Malware Analysis Report

2025-08-06 00:44

Sample ID 240403-xkq24saa54
Target 155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a
SHA256 155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a
Tags
upx persistence spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a

Threat Level: Known bad

The file 155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a was found to be: Known bad.

Malicious Activity Summary

upx persistence spyware stealer

UPX dump on OEP (original entry point)

UPX dump on OEP (original entry point)

Detects executables containing possible sandbox analysis VM usernames

Checks computer location settings

UPX packed file

Reads user/profile data of web browsers

Adds Run key to start application

Enumerates connected drives

Drops file in System32 directory

Drops file in Program Files directory

Drops file in Windows directory

Enumerates physical storage devices

Unsigned PE

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-03 18:55

Signatures

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-03 18:55

Reported

2024-04-03 18:57

Platform

win7-20231129-en

Max time kernel

150s

Max time network

149s

Command Line

"C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe"

Signatures

Detects executables containing possible sandbox analysis VM usernames

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\FxsTmp\gang bang fucking uncut .zip.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Windows\SysWOW64\IME\shared\lesbian [milf] shoes .mpeg.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\italian porn trambling [milf] girly .zip.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Windows\SysWOW64\IME\shared\trambling uncut glans balls (Janette).rar.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\beast several models glans .zip.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\xxx licking hole (Gina,Sarah).rar.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\horse big mistress .zip.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\american cum bukkake masturbation boots .avi.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Windows\System32\DriverStore\Temp\brasilian cumshot bukkake voyeur shower (Ashley,Tatjana).rar.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Windows\System32\LogFiles\Fax\Incoming\danish gang bang xxx full movie titts .avi.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\xxx big redhair .mpeg.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Program Files\Windows Journal\Templates\gay [bangbus] black hairunshaved .mpg.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Program Files\Windows Sidebar\Shared Gadgets\horse [milf] glans .mpeg.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\tyrkish porn lingerie [milf] .avi.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Program Files (x86)\Google\Temp\indian kicking sperm uncut high heels (Anniston,Tatjana).rar.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\trambling voyeur fishy .avi.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\brasilian handjob horse [milf] cock 50+ (Samantha).mpeg.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\hardcore several models (Melissa).zip.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\japanese fetish lingerie licking circumcision .zip.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\brasilian gang bang fucking big bondage .rar.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\bukkake voyeur feet .avi.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Program Files\DVD Maker\Shared\italian kicking xxx [free] ìï .zip.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\italian cumshot lingerie catfight femdom .mpeg.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Program Files (x86)\Google\Update\Download\lesbian hot (!) .mpg.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\russian handjob gay [free] cock .mpeg.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_39c9d74ef2ad6c7b\blowjob big feet shoes .avi.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Windows\winsxs\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_dba3691c6002e10e\beastiality sperm [bangbus] feet .mpg.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_aea650787d30ed8a\swedish kicking trambling [free] titts gorgeoushorny .zip.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\italian cumshot gay [free] titts ejaculation (Sarah).mpg.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0af98f1835676d1b\black animal lesbian girls .mpg.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_664dbffec8693dfe\french gay big swallow .mpeg.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\blowjob licking feet (Kathrin,Jade).avi.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ea4a469ab7713182\chinese hardcore sleeping pregnant .zip.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\beast full movie hole circumcision .avi.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_79642285ffd2a388\hardcore licking hairy .mpg.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-m..-temptable-provider_31bf3856ad364e35_6.1.7600.16385_none_1dd3ce8d1e7524cd\french blowjob [milf] latex .rar.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\fucking girls glans femdom .rar.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Windows\winsxs\amd64_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_c26c5b8280c6af34\german sperm licking balls .avi.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_94ab98ac6d213009\cumshot trambling masturbation granny .mpeg.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\horse catfight cock .mpg.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\japanese handjob blowjob full movie sm .rar.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_es-es_00bfb7e81e458178\tyrkish animal trambling uncut .mpeg.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_bacc7ceffc55dca2\swedish handjob lesbian hidden glans bedroom (Sylvia).zip.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_60c2504d62fd4f0e\british lingerie sleeping glans .mpg.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_3863e9ef3f804dd9\fetish sperm big ash .mpeg.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\trambling girls (Sarah).mpg.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_99b74194b7347cab\spanish lingerie [milf] cock .mpg.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b4aea777fe683838\asian xxx several models mature .mpeg.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_97a45841ff925aa0\malaysia lesbian hidden hole .avi.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_9498b282333b64ec\german horse big shower .avi.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\indian kicking lingerie masturbation hole mistress (Samantha).rar.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\tyrkish animal bukkake girls .mpg.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\hardcore big sm .mpg.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\xxx masturbation latex (Sandy,Sarah).avi.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\japanese beastiality sperm [bangbus] stockings .mpg.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_6208b91f46896156\sperm hot (!) ìï .rar.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_3d98a610fed70b75\sperm hot (!) titts latex (Karin).rar.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_b7f38afb92de484f\gang bang lingerie hot (!) bedroom .avi.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\sperm public glans ejaculation .avi.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0993a1b8823a4e79\asian hardcore public (Sylvia).mpg.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_6.1.7600.16385_none_49dd84a06c7c8863\asian horse catfight titts hairy .zip.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_65b23d3c3a97bfaf\american kicking bukkake big hole mistress .mpg.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_34400a5790d1d336\tyrkish action horse voyeur hole circumcision .mpg.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_6.1.7600.16385_none_5499606faffb3f9f\african trambling [milf] pregnant .avi.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_d8216ed3d8746200\fucking big hole (Sonja,Melissa).mpg.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_ddab3bcb3a4ffb45\danish nude horse masturbation .rar.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\danish fetish gay public glans ash (Sylvia).mpg.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_6.1.7600.16385_none_a727eb798dcfb185\canadian fucking lesbian bondage .rar.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_7f84cd98a7a56fd8\canadian lingerie licking titts .rar.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_1412267f4b3bb985\russian beastiality fucking girls granny (Gina,Melissa).mpeg.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_293ea1e3e6bc5364\hardcore public hole ìï (Karin).rar.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_657d9a203abeb154\handjob blowjob full movie redhair .mpg.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_f0ca3430257ea13f\danish porn gay licking .mpeg.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Windows\PLA\Templates\hardcore lesbian titts .rar.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05\sperm [free] boots .mpg.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Windows\winsxs\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_39374e2435a71b47\hardcore voyeur stockings (Sandy,Janette).mpeg.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_cd2006602e5ee22e\black gang bang beast hot (!) titts .mpeg.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_60a2cbbf935c42b4\animal fucking catfight .mpg.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\Downloads\fucking uncut glans Ôë .avi.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_6f0f7833cb71e18d\porn hardcore licking fishy .zip.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0ac4ebfc358e5ec0\spanish lesbian big (Melissa).zip.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_963e6ae24c653bfe\bukkake lesbian feet wifey .rar.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_94828572f7ddbf0f\asian horse [free] .rar.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_05ea1d9b8e2bf020\russian beastiality lesbian masturbation .mpg.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_387a16fe7addf3b6\japanese porn lesbian masturbation hole (Christine,Liz).mpg.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\sperm voyeur boots (Jenna,Samantha).mpg.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5d9f7d70ed4643fd\fucking public (Samantha).avi.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5d6ada54ed6d35a2\fetish fucking public circumcision (Christine,Karin).mpg.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_6b16fa9f975e1109\lingerie big penetration (Ashley,Tatjana).mpeg.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3040 wrote to memory of 2592 N/A C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe
PID 3040 wrote to memory of 2592 N/A C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe
PID 3040 wrote to memory of 2592 N/A C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe
PID 3040 wrote to memory of 2592 N/A C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe
PID 2592 wrote to memory of 2696 N/A C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe
PID 2592 wrote to memory of 2696 N/A C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe
PID 2592 wrote to memory of 2696 N/A C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe
PID 2592 wrote to memory of 2696 N/A C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe

Processes

C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe

"C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe"

C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe

"C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe"

C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe

"C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 240.34.64.95.in-addr.arpa udp
US 8.8.8.8:53 131.132.182.46.in-addr.arpa udp
US 8.8.8.8:53 59.19.54.124.in-addr.arpa udp
US 8.8.8.8:53 198.3.143.18.in-addr.arpa udp
US 8.8.8.8:53 246.182.95.177.in-addr.arpa udp
US 8.8.8.8:53 114.78.139.112.in-addr.arpa udp
US 8.8.8.8:53 17.201.244.184.in-addr.arpa udp
US 8.8.8.8:53 148.202.61.223.in-addr.arpa udp
US 8.8.8.8:53 217.96.41.107.in-addr.arpa udp
US 8.8.8.8:53 99.241.254.254.in-addr.arpa udp
US 8.8.8.8:53 135.9.169.243.in-addr.arpa udp
US 8.8.8.8:53 116.100.28.71.in-addr.arpa udp
US 8.8.8.8:53 79.254.56.140.in-addr.arpa udp
US 8.8.8.8:53 44.224.178.6.in-addr.arpa udp
US 8.8.8.8:53 239.87.118.114.in-addr.arpa udp
US 8.8.8.8:53 255.172.233.194.in-addr.arpa udp
US 8.8.8.8:53 92.239.38.192.in-addr.arpa udp
US 8.8.8.8:53 171.88.221.20.in-addr.arpa udp
US 8.8.8.8:53 51.36.100.185.in-addr.arpa udp
US 8.8.8.8:53 61.51.189.143.in-addr.arpa udp
US 8.8.8.8:53 24.12.186.163.in-addr.arpa udp
US 8.8.8.8:53 232.182.103.170.in-addr.arpa udp
US 8.8.8.8:53 251.217.195.249.in-addr.arpa udp
US 8.8.8.8:53 244.153.202.245.in-addr.arpa udp
US 8.8.8.8:53 143.169.69.224.in-addr.arpa udp
US 8.8.8.8:53 4.140.95.170.in-addr.arpa udp
US 8.8.8.8:53 168.219.127.25.in-addr.arpa udp
US 8.8.8.8:53 26.131.7.135.in-addr.arpa udp
US 8.8.8.8:53 199.110.225.11.in-addr.arpa udp
US 8.8.8.8:53 189.130.189.200.in-addr.arpa udp

Files

memory/3040-0-0x0000000000400000-0x000000000041E000-memory.dmp

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\italian cumshot lingerie catfight femdom .mpeg.exe

MD5 cbdf90a4be35580fe3e34844e774782a
SHA1 72f2e0ad3d0a9fad9ad1e96fd0431bf943ec4dc0
SHA256 2b2d871592217fbb350945fa7d516bdfb46788101c2049807ec5bd13defd05c5
SHA512 adb4d119711633cc859a69ba860013f0106fec1dd920b9d9f56e99ac929667556c7e3534236c27981d9503ed900a2e53472e065b15ac911377faec36bbb8b4e3

memory/3040-64-0x0000000005050000-0x000000000506E000-memory.dmp

memory/2592-65-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2592-88-0x0000000004CD0000-0x0000000004CEE000-memory.dmp

memory/2696-89-0x0000000000400000-0x000000000041E000-memory.dmp

memory/3040-91-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2592-102-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2696-103-0x0000000000400000-0x000000000041E000-memory.dmp

memory/3040-104-0x0000000000400000-0x000000000041E000-memory.dmp

memory/3040-105-0x0000000000400000-0x000000000041E000-memory.dmp

memory/3040-106-0x0000000005050000-0x000000000506E000-memory.dmp

memory/2592-109-0x0000000004CD0000-0x0000000004CEE000-memory.dmp

memory/3040-110-0x0000000000400000-0x000000000041E000-memory.dmp

memory/3040-113-0x0000000000400000-0x000000000041E000-memory.dmp

memory/3040-116-0x0000000000400000-0x000000000041E000-memory.dmp

memory/3040-121-0x0000000000400000-0x000000000041E000-memory.dmp

memory/3040-124-0x0000000000400000-0x000000000041E000-memory.dmp

memory/3040-127-0x0000000000400000-0x000000000041E000-memory.dmp

memory/3040-130-0x0000000000400000-0x000000000041E000-memory.dmp

memory/3040-133-0x0000000000400000-0x000000000041E000-memory.dmp

memory/3040-136-0x0000000000400000-0x000000000041E000-memory.dmp

memory/3040-139-0x0000000000400000-0x000000000041E000-memory.dmp

memory/3040-142-0x0000000000400000-0x000000000041E000-memory.dmp

memory/3040-145-0x0000000000400000-0x000000000041E000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-04-03 18:55

Reported

2024-04-03 18:57

Platform

win10v2004-20240226-en

Max time kernel

150s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe"

Signatures

Detects executables containing possible sandbox analysis VM usernames

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\russian action lingerie girls 50+ .rar.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Windows\SysWOW64\IME\SHARED\action animal big feet latex .avi.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\african gang bang sleeping hole latex (Ashley).mpg.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\danish beast kicking [milf] hole black hairunshaved .mpg.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Windows\SysWOW64\IME\SHARED\danish gay cum sleeping granny .zip.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Windows\System32\LogFiles\Fax\Incoming\cumshot cumshot full movie titts castration .mpeg.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\asian cum sleeping mistress .rar.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Windows\System32\DriverStore\Temp\asian porn voyeur feet bedroom .mpg.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\cum xxx catfight latex .mpeg.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\gang bang xxx voyeur .zip.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\spanish cum trambling public .avi.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\indian kicking cumshot uncut ash stockings .mpeg.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\Updates\Download\nude gay big ash (Curtney,Britney).mpg.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\black horse girls .mpeg.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Program Files (x86)\Google\Temp\sperm uncut .rar.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Program Files (x86)\Google\Update\Download\lingerie hardcore public (Britney,Christine).avi.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\african nude [milf] boobs bedroom .avi.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\italian action horse hot (!) .avi.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\norwegian beastiality lesbian public sweet (Jenna,Sarah).avi.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\japanese cumshot horse big sweet (Liz).zip.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Program Files\Windows Sidebar\Shared Gadgets\lesbian hardcore public .rar.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\horse [bangbus] titts (Gina).zip.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\british bukkake kicking several models shoes (Anniston,Kathrin).avi.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Program Files\dotnet\shared\indian hardcore girls circumcision .rar.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\danish handjob [free] black hairunshaved (Liz,Liz).mpg.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\swedish horse horse girls latex (Sarah,Liz).rar.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\lesbian trambling [free] .mpg.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Program Files\Common Files\microsoft shared\african horse girls boobs shower (Melissa).mpg.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\indian handjob cum [free] nipples .avi.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\animal blowjob masturbation fishy .zip.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\WinSxS\wow64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1202_none_e2f5ebbcec2d8fca\sperm [bangbus] traffic (Tatjana).avi.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_adfc5e0bfca53431\italian action fucking several models .avi.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_en-us_310bfb76047869ad\nude action girls feet pregnant .mpg.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1202_none_d8a1416ab7cccdcf\beastiality catfight gorgeoushorny (Kathrin,Curtney).mpeg.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.746_none_96167fa49059f7a3\cum voyeur .mpeg.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..ervices-tsfairshare_31bf3856ad364e35_10.0.19041.1_none_e32b64807ab11fd2\spanish porn action [free] boobs Ôï .mpeg.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_it-it_1a80ce63d483fe70\lesbian trambling girls nipples .mpg.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\canadian sperm licking YEâPSè& .mpg.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.844_none_67b5915b5651dd8a\german cum licking femdom .mpg.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1151_none_fbdc4c5f677dc2ec\japanese fetish cum masturbation .avi.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_10.0.19041.1_none_8c0b126c198fcf70\action cumshot masturbation vagina .avi.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.1_none_abfc9db6c377b91f\action girls .avi.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Windows\PLA\Templates\lesbian sleeping mistress (Sonja).zip.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Windows\WinSxS\Temp\blowjob cumshot voyeur hotel .avi.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-u..ell-sharedutilities_31bf3856ad364e35_10.0.19041.1_none_813610a8a9b59e0a\black animal blowjob [bangbus] YEâPSè& .mpeg.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Windows\WinSxS\x86_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_10.0.19041.1_none_d980e9752d51efac\chinese handjob several models latex (Anniston).mpeg.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_1bbb9ab9fc52bac9\canadian porn lesbian nipples swallow .mpg.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_10.0.19041.1_none_965fbcbe4df0916b\norwegian fucking beast full movie feet fishy (Curtney,Samantha).mpg.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.746_none_a06b29f6c4bab99e\cumshot trambling [milf] ejaculation (Britney).zip.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Windows\WinSxS\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_10.0.19041.1_none_359f84f8e5af60e2\swedish blowjob cumshot public .avi.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.1_none_a7ad1894592cfa12\sperm [bangbus] ash upskirt .mpeg.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_10.0.19041.1_none_01240756137c3159\nude uncut vagina femdom .avi.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_8d8f6812a0c99533\horse voyeur .zip.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.928_none_33e0d5558cdd7c61\african horse lesbian sm .zip.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_es-es_e5c3ad79c4e34ebb\black action catfight redhair .rar.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_10.0.19041.746_none_292c449ed2edefa3\blowjob sleeping .mpeg.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.572_none_d9e58b774d1b6e80\handjob beast big titts blondie .mpg.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Windows\SystemResources\Windows.UI.ShellCommon\SharePickerUI\norwegian sperm public castration .mpeg.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_57eddd48e7a74274\norwegian handjob girls .avi.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..acejoin-gptemplates_31bf3856ad364e35_10.0.19041.1_none_609f27436445f4da\german gay lesbian big titts YEâPSè& .mpg.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Windows\security\templates\japanese action trambling public (Samantha).mpeg.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\xxx voyeur .mpg.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.1_none_4a03fd12cb3f16c2\norwegian bukkake porn several models upskirt .avi.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Windows\WinSxS\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_10.0.19041.1_none_15ba23b7f1e2b81b\lingerie fucking public sweet .rar.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\beastiality lingerie masturbation blondie (Melissa,Ashley).mpg.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_es-es_c9ce604ef4cbf323\lingerie handjob [free] bedroom .avi.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_ca03036af4a5017e\action animal hot (!) .mpg.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.1_none_fa09f84703cb02c5\american blowjob cum hidden (Karin,Curtney).mpeg.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_6c6bd34f082a97f1\hardcore uncut (Liz,Sonja).mpg.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Windows\WinSxS\x86_netfx4-uninstallsqlstatetemplate_sql_b03f5f7f11d50a3a_4.0.15805.0_none_231ddfc33015c6db\american xxx licking nipples .mpeg.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Windows\assembly\tmp\horse [milf] (Sonja,Gina).mpg.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.84_none_c494b3b28da10665\malaysia cum cum [milf] leather (Sylvia).mpg.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_bca64d70c79f104b\italian fucking girls YEâPSè& .mpg.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Windows\WinSxS\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_10.0.19041.1_none_03040a328f65b761\trambling uncut legs .mpeg.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_fad1fa0072ef4a3a\hardcore action [free] cock bedroom .mpeg.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5021dd18efc0460c\russian beastiality fucking full movie .rar.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_10.0.19041.1_none_91025638be651781\brasilian fetish hidden fishy (Sylvia,Sonja).avi.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..ces-ime-eashared-lm_31bf3856ad364e35_10.0.19041.1_none_4756d423b091d10b\tyrkish action catfight shoes .rar.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_es-es_30d7585a049f5b52\chinese blowjob sperm [milf] .mpeg.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.1_none_6e0e425bd0e83959\beast kicking hidden .mpeg.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_10.0.19041.1_none_de1581e9a275faf8\danish gang bang catfight .mpg.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.1266_none_7916f7558927ae23\american fetish hardcore lesbian young .rar.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-update-upshared_31bf3856ad364e35_10.0.19041.84_none_85259eff919b7c9e\spanish cum porn hidden .avi.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Windows\mssrv.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_10.0.19041.1_none_ee94ce5eb8e7e4c0\cumshot lesbian lesbian .rar.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Windows\WinSxS\amd64_netfx4-_dataperfcou.._shared12_neutral_h_b03f5f7f11d50a3a_4.0.15805.0_none_24ed4511dcc3019e\malaysia cum beastiality uncut boobs .mpg.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1288_none_6115038ba57fcb33\black animal nude voyeur boobs balls (Sonja,Britney).avi.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_5b152a8d329397ec\danish animal bukkake big redhair .avi.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_f3b35d713ce0fc7f\hardcore full movie cock Ôï (Sylvia).rar.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_62312bfbb33d478a\beastiality [milf] castration .mpeg.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1_none_97e9c0335b4cd39a\lesbian uncut .zip.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-update-upshared_31bf3856ad364e35_10.0.19041.1151_none_025296d718a7b3a8\porn kicking [bangbus] traffic .avi.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d38ece58f77171b4\french blowjob kicking sleeping girly .avi.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_3a3c49005c947bac\black bukkake full movie cock 50+ .zip.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3632 wrote to memory of 1368 N/A C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe
PID 3632 wrote to memory of 1368 N/A C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe
PID 3632 wrote to memory of 1368 N/A C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe
PID 1368 wrote to memory of 3872 N/A C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe
PID 1368 wrote to memory of 3872 N/A C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe
PID 1368 wrote to memory of 3872 N/A C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe
PID 3632 wrote to memory of 3576 N/A C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe
PID 3632 wrote to memory of 3576 N/A C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe
PID 3632 wrote to memory of 3576 N/A C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe

Processes

C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe

"C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe"

C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe

"C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe"

C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe

"C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe"

C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe

"C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 20.231.121.79:80 tcp
US 8.8.8.8:53 210.108.222.173.in-addr.arpa udp
US 8.8.8.8:53 72.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 79.121.231.20.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 185.33.228.32.in-addr.arpa udp
US 8.8.8.8:53 75.71.62.55.in-addr.arpa udp
US 8.8.8.8:53 6.46.242.17.in-addr.arpa udp
US 8.8.8.8:53 213.122.19.2.in-addr.arpa udp
US 8.8.8.8:53 122.55.214.219.in-addr.arpa udp
US 8.8.8.8:53 27.106.136.41.in-addr.arpa udp
US 8.8.8.8:53 104.228.226.156.in-addr.arpa udp
US 8.8.8.8:53 45.66.18.183.in-addr.arpa udp
US 8.8.8.8:53 163.234.49.171.in-addr.arpa udp
US 8.8.8.8:53 248.11.211.125.in-addr.arpa udp
US 8.8.8.8:53 232.118.45.151.in-addr.arpa udp
US 8.8.8.8:53 180.116.107.210.in-addr.arpa udp
US 8.8.8.8:53 120.91.122.119.in-addr.arpa udp
US 8.8.8.8:53 25.246.110.77.in-addr.arpa udp
US 8.8.8.8:53 186.15.156.39.in-addr.arpa udp
US 8.8.8.8:53 166.238.215.199.in-addr.arpa udp
US 8.8.8.8:53 148.134.186.95.in-addr.arpa udp
US 8.8.8.8:53 187.48.237.186.in-addr.arpa udp
US 8.8.8.8:53 67.2.42.104.in-addr.arpa udp
US 8.8.8.8:53 138.85.53.225.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 158.150.14.120.in-addr.arpa udp
US 8.8.8.8:53 81.35.105.140.in-addr.arpa udp
US 8.8.8.8:53 187.145.102.247.in-addr.arpa udp
US 8.8.8.8:53 232.242.2.157.in-addr.arpa udp
US 8.8.8.8:53 1.5.5.78.in-addr.arpa udp
US 8.8.8.8:53 202.150.246.73.in-addr.arpa udp
US 8.8.8.8:53 132.61.177.178.in-addr.arpa udp
US 8.8.8.8:53 165.121.16.131.in-addr.arpa udp
US 8.8.8.8:53 7.108.60.67.in-addr.arpa udp
US 8.8.8.8:53 148.74.249.150.in-addr.arpa udp
US 8.8.8.8:53 176.72.235.52.in-addr.arpa udp
US 8.8.8.8:53 90.107.20.126.in-addr.arpa udp
US 8.8.8.8:53 213.56.166.85.in-addr.arpa udp
US 8.8.8.8:53 90.28.193.65.in-addr.arpa udp
US 8.8.8.8:53 50.131.148.82.in-addr.arpa udp
US 8.8.8.8:53 116.228.142.140.in-addr.arpa udp
US 8.8.8.8:53 44.238.18.213.in-addr.arpa udp
US 8.8.8.8:53 152.187.122.223.in-addr.arpa udp
US 8.8.8.8:53 58.224.233.161.in-addr.arpa udp
US 8.8.8.8:53 182.188.67.133.in-addr.arpa udp
US 8.8.8.8:53 125.150.110.198.in-addr.arpa udp
US 8.8.8.8:53 62.122.200.163.in-addr.arpa udp
US 8.8.8.8:53 21.147.177.210.in-addr.arpa udp
US 8.8.8.8:53 64.43.159.5.in-addr.arpa udp
US 8.8.8.8:53 155.123.21.34.in-addr.arpa udp
US 8.8.8.8:53 241.66.18.2.in-addr.arpa udp
US 8.8.8.8:53 13.62.229.172.in-addr.arpa udp
US 8.8.8.8:53 62.46.2.48.in-addr.arpa udp
US 8.8.8.8:53 149.107.224.137.in-addr.arpa udp
US 8.8.8.8:53 147.168.81.179.in-addr.arpa udp
US 8.8.8.8:53 211.100.122.29.in-addr.arpa udp
US 8.8.8.8:53 132.90.252.250.in-addr.arpa udp
US 8.8.8.8:53 207.47.78.96.in-addr.arpa udp
US 8.8.8.8:53 121.205.220.195.in-addr.arpa udp
US 8.8.8.8:53 105.220.203.98.in-addr.arpa udp
US 8.8.8.8:53 34.122.212.207.in-addr.arpa udp
US 8.8.8.8:53 206.107.120.104.in-addr.arpa udp
US 8.8.8.8:53 137.7.66.56.in-addr.arpa udp
US 8.8.8.8:53 148.149.157.254.in-addr.arpa udp
US 8.8.8.8:53 207.240.5.39.in-addr.arpa udp
US 8.8.8.8:53 110.230.173.235.in-addr.arpa udp
US 8.8.8.8:53 38.121.152.250.in-addr.arpa udp
US 8.8.8.8:53 166.206.229.127.in-addr.arpa udp
US 8.8.8.8:53 62.53.227.72.in-addr.arpa udp
US 8.8.8.8:53 187.32.64.95.in-addr.arpa udp
US 8.8.8.8:53 190.5.141.161.in-addr.arpa udp
US 8.8.8.8:53 159.108.78.27.in-addr.arpa udp
US 8.8.8.8:53 6.164.247.189.in-addr.arpa udp
US 8.8.8.8:53 246.242.177.24.in-addr.arpa udp
US 8.8.8.8:53 179.119.40.253.in-addr.arpa udp
US 8.8.8.8:53 69.70.124.77.in-addr.arpa udp
US 8.8.8.8:53 178.39.159.197.in-addr.arpa udp
US 8.8.8.8:53 252.177.233.93.in-addr.arpa udp
US 8.8.8.8:53 74.110.73.48.in-addr.arpa udp
US 8.8.8.8:53 100.104.209.14.in-addr.arpa udp
US 8.8.8.8:53 16.251.200.111.in-addr.arpa udp
US 8.8.8.8:53 29.181.5.71.in-addr.arpa udp
US 8.8.8.8:53 30.23.254.107.in-addr.arpa udp

Files

memory/3632-0-0x0000000000400000-0x000000000041E000-memory.dmp

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\italian action horse hot (!) .avi.exe

MD5 66b079aa21688400ae11743f74c5caa7
SHA1 9b510e583506953584cd62129d6e09f7df44fe89
SHA256 faff241aa3665d7002827e9e3c716732b49308dc8f02a8f8b4e220fa02868b0d
SHA512 e82b2cad8eca110739334084f29664df43db426e3a0568df991c8250a2cf95f8df66a84a335afb0205842c859d0434d9e7f437998b9078014071b5e5025d7c57

memory/1368-97-0x0000000000400000-0x000000000041E000-memory.dmp

memory/3872-166-0x0000000000400000-0x000000000041E000-memory.dmp

memory/3576-170-0x0000000000400000-0x000000000041E000-memory.dmp

memory/3632-186-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1368-187-0x0000000000400000-0x000000000041E000-memory.dmp

memory/3872-188-0x0000000000400000-0x000000000041E000-memory.dmp

memory/3632-191-0x0000000000400000-0x000000000041E000-memory.dmp

memory/3632-197-0x0000000000400000-0x000000000041E000-memory.dmp

memory/3632-208-0x0000000000400000-0x000000000041E000-memory.dmp

memory/3632-212-0x0000000000400000-0x000000000041E000-memory.dmp

memory/3632-217-0x0000000000400000-0x000000000041E000-memory.dmp

memory/3632-221-0x0000000000400000-0x000000000041E000-memory.dmp

memory/3632-225-0x0000000000400000-0x000000000041E000-memory.dmp

memory/3632-229-0x0000000000400000-0x000000000041E000-memory.dmp

memory/3632-233-0x0000000000400000-0x000000000041E000-memory.dmp

memory/3632-237-0x0000000000400000-0x000000000041E000-memory.dmp

memory/3632-241-0x0000000000400000-0x000000000041E000-memory.dmp

memory/3632-245-0x0000000000400000-0x000000000041E000-memory.dmp

memory/3632-249-0x0000000000400000-0x000000000041E000-memory.dmp