Malware Analysis Report

2025-06-16 07:28

Sample ID 240602-fgaghsbf3x
Target fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca
SHA256 fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca
Tags
persistence spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca

Threat Level: Known bad

The file fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca was found to be: Known bad.

Malicious Activity Summary

persistence spyware stealer

Detects executables containing possible sandbox analysis VM usernames

Detects executables containing possible sandbox analysis VM usernames

Checks computer location settings

Reads user/profile data of web browsers

Enumerates connected drives

Adds Run key to start application

Drops file in System32 directory

Drops file in Windows directory

Drops file in Program Files directory

Enumerates physical storage devices

Unsigned PE

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-02 04:50

Signatures

Detects executables containing possible sandbox analysis VM usernames

Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-02 04:50

Reported

2024-06-02 04:52

Platform

win7-20240221-en

Max time kernel

150s

Max time network

149s

Command Line

"C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe"

Signatures

Detects executables containing possible sandbox analysis VM usernames

Description Indicator Process Target
N/A N/A N/A N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\DriverStore\Temp\indian xxx [bangbus] .avi.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\horse lingerie sleeping (Jade).rar.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Windows\System32\LogFiles\Fax\Incoming\horse fucking [bangbus] bedroom .zip.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\lesbian lingerie full movie swallow .zip.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\indian fetish fucking hidden cock castration (Karin,Jade).mpeg.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Windows\SysWOW64\IME\shared\african trambling sleeping .mpeg.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\gang bang public hole (Janette).mpeg.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\norwegian handjob blowjob full movie .mpg.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Windows\SysWOW64\IME\shared\chinese fetish trambling licking .mpeg.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\indian animal blowjob hidden ash .mpg.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\french blowjob gang bang catfight feet redhair .avi.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\lingerie uncut .rar.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Program Files\Windows Journal\Templates\indian sperm animal public titts sm .rar.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Program Files (x86)\Google\Temp\xxx animal girls legs redhair .avi.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Program Files\Windows Sidebar\Shared Gadgets\brasilian cum full movie girly (Anniston).zip.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\spanish trambling beast full movie boobs beautyfull .rar.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\french lingerie action lesbian shoes .avi.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\russian sperm gang bang [bangbus] fishy .rar.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Program Files (x86)\Google\Update\Download\blowjob kicking hidden fishy (Sarah).avi.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\canadian xxx beast catfight leather .avi.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\swedish kicking public .mpeg.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\japanese sperm horse hidden .avi.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\horse cumshot masturbation .mpg.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Program Files\DVD Maker\Shared\italian action cumshot masturbation .mpg.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\fetish public (Sarah,Sandy).rar.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_60c2504d62fd4f0e\trambling girls .rar.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Windows\winsxs\amd64_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_c26c5b8280c6af34\chinese fucking handjob [milf] cock young (Kathrin).zip.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_664dbffec8693dfe\spanish handjob girls castration .avi.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\canadian fetish nude [bangbus] feet .mpg.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_293ea1e3e6bc5364\italian hardcore lingerie [bangbus] redhair (Ashley).zip.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_d81c96999f75bd77\norwegian bukkake kicking uncut cock .mpg.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_94828572f7ddbf0f\brasilian action cumshot hidden legs .zip.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0af98f1835676d1b\danish cumshot hidden .mpg.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Windows\winsxs\InstallTemp\beast catfight hole (Sarah).zip.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-m..-temptable-provider_31bf3856ad364e35_6.1.7600.16385_none_1dd3ce8d1e7524cd\british animal blowjob masturbation hole bedroom .mpeg.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a3772de7111797da\blowjob full movie glans (Sonja,Samantha).mpg.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Windows\winsxs\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_a945e2c500c90142\brasilian action [bangbus] (Curtney).mpg.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_es-es_00bfb7e81e458178\beastiality several models feet (Kathrin,Samantha).avi.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_it-it_18a6fde3093acac7\sperm beast [free] shower .rar.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_cd2006602e5ee22e\american hardcore girls vagina .rar.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_4d274741486b900c\british beast horse big wifey (Melissa).mpeg.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Windows\assembly\temp\chinese action masturbation hairy (Curtney).mpeg.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_6208b91f46896156\asian nude hidden beautyfull (Sylvia).rar.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_d8216ed3d8746200\lingerie hidden hairy .zip.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_b7f38afb92de484f\cumshot hot (!) circumcision (Karin,Tatjana).mpg.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Windows\winsxs\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_5e4ff1f4cf2dee9b\action cumshot uncut .zip.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f25d066604c2ad34\swedish gay public gorgeoushorny .rar.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0ac4ebfc358e5ec0\german hardcore catfight legs .zip.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_3b85bcbe4734e96a\japanese bukkake [milf] titts latex .mpg.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\Downloads\kicking fucking several models hole .avi.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5d6ada54ed6d35a2\bukkake horse lesbian redhair (Sarah).zip.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_965db382b6fef5cb\african horse [free] .rar.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0993a1b8823a4e79\gay hidden girly (Curtney).mpg.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\malaysia fetish bukkake voyeur balls .mpg.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\danish bukkake gay several models nipples ejaculation .avi.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\russian lingerie voyeur femdom .avi.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\sperm hardcore catfight (Ashley,Melissa).zip.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_6.1.7600.16385_none_5499606faffb3f9f\french kicking sleeping shower .mpg.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_095efe9c8261401e\spanish gay sperm uncut ash (Gina).mpeg.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_f3c374fc18118ca2\british xxx fetish uncut .mpeg.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\french sperm cum hidden fishy .avi.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\lingerie fetish voyeur granny (Sarah,Curtney).avi.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\russian gang bang beast hidden .mpeg.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05\cumshot full movie ash .mpeg.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_6.1.7600.16385_none_49dd84a06c7c8863\malaysia beast big boobs traffic .zip.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8bfc34b93f0fdd42\lingerie hardcore catfight titts .zip.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_6.1.7600.16385_none_a727eb798dcfb185\nude handjob hot (!) pregnant (Samantha).mpeg.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\action handjob catfight .zip.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\british hardcore public boobs .mpeg.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\fetish xxx licking cock .avi.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Windows\security\templates\german trambling horse hot (!) cock sweet (Britney,Kathrin).mpeg.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\Downloads\chinese cumshot horse girls mature .mpg.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ea4a469ab7713182\french porn voyeur legs high heels .zip.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8c6fc5a7aa8c435d\blowjob several models fishy .avi.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_9498b282333b64ec\danish cumshot blowjob big .zip.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_ddab3bcb3a4ffb45\handjob bukkake girls beautyfull .rar.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_65b23d3c3a97bfaf\spanish cumshot animal girls stockings (Britney,Sarah).zip.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Windows\winsxs\x86_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_dd18b2a07d49aa11\blowjob uncut (Jenna,Janette).mpeg.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\black beastiality fucking masturbation YEâPSè& .mpeg.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\bukkake cumshot girls boobs granny .avi.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_6.1.7600.16385_none_2958d4a31d2ec64f\russian cumshot beastiality sleeping lady (Sonja).zip.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_6f0f7833cb71e18d\porn [bangbus] cock .mpg.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Windows\winsxs\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_dba3691c6002e10e\action animal [bangbus] hole .rar.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_3d98a610fed70b75\beast gang bang licking fishy .mpg.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\indian bukkake voyeur cock shower (Sonja,Karin).mpeg.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\italian horse full movie legs .mpeg.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2fc4a33adb648f33\british horse action lesbian titts castration .rar.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Windows\winsxs\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_16a2bb1dbab1c595\lesbian lesbian vagina .zip.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_60a2cbbf935c42b4\animal action [bangbus] castration .mpg.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1908 wrote to memory of 2580 N/A C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe
PID 1908 wrote to memory of 2580 N/A C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe
PID 1908 wrote to memory of 2580 N/A C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe
PID 1908 wrote to memory of 2580 N/A C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe
PID 2580 wrote to memory of 1032 N/A C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe
PID 2580 wrote to memory of 1032 N/A C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe
PID 2580 wrote to memory of 1032 N/A C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe
PID 2580 wrote to memory of 1032 N/A C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe

Processes

C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe

"C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe"

C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe

"C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe"

C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe

"C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 115.121.174.177.in-addr.arpa udp
US 8.8.8.8:53 91.172.78.28.in-addr.arpa udp
US 8.8.8.8:53 116.182.43.23.in-addr.arpa udp
US 8.8.8.8:53 199.199.160.84.in-addr.arpa udp
US 8.8.8.8:53 221.23.192.228.in-addr.arpa udp
US 8.8.8.8:53 202.101.69.201.in-addr.arpa udp
US 8.8.8.8:53 32.101.187.27.in-addr.arpa udp
US 8.8.8.8:53 25.67.99.83.in-addr.arpa udp
US 8.8.8.8:53 2.180.14.192.in-addr.arpa udp
US 8.8.8.8:53 121.95.86.119.in-addr.arpa udp
US 8.8.8.8:53 99.93.198.132.in-addr.arpa udp
US 8.8.8.8:53 13.82.135.107.in-addr.arpa udp
US 8.8.8.8:53 144.162.94.142.in-addr.arpa udp
US 8.8.8.8:53 82.73.82.213.in-addr.arpa udp
US 8.8.8.8:53 148.29.221.251.in-addr.arpa udp
US 8.8.8.8:53 5.134.85.192.in-addr.arpa udp
US 8.8.8.8:53 221.46.253.101.in-addr.arpa udp
US 8.8.8.8:53 212.215.206.161.in-addr.arpa udp
US 8.8.8.8:53 185.56.10.217.in-addr.arpa udp
US 8.8.8.8:53 32.190.226.65.in-addr.arpa udp
US 8.8.8.8:53 228.142.230.146.in-addr.arpa udp
US 8.8.8.8:53 119.230.20.73.in-addr.arpa udp
US 8.8.8.8:53 169.165.16.59.in-addr.arpa udp
US 8.8.8.8:53 39.225.59.201.in-addr.arpa udp
US 8.8.8.8:53 248.72.129.18.in-addr.arpa udp
US 8.8.8.8:53 176.133.158.169.in-addr.arpa udp
US 8.8.8.8:53 78.210.244.26.in-addr.arpa udp
US 8.8.8.8:53 8.245.30.147.in-addr.arpa udp
US 8.8.8.8:53 87.242.47.122.in-addr.arpa udp
US 8.8.8.8:53 udp

Files

C:\Program Files\Windows Sidebar\Shared Gadgets\brasilian cum full movie girly (Anniston).zip.exe

MD5 fd6166eb10cf86c01b53a2b9e1f723cb
SHA1 448404f9d522e51b771292feba8ab2bab969b0ab
SHA256 1361d84aa836e0575127b11f1251e6e01ffbce494e7b0650a68f570e8d18af38
SHA512 a2a8fbf854bb69f4960c03f32f4b7445a60d7769dfd6729832001e5c53930fd6d7098f5a16eff13e32b6460a86616e3e45fe15b59e2218f7b70a539b57adbab2

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-02 04:50

Reported

2024-06-02 04:52

Platform

win10v2004-20240426-en

Max time kernel

150s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe"

Signatures

Detects executables containing possible sandbox analysis VM usernames

Description Indicator Process Target
N/A N/A N/A N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\LogFiles\Fax\Incoming\asian horse nude [free] wifey (Christine).avi.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\german xxx licking ΋ .mpeg.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\spanish fucking porn public .mpeg.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\french cum gang bang several models feet 40+ .avi.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\gang bang voyeur mistress .mpg.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\tyrkish cumshot uncut .mpeg.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\black gay masturbation (Christine,Sylvia).avi.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Windows\System32\DriverStore\Temp\kicking several models boobs high heels .mpeg.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\beast blowjob voyeur ash .zip.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Windows\SysWOW64\IME\SHARED\spanish fucking girls bondage (Liz,Melissa).mpg.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\beastiality porn [bangbus] latex (Jenna,Jenna).mpg.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Windows\SysWOW64\IME\SHARED\fetish girls 50+ .mpeg.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\french lingerie action lesbian shoes .avi.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\sperm big hotel .mpg.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\fetish public (Sarah,Sandy).rar.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\xxx animal girls legs redhair .avi.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Program Files\Windows Sidebar\Shared Gadgets\canadian xxx beast catfight leather .avi.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Program Files (x86)\Google\Temp\sperm lingerie uncut shoes .mpeg.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\african handjob kicking voyeur .rar.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\swedish cum licking .avi.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\brasilian cum full movie girly (Anniston).zip.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\spanish trambling beast full movie boobs beautyfull .rar.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\black porn sleeping mistress .mpeg.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU9470.tmp\german cum horse several models hairy (Liz,Karin).zip.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\indian sperm animal public titts sm .rar.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Program Files (x86)\Google\Update\Download\malaysia lingerie handjob masturbation hole YEâPSè& .rar.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\russian porn cumshot girls .zip.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\fetish uncut blondie .mpeg.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Program Files\Common Files\microsoft shared\russian sperm gang bang [bangbus] fishy .rar.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Program Files\dotnet\shared\italian action cumshot masturbation .mpg.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Program Files\Microsoft Office\Updates\Download\blowjob kicking hidden fishy (Sarah).avi.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\WinSxS\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.1_none_d12f2a9a88909fc2\canadian handjob bukkake full movie .avi.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_10.0.19041.1_none_965fbcbe4df0916b\japanese handjob horse licking leather (Ashley).mpeg.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\russian cumshot cum voyeur cock swallow (Tatjana).zip.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..ervices-tsfairshare_31bf3856ad364e35_10.0.19041.1_none_e32b64807ab11fd2\tyrkish fetish masturbation vagina .avi.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_6242879b1c08046f\malaysia handjob lesbian .avi.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.1_none_4a03fd12cb3f16c2\russian gang bang action sleeping (Melissa,Gina).zip.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_it-it_4c5922428a6f2d08\canadian fucking beast [free] girly .zip.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_b1ffa0e7b4ed03e2\canadian lingerie cum catfight (Ashley,Tatjana).mpg.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..mon-sharedresources_31bf3856ad364e35_10.0.19041.1_none_5417ea1f38dbb76b\cum uncut 40+ .mpeg.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\black hardcore voyeur titts redhair .mpeg.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_es-es_30d7585a049f5b52\gay animal [free] cock .rar.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Windows\InputMethod\SHARED\cumshot trambling lesbian 50+ .zip.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..se-shared-datafiles_31bf3856ad364e35_10.0.19041.1_none_2f5f00d280dce9f6\japanese cum licking 50+ .avi.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_10.0.19041.1_none_c513167c1d0a90dd\chinese fetish big swallow (Sandy,Britney).avi.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\american handjob big (Tatjana,Christine).rar.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..s-ime-eashared-ihds_31bf3856ad364e35_10.0.19041.1_none_e8996b7d3512363f\beast [milf] legs upskirt .zip.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.746_none_de598551b74a3964\american beastiality animal masturbation ash beautyfull .avi.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Windows\SystemResources\Windows.UI.ShellCommon\SharePickerUI\tyrkish cumshot lesbian lady (Janette).zip.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_en-us_310bfb76047869ad\russian gang bang voyeur (Jenna).avi.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1_none_3cfd44d351b1a8ab\african fucking lesbian hidden ash .avi.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_2fe79eae2833b9b1\fucking girls castration (Sonja).avi.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Windows\WinSxS\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_10.0.19041.1_none_4ab14109a3e1e067\hardcore [bangbus] (Sylvia,Sandy).mpeg.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-update-upshared_31bf3856ad364e35_10.0.19041.84_none_85259eff919b7c9e\kicking horse public .avi.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_6c85d64de79e0985\cum cum [milf] mature .zip.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Windows\WinSxS\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_10.0.19041.1_none_a723631dce180fe0\italian blowjob lingerie girls .rar.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-u..ell-sharedutilities_31bf3856ad364e35_10.0.19041.1_none_813610a8a9b59e0a\fucking uncut .avi.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Windows\WinSxS\InstallTemp\german cumshot sleeping sm (Kathrin).avi.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_cb389cf57d74d691\german gay voyeur balls .avi.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.1266_none_7916f7558927ae23\spanish nude animal big ash femdom (Ashley,Samantha).mpeg.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_10.0.19041.1_none_096bb4dc0d5d63a0\fucking blowjob public .avi.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Windows\WinSxS\amd64_netfx4-_dataperfcou.._shared12_neutral_h_b03f5f7f11d50a3a_4.0.15805.0_none_24ed4511dcc3019e\brasilian beastiality fucking [milf] bondage .mpeg.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_8d8f6812a0c99533\danish handjob cum sleeping femdom (Anniston,Christine).zip.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_211cf1c632a13851\lesbian beast hot (!) hole fishy (Ashley,Jenna).mpg.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_de-de_881b257d159a5de8\gang bang hidden ash sm .zip.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-a..gement-uevtemplates_31bf3856ad364e35_10.0.19041.1_none_0d66b54875835a49\italian blowjob cumshot full movie (Sonja).rar.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Windows\WinSxS\amd64_netfx-aspnet-nonwow64-shared_b03f5f7f11d50a3a_4.0.19041.1_none_d66d07dacac85e2d\nude hardcore public hotel .avi.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_621728fcd3c9d5f6\blowjob action hidden .zip.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_5d54c0aac5c3c12c\italian bukkake big 50+ (Anniston,Britney).mpeg.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.964_none_1c1a193f5bfcf136\horse fucking big .zip.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\Downloads\japanese beast sleeping .avi.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_en-us_64f5aaf4bb13ecef\handjob catfight feet swallow (Liz).mpeg.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_6c6bd34f082a97f1\japanese kicking trambling full movie .mpg.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Windows\WinSxS\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_10.0.19041.1_none_c049dbdb4e15bdd2\brasilian cum several models wifey .mpeg.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_4c786ae2f508e6d5\african animal cum sleeping feet shower .avi.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1288_none_ca3007304990b2ea\horse big mistress .zip.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Windows\WinSxS\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_10.0.19041.1_none_0341fea186758116\german gay porn public boobs .mpg.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_10.0.19041.1_none_a3d9a07cf2290837\malaysia action trambling [bangbus] .zip.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_es-es_8da1621e0a800290\chinese hardcore full movie shower .zip.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\porn fucking girls glans YEâPSè& .zip.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_833abdc06c68d338\french horse bukkake licking (Sandy).rar.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Windows\WinSxS\x86_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_10.0.19041.1_none_d980e9752d51efac\xxx action uncut boobs (Sandy).avi.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.1_none_abfc9db6c377b91f\italian xxx sperm sleeping ash latex (Janette).zip.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_de-de_bc04d4fbcc35e12a\handjob lingerie full movie high heels .avi.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.546_none_cd016aa683e5a345\lingerie horse [free] .zip.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.746_none_b53f8b98f2b3a373\cumshot public gorgeoushorny (Curtney).zip.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.844_none_67b5915b5651dd8a\trambling masturbation ash .zip.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_1bbb9ab9fc52bac9\bukkake gay hidden .zip.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1_none_0b596e2a33be7d4c\xxx [free] titts .avi.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_62312bfbb33d478a\danish fucking licking pregnant .zip.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.84_none_81616275259e37fe\fetish beastiality public penetration .mpeg.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_93c5f32b7859ec4f\lesbian kicking hidden nipples beautyfull (Sandy).rar.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_67a96afcfa248327\spanish bukkake sleeping .mpg.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Windows\WinSxS\msil_microsoft.powershel..filedownloadmanager_31bf3856ad364e35_10.0.19041.1_none_cb69bad627df9263\fetish fetish [milf] .avi.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
File created C:\Windows\WinSxS\x86_netfx4-installsqlstatetemplate_sql_b03f5f7f11d50a3a_4.0.15805.0_none_bde408a455fc3ece\japanese kicking [milf] mature .avi.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1076 wrote to memory of 1644 N/A C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe
PID 1076 wrote to memory of 1644 N/A C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe
PID 1076 wrote to memory of 1644 N/A C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe
PID 1076 wrote to memory of 4408 N/A C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe
PID 1076 wrote to memory of 4408 N/A C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe
PID 1076 wrote to memory of 4408 N/A C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe
PID 1644 wrote to memory of 5076 N/A C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe
PID 1644 wrote to memory of 5076 N/A C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe
PID 1644 wrote to memory of 5076 N/A C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe

Processes

C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe

"C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe"

C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe

"C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe"

C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe

"C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe"

C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe

"C:\Users\Admin\AppData\Local\Temp\fbecc28757252ea55de45961484942fb2b663371fd79fc406b0724b9ee5bbcca.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 16.24.18.2.in-addr.arpa udp
US 8.8.8.8:53 67.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 156.210.64.137.in-addr.arpa udp
US 8.8.8.8:53 170.15.49.32.in-addr.arpa udp
US 8.8.8.8:53 139.125.77.61.in-addr.arpa udp
US 8.8.8.8:53 235.255.85.187.in-addr.arpa udp
US 8.8.8.8:53 61.168.151.233.in-addr.arpa udp
US 8.8.8.8:53 196.11.36.201.in-addr.arpa udp
US 8.8.8.8:53 141.76.100.189.in-addr.arpa udp
US 8.8.8.8:53 59.125.141.54.in-addr.arpa udp
US 8.8.8.8:53 62.125.109.138.in-addr.arpa udp
US 8.8.8.8:53 75.242.194.221.in-addr.arpa udp
US 8.8.8.8:53 84.1.141.207.in-addr.arpa udp
US 8.8.8.8:53 149.235.54.110.in-addr.arpa udp
US 8.8.8.8:53 67.188.201.216.in-addr.arpa udp
US 8.8.8.8:53 246.110.217.213.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 12.202.212.151.in-addr.arpa udp
US 8.8.8.8:53 217.203.1.79.in-addr.arpa udp
US 8.8.8.8:53 6.150.245.98.in-addr.arpa udp
US 8.8.8.8:53 29.95.254.227.in-addr.arpa udp
US 8.8.8.8:53 231.18.164.234.in-addr.arpa udp
US 8.8.8.8:53 71.142.36.16.in-addr.arpa udp
US 8.8.8.8:53 33.27.23.59.in-addr.arpa udp
US 8.8.8.8:53 168.112.68.75.in-addr.arpa udp
US 8.8.8.8:53 14.88.67.151.in-addr.arpa udp
US 8.8.8.8:53 86.161.102.198.in-addr.arpa udp
US 8.8.8.8:53 98.70.157.193.in-addr.arpa udp
US 8.8.8.8:53 211.230.141.172.in-addr.arpa udp
US 8.8.8.8:53 52.99.80.216.in-addr.arpa udp
US 8.8.8.8:53 158.77.61.238.in-addr.arpa udp
US 8.8.8.8:53 14.143.1.60.in-addr.arpa udp
US 8.8.8.8:53 228.206.207.46.in-addr.arpa udp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 245.118.234.10.in-addr.arpa udp
US 8.8.8.8:53 49.27.226.211.in-addr.arpa udp
US 8.8.8.8:53 52.202.247.61.in-addr.arpa udp
US 8.8.8.8:53 52.121.214.34.in-addr.arpa udp
US 8.8.8.8:53 147.43.190.207.in-addr.arpa udp
US 8.8.8.8:53 49.34.7.220.in-addr.arpa udp
US 8.8.8.8:53 170.121.8.153.in-addr.arpa udp
US 8.8.8.8:53 52.4.173.100.in-addr.arpa udp
US 8.8.8.8:53 164.47.97.224.in-addr.arpa udp
US 8.8.8.8:53 29.31.43.214.in-addr.arpa udp
US 8.8.8.8:53 14.219.18.15.in-addr.arpa udp
US 8.8.8.8:53 44.63.125.26.in-addr.arpa udp
US 8.8.8.8:53 134.123.252.132.in-addr.arpa udp
US 8.8.8.8:53 242.85.237.99.in-addr.arpa udp
US 8.8.8.8:53 32.197.208.19.in-addr.arpa udp
US 8.8.8.8:53 86.34.228.143.in-addr.arpa udp
US 8.8.8.8:53 90.47.190.179.in-addr.arpa udp
US 8.8.8.8:53 247.232.91.150.in-addr.arpa udp
US 8.8.8.8:53 150.242.26.48.in-addr.arpa udp
US 8.8.8.8:53 16.233.17.195.in-addr.arpa udp
US 8.8.8.8:53 49.229.155.15.in-addr.arpa udp
US 8.8.8.8:53 237.244.107.222.in-addr.arpa udp
US 8.8.8.8:53 156.174.37.233.in-addr.arpa udp
US 8.8.8.8:53 217.38.29.81.in-addr.arpa udp
US 8.8.8.8:53 72.198.187.7.in-addr.arpa udp
US 8.8.8.8:53 220.134.69.194.in-addr.arpa udp
US 8.8.8.8:53 236.93.240.83.in-addr.arpa udp
US 8.8.8.8:53 8.113.46.66.in-addr.arpa udp
US 8.8.8.8:53 82.196.242.184.in-addr.arpa udp
US 8.8.8.8:53 183.40.70.182.in-addr.arpa udp

Files

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\brasilian cum full movie girly (Anniston).zip.exe

MD5 fd6166eb10cf86c01b53a2b9e1f723cb
SHA1 448404f9d522e51b771292feba8ab2bab969b0ab
SHA256 1361d84aa836e0575127b11f1251e6e01ffbce494e7b0650a68f570e8d18af38
SHA512 a2a8fbf854bb69f4960c03f32f4b7445a60d7769dfd6729832001e5c53930fd6d7098f5a16eff13e32b6460a86616e3e45fe15b59e2218f7b70a539b57adbab2