96.in-addr.arpa udp
US 8.8.8.8:53 39.123.249.59.in-addr.arpa udp
US 8.8.8.8:53 196.95.185.234.in-addr.arpa udp
US 8.8.8.8:53 134.183.184.30.in-addr.arpa udp
US 8.8.8.8:53 164.25.222.176.in-addr.arpa udp
US 8.8.8.8:53 249.23.19.74.in-addr.arpa udp
US 8.8.8.8:53 190.224.240.71.in-addr.arpa udp
US 8.8.8.8:53 101.127.112.179.in-addr.arpa udp
US 8.8.8.8:53 172.43.202.73.in-addr.arpa udp
US 8.8.8.8:53 140.18.22.27.in-addr.arpa udp
US 8.8.8.8:53 33.149.157.180.in-addr.arpa udp
US 8.8.8.8:53 41.103.100.91.in-addr.arpa udp
US 8.8.8.8:53 44.136.156.67.in-addr.arpa udp
US 8.8.8.8:53 213.68.208.52.in-addr.arpa udp
US 8.8.8.8:53 24.173.189.20.in-addr.arpa udp

Files

memory/2748-0-0x0000000000400000-0x000000000041E000-memory.dmp

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\horse big titts hotel (Sylvia).mpg.exe

MD5 2e6586ce83c317cdf5965cc6afc0fb65
SHA1 9668508f384f000caaba57dd00b32f9fcec50601
SHA256 ddabeac1cc682386167cd85f850f3058295f3b9a21e236b966efeca2baa03d56
SHA512 de8473c99c77ba9695135037bb38714ae7acf19de59d3f686a42c58cc3dfb5bf8e5fadf1d45a32dcfe8548c174b437df30711c8ffbedfb70ed9ce54616fba13e

memory/3776-11-0x0000000000400000-0x000000000041E000-memory.dmp

memory/4996-46-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1856-47-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2748-188-0x0000000000400000-0x000000000041E000-memory.dmp

memory/3776-192-0x0000000000400000-0x000000000041E000-memory.dmp

memory/4996-193-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1856-194-0x0000000000400000-0x000000000041E000-memory.dmp