Malware Analysis Report

2025-03-14 22:51

Sample ID 240406-1p9a2acf93
Target 6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5
SHA256 6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5
Tags
upx persistence spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5

Threat Level: Known bad

The file 6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5 was found to be: Known bad.

Malicious Activity Summary

upx persistence spyware stealer

UPX dump on OEP (original entry point)

Detects executables containing possible sandbox analysis VM usernames

UPX dump on OEP (original entry point)

Reads user/profile data of web browsers

Checks computer location settings

UPX packed file

Adds Run key to start application

Enumerates connected drives

Drops file in System32 directory

Drops file in Windows directory

Drops file in Program Files directory

Unsigned PE

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-06 21:50

Signatures

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-06 21:50

Reported

2024-04-06 21:53

Platform

win7-20240319-en

Max time kernel

150s

Max time network

152s

Command Line

"C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe"

Signatures

Detects executables containing possible sandbox analysis VM usernames

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\config\systemprofile\animal horse big .rar.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Windows\System32\DriverStore\Temp\american beastiality several models 40+ .mpg.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\russian nude kicking [bangbus] castration .mpg.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\russian horse [bangbus] nipples .mpg.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\american hardcore girls vagina .mpg.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\african nude [bangbus] .mpeg.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Windows\SysWOW64\IME\shared\spanish beast porn [bangbus] cock 40+ .mpeg.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Windows\System32\LogFiles\Fax\Incoming\german nude kicking [free] leather .rar.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\russian gay porn hot (!) .avi.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Windows\SysWOW64\IME\shared\canadian sperm full movie .avi.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Google\Temp\black beastiality fucking hidden .zip.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\german trambling kicking hot (!) (Janette).mpg.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\italian lingerie lesbian titts hotel (Jenna,Gina).rar.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\german handjob trambling several models fishy .avi.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\xxx xxx big boobs .mpeg.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\danish blowjob cum girls boobs sm .zip.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\handjob [milf] circumcision (Janette).rar.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\action hardcore [bangbus] lady .mpeg.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\bukkake catfight 50+ .avi.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\italian horse fucking hidden hotel .zip.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Program Files\Windows Journal\Templates\french gay uncut .mpg.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Program Files\Windows Sidebar\Shared Gadgets\malaysia handjob voyeur .mpg.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Program Files (x86)\Google\Update\Download\kicking cum public .mpg.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Program Files\DVD Maker\Shared\swedish cumshot nude voyeur glans (Sonja,Sylvia).mpeg.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\asian kicking gay public granny .zip.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\tyrkish gang bang hidden hole .rar.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_en-us_00f45b041e1e8fd3\asian hardcore lesbian titts castration (Tatjana,Sonja).mpeg.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_39c9d74ef2ad6c7b\lesbian girls balls .rar.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_9498b282333b64ec\russian lesbian hidden legs .rar.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_657d9a203abeb154\russian bukkake masturbation .mpeg.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_it-it_18a6fde3093acac7\action handjob sleeping cock bondage (Curtney).mpg.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Windows\winsxs\InstallTemp\french kicking voyeur blondie .mpg.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_aea650787d30ed8a\swedish horse beastiality [free] glans 40+ .avi.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\african animal gay catfight YEâPSè& .zip.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\indian handjob fucking [free] latex (Sonja).rar.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\american xxx kicking uncut (Liz,Ashley).rar.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_2e7f079c3208e549\kicking beastiality [bangbus] glans wifey (Anniston).mpg.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_79642285ffd2a388\spanish animal lesbian hidden shower .mpg.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Windows\SoftwareDistribution\Download\cum beastiality [free] pregnant .mpeg.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_94828572f7ddbf0f\swedish blowjob [free] (Jade,Karin).mpg.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_es-es_00bfb7e81e458178\chinese lesbian sleeping .zip.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2fc4a33adb648f33\tyrkish lesbian catfight nipples .rar.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_bacc7ceffc55dca2\swedish fetish action hidden boobs circumcision (Christine).mpg.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_6.1.7600.16385_none_af6f98ff87b0e3cc\brasilian horse xxx uncut .avi.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ac16749b75335680\xxx sleeping castration (Sonja,Sandy).rar.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_7f84cd98a7a56fd8\bukkake [bangbus] stockings .mpeg.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\swedish beastiality animal uncut 40+ .rar.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_99b74194b7347cab\japanese animal lesbian girls glans .zip.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5d6ada54ed6d35a2\horse gang bang voyeur stockings .zip.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\porn hidden mature (Sandy,Britney).mpeg.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b4aea777fe683838\gang bang full movie stockings .rar.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_6f0f7833cb71e18d\norwegian beastiality sperm uncut glans mature .mpeg.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_7bfdfb15e7184c41\german sperm full movie .avi.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\malaysia trambling masturbation pregnant .mpg.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\beastiality licking leather (Sylvia).avi.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_4fe2107fd06efdd8\american handjob catfight titts ejaculation .mpeg.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ad7c61fb28607522\nude horse licking hole beautyfull .zip.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\british porn xxx masturbation .mpeg.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\Downloads\horse kicking lesbian bedroom .avi.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_65b23d3c3a97bfaf\handjob kicking voyeur shoes (Sylvia,Britney).zip.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ea4a469ab7713182\horse lesbian titts .mpg.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_60c2504d62fd4f0e\swedish sperm licking feet redhair (Anniston,Janette).zip.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_6.1.7600.16385_none_a727eb798dcfb185\malaysia handjob masturbation .mpeg.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_cd2006602e5ee22e\african bukkake nude [free] legs bondage .rar.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_f3c374fc18118ca2\tyrkish kicking hot (!) .avi.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\canadian trambling licking vagina .avi.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\russian xxx licking .mpeg.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Windows\assembly\temp\spanish kicking catfight sweet (Sandy,Karin).rar.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_6.1.7600.16385_none_6377027f0030a06a\indian horse lesbian girls girly (Britney).rar.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_963e6ae24c653bfe\japanese beast [milf] (Jade,Jenna).mpg.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_515dc677700303ec\porn action hidden cock penetration .avi.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_ddab3bcb3a4ffb45\russian porn lesbian licking (Ashley,Samantha).zip.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_b7f38afb92de484f\lesbian xxx girls (Samantha).zip.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05\asian fetish porn girls .rar.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_00225053e03f4c04\beastiality lesbian [milf] nipples blondie .avi.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_6.1.7600.16385_none_5499606faffb3f9f\asian xxx horse big feet gorgeoushorny .mpg.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_3863e9ef3f804dd9\norwegian fucking uncut black hairunshaved .mpg.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5d9f7d70ed4643fd\danish trambling handjob full movie .zip.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_34400a5790d1d336\porn sleeping mature .mpeg.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a3772de7111797da\german porn hot (!) feet shower .mpg.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_664dbffec8693dfe\horse nude sleeping circumcision (Tatjana,Kathrin).mpeg.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Windows\winsxs\Temp\gay fucking [free] nipples hotel .mpeg.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_095efe9c8261401e\lesbian trambling catfight mature (Janette).mpg.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\british gay action masturbation .avi.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\asian fetish [bangbus] latex (Tatjana,Karin).rar.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_3c93ac15fd731acf\spanish sperm girls swallow .mpeg.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_4d274741486b900c\danish cumshot lesbian .rar.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\spanish kicking horse sleeping .rar.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Windows\security\templates\lesbian animal sleeping vagina .mpg.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1640 wrote to memory of 2580 N/A C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe
PID 1640 wrote to memory of 2580 N/A C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe
PID 1640 wrote to memory of 2580 N/A C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe
PID 1640 wrote to memory of 2580 N/A C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe
PID 2580 wrote to memory of 2976 N/A C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe
PID 2580 wrote to memory of 2976 N/A C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe
PID 2580 wrote to memory of 2976 N/A C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe
PID 2580 wrote to memory of 2976 N/A C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe

Processes

C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe

"C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe"

C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe

"C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe"

C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe

"C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 98.138.55.42.in-addr.arpa udp
US 8.8.8.8:53 34.84.47.77.in-addr.arpa udp
US 8.8.8.8:53 84.173.4.123.in-addr.arpa udp
US 8.8.8.8:53 214.82.51.1.in-addr.arpa udp
US 8.8.8.8:53 190.97.217.232.in-addr.arpa udp
US 8.8.8.8:53 14.203.153.127.in-addr.arpa udp
US 8.8.8.8:53 133.100.227.207.in-addr.arpa udp
US 8.8.8.8:53 203.213.18.63.in-addr.arpa udp
US 8.8.8.8:53 153.72.23.33.in-addr.arpa udp
US 8.8.8.8:53 203.212.139.109.in-addr.arpa udp
US 8.8.8.8:53 85.197.17.151.in-addr.arpa udp
US 8.8.8.8:53 152.50.181.130.in-addr.arpa udp
US 8.8.8.8:53 98.60.36.86.in-addr.arpa udp
US 8.8.8.8:53 66.83.194.255.in-addr.arpa udp
US 8.8.8.8:53 200.118.181.25.in-addr.arpa udp
US 8.8.8.8:53 146.241.126.190.in-addr.arpa udp
US 8.8.8.8:53 203.89.75.33.in-addr.arpa udp
US 8.8.8.8:53 103.241.42.202.in-addr.arpa udp
US 8.8.8.8:53 24.39.81.121.in-addr.arpa udp
US 8.8.8.8:53 80.221.53.15.in-addr.arpa udp
US 8.8.8.8:53 35.38.227.74.in-addr.arpa udp
US 8.8.8.8:53 233.193.142.102.in-addr.arpa udp

Files

memory/1640-0-0x0000000000400000-0x000000000041E000-memory.dmp

C:\Program Files\Windows Sidebar\Shared Gadgets\malaysia handjob voyeur .mpg.exe

MD5 fb7e10306f1f575b3bfe1623e1539d6f
SHA1 256e2de7eba6c9674b4cad093009faee708342e7
SHA256 3b969436bd581966344b8fe175b06077f8f87e4c4f528d1e54363dac68be018f
SHA512 b12f5acadb3fa5aa72f15ca6213acc05b0eece2ebf31b6f92d1b3f2134ae35f95fdb330cb3d4b7edab2cd2777b598f44bc8ec32988c35179b971ef7f9a553f9e

memory/2580-20-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2580-59-0x0000000004920000-0x000000000493E000-memory.dmp

memory/2976-62-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1640-90-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2580-91-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2976-92-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1640-93-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1640-95-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1640-98-0x0000000002200000-0x000000000221E000-memory.dmp

memory/2580-99-0x0000000004920000-0x000000000493E000-memory.dmp

memory/1640-100-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1640-113-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1640-116-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1640-119-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1640-122-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1640-125-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1640-130-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1640-133-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1640-136-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1640-139-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1640-142-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1640-145-0x0000000000400000-0x000000000041E000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-04-06 21:50

Reported

2024-04-06 21:53

Platform

win10v2004-20240226-en

Max time kernel

151s

Max time network

155s

Command Line

"C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe"

Signatures

Detects executables containing possible sandbox analysis VM usernames

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\DriverStore\Temp\asian kicking animal [free] latex (Tatjana).zip.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Windows\SysWOW64\IME\SHARED\spanish fetish cum full movie beautyfull (Sandy).zip.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\beast horse big vagina .avi.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\indian horse sleeping pregnant .zip.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\asian gang bang hot (!) shower .rar.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\black action full movie hole leather .mpg.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\hardcore lesbian balls .zip.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\american fetish sleeping nipples .avi.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Windows\System32\LogFiles\Fax\Incoming\german beast hot (!) (Karin).avi.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Windows\SysWOW64\IME\SHARED\canadian lingerie blowjob full movie .avi.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\african kicking lesbian masturbation ash shoes .avi.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\tyrkish trambling blowjob uncut .avi.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\norwegian action licking vagina young .rar.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\norwegian lesbian animal hidden .zip.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\black animal big mature (Sandy).mpeg.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Program Files (x86)\Google\Temp\gay uncut glans (Ashley).rar.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Program Files (x86)\Google\Update\Download\american cumshot cum catfight black hairunshaved (Gina,Sonja).mpeg.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\indian horse porn voyeur boobs latex .mpeg.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Program Files\Windows Sidebar\Shared Gadgets\indian gang bang beast [bangbus] femdom .avi.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\african beast uncut (Janette,Sylvia).zip.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Program Files\Microsoft Office\Updates\Download\beast uncut beautyfull .mpg.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\asian handjob cum hidden vagina boots .avi.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU5927.tmp\bukkake [bangbus] beautyfull .zip.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Program Files\Common Files\microsoft shared\african lesbian uncut ash .mpeg.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\porn hidden .avi.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\swedish hardcore masturbation ash hotel .zip.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\hardcore hot (!) nipples .mpg.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\kicking gang bang [milf] hairy .avi.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\gang bang lingerie hot (!) .rar.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Program Files\dotnet\shared\blowjob licking sm .avi.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\brasilian sperm [milf] .rar.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_cb389cf57d74d691\chinese gay several models high heels .zip.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_10.0.19041.1_none_8c0b126c198fcf70\danish fetish masturbation (Gina).zip.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_67a96afcfa248327\asian lesbian animal [milf] ash blondie (Sandy).mpeg.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Windows\WinSxS\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_10.0.19041.1_none_15ba23b7f1e2b81b\danish lesbian several models .mpeg.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\bukkake [free] nipples .mpeg.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-a..gement-uevtemplates_31bf3856ad364e35_10.0.19041.1_none_0d66b54875835a49\black cum several models .avi.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_es-es_64c107d8bb3ade94\fucking [milf] young .zip.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.746_none_96167fa49059f7a3\fetish handjob licking redhair .avi.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_f8d34ba1b1eb00de\nude gang bang licking titts .mpeg.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_3058d81cfd5218f2\lesbian cumshot hidden beautyfull (Jenna,Kathrin).avi.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_en-us_310bfb76047869ad\russian porn porn hot (!) .mpeg.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_9aa486d790131d4e\black trambling catfight ash .avi.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.746_none_b53f8b98f2b3a373\cumshot hot (!) boobs mistress .mpeg.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Windows\WinSxS\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_10.0.19041.1_none_c049dbdb4e15bdd2\danish sperm horse big cock swallow .zip.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_4c786ae2f508e6d5\horse gay hidden vagina penetration (Janette).avi.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_it-it_72a319bf8ee74a9b\black animal big nipples .zip.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.746_none_a06b29f6c4bab99e\norwegian animal kicking [bangbus] lady (Britney,Karin).zip.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1288_none_ca3007304990b2ea\norwegian bukkake fetish uncut beautyfull .avi.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.1_none_f42978969c79336a\gay catfight titts bedroom .mpg.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_10.0.19041.1_none_a3d9a07cf2290837\french action [milf] legs .mpeg.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1_none_a23e6a858fad9595\indian nude fetish voyeur .zip.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_it-it_bdb6c49fcea35732\norwegian hardcore public vagina 50+ (Sandy,Britney).zip.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.1_none_b6514808f7d87b1a\brasilian lingerie gay sleeping sm (Sonja).avi.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_10.0.19041.1_none_de1581e9a275faf8\italian horse masturbation vagina pregnant .mpg.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.84_none_cee95e04c201c860\porn animal sleeping lady .zip.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\Downloads\asian cumshot public legs .avi.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_de-de_bc04d4fbcc35e12a\animal bukkake [milf] YEâPSè& (Sonja,Jenna).avi.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedpc-sharedpccsp_31bf3856ad364e35_10.0.19041.1_none_24f622f1fc5a3f3c\blowjob lesbian femdom .zip.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_10.0.19041.1_none_91025638be651781\gang bang voyeur ash boots .zip.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_10.0.19041.1_none_965fbcbe4df0916b\brasilian gay beast hidden sweet .mpeg.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_14c898cc82025c76\fetish beast uncut .zip.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Windows\WinSxS\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_10.0.19041.1_none_4ab14109a3e1e067\french cum nude full movie vagina (Melissa).mpeg.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_f07d4fae3e8e883f\swedish horse lingerie hidden cock mistress (Karin).rar.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_en-us_e5f85095c4bc5d16\asian porn [bangbus] .mpg.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_10.0.19041.1_none_096bb4dc0d5d63a0\asian beast licking 50+ .zip.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_es-es_8da1621e0a800290\handjob fetish [free] ejaculation .rar.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_621728fcd3c9d5f6\brasilian porn cumshot licking Ôï .rar.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_10.0.19041.1_none_bd731e5b85dd203e\italian trambling gay hidden swallow .mpg.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_10.0.19041.1_none_4ac6500cab2b2113\british blowjob animal big boots .mpg.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_de-de_e4e52f411b7b0526\black lingerie bukkake licking .mpeg.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_fe0807c37141be7a\tyrkish bukkake uncut .mpeg.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_10.0.19041.1_none_551afa5edf8be30e\swedish horse catfight (Sarah).mpg.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Windows\SoftwareDistribution\Download\SharedFileCache\cum voyeur boots (Karin).rar.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_1bbb9ab9fc52bac9\horse blowjob masturbation lady (Tatjana).zip.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.1_none_a80cea873b2a6772\tyrkish gay lingerie [milf] redhair .rar.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_19d22204a1f3fcaf\black nude beast public pregnant .zip.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_5abbd3c4a3f2014c\german hardcore catfight femdom .mpeg.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedpc-sharedpccsp_31bf3856ad364e35_10.0.19041.746_none_4cfe603abbcbfd86\lesbian fucking big (Jade,Jade).zip.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Windows\WinSxS\amd64_netfx-aspnet-sharedcomponents_b03f5f7f11d50a3a_4.0.19041.1_none_47ca94859da20b28\american sperm horse public titts .avi.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_211cf1c632a13851\kicking licking ash stockings .zip.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_2fe79eae2833b9b1\bukkake masturbation shower .zip.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1288_none_56c05939711f0938\danish kicking [free] .avi.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_bfae5918c0443f83\trambling sperm lesbian titts .mpeg.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_es-es_bf79b5fcc06b3128\russian horse hot (!) .avi.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.964_none_1c1a193f5bfcf136\cumshot hardcore full movie .avi.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_a4f93129c473df49\hardcore action hot (!) young (Curtney,Samantha).zip.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Windows\mssrv.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.1_none_fa09f84703cb02c5\horse voyeur titts (Melissa).zip.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-m..ineshared.resources_31bf3856ad364e35_10.0.19041.1_en-us_99ddc8ce8d3d6dac\norwegian animal horse full movie nipples .mpg.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.1_none_7862ecae0548fb54\tyrkish porn voyeur .avi.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_833abdc06c68d338\handjob horse public penetration .zip.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_de-de_3d077a9cd5de5151\malaysia fucking xxx catfight penetration .rar.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_10.0.19041.746_none_e2c6a972a81b8d2c\canadian beastiality licking Ôï .mpeg.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.1_none_6e0e425bd0e83959\japanese horse lesbian titts (Sonja,Ashley).mpeg.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1940 wrote to memory of 1848 N/A C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe
PID 1940 wrote to memory of 1848 N/A C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe
PID 1940 wrote to memory of 1848 N/A C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe
PID 1940 wrote to memory of 4556 N/A C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe
PID 1940 wrote to memory of 4556 N/A C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe
PID 1940 wrote to memory of 4556 N/A C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe
PID 1848 wrote to memory of 3640 N/A C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe
PID 1848 wrote to memory of 3640 N/A C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe
PID 1848 wrote to memory of 3640 N/A C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe

Processes

C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe

"C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe"

C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe

"C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe"

C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe

"C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe"

C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe

"C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 134.71.91.104.in-addr.arpa udp
US 8.8.8.8:53 153.249.149.231.in-addr.arpa udp
US 8.8.8.8:53 91.244.31.226.in-addr.arpa udp
US 8.8.8.8:53 145.72.247.57.in-addr.arpa udp
US 8.8.8.8:53 108.46.145.89.in-addr.arpa udp
US 8.8.8.8:53 193.55.60.231.in-addr.arpa udp
US 8.8.8.8:53 241.105.131.156.in-addr.arpa udp
US 8.8.8.8:53 27.89.176.64.in-addr.arpa udp
US 8.8.8.8:53 121.105.186.182.in-addr.arpa udp
US 8.8.8.8:53 146.184.179.101.in-addr.arpa udp
US 8.8.8.8:53 141.140.247.241.in-addr.arpa udp
US 8.8.8.8:53 79.133.120.10.in-addr.arpa udp
US 8.8.8.8:53 188.138.46.139.in-addr.arpa udp
US 8.8.8.8:53 14.70.220.137.in-addr.arpa udp
US 8.8.8.8:53 108.145.85.253.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 223.23.156.244.in-addr.arpa udp
US 8.8.8.8:53 23.168.133.41.in-addr.arpa udp
US 8.8.8.8:53 103.204.173.163.in-addr.arpa udp
US 8.8.8.8:53 113.116.212.7.in-addr.arpa udp
US 8.8.8.8:53 12.215.95.198.in-addr.arpa udp
US 8.8.8.8:53 210.224.54.236.in-addr.arpa udp
US 8.8.8.8:53 95.57.124.97.in-addr.arpa udp
US 8.8.8.8:53 21.193.240.208.in-addr.arpa udp
US 8.8.8.8:53 186.157.9.221.in-addr.arpa udp
US 8.8.8.8:53 82.2.30.152.in-addr.arpa udp
US 8.8.8.8:53 120.255.89.122.in-addr.arpa udp
US 8.8.8.8:53 129.144.31.107.in-addr.arpa udp
US 8.8.8.8:53 93.61.108.85.in-addr.arpa udp
US 8.8.8.8:53 155.239.135.164.in-addr.arpa udp
US 8.8.8.8:53 193.70.184.245.in-addr.arpa udp
US 8.8.8.8:53 73.126.119.245.in-addr.arpa udp
US 8.8.8.8:53 31.226.32.239.in-addr.arpa udp
US 8.8.8.8:53 249.207.215.13.in-addr.arpa udp
US 8.8.8.8:53 183.154.103.244.in-addr.arpa udp
US 8.8.8.8:53 205.228.5.254.in-addr.arpa udp
US 8.8.8.8:53 60.243.186.120.in-addr.arpa udp
US 8.8.8.8:53 143.244.244.170.in-addr.arpa udp
US 8.8.8.8:53 25.239.76.100.in-addr.arpa udp
US 8.8.8.8:53 236.194.67.222.in-addr.arpa udp
US 8.8.8.8:53 205.79.177.16.in-addr.arpa udp
US 8.8.8.8:53 214.48.96.240.in-addr.arpa udp
US 8.8.8.8:53 163.216.59.49.in-addr.arpa udp
US 8.8.8.8:53 87.217.235.50.in-addr.arpa udp
US 8.8.8.8:53 93.221.115.253.in-addr.arpa udp
US 8.8.8.8:53 207.237.246.85.in-addr.arpa udp
US 8.8.8.8:53 172.157.46.95.in-addr.arpa udp
US 8.8.8.8:53 50.54.108.249.in-addr.arpa udp
US 8.8.8.8:53 120.236.28.22.in-addr.arpa udp
US 8.8.8.8:53 21.6.155.110.in-addr.arpa udp
US 8.8.8.8:53 21.75.88.225.in-addr.arpa udp
US 8.8.8.8:53 232.157.5.241.in-addr.arpa udp
US 8.8.8.8:53 196.214.156.68.in-addr.arpa udp
US 8.8.8.8:53 66.229.138.52.in-addr.arpa udp
US 8.8.8.8:53 212.33.33.114.in-addr.arpa udp

Files

memory/1940-0-0x0000000000400000-0x000000000041E000-memory.dmp

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\porn hidden .avi.exe

MD5 4148e33b4131372a9f2990aff8c821ae
SHA1 bfe666bd481504e6a3ee3c64cd21591dc9f4b544
SHA256 7fa7f5845e2c2bf948e497fb3491dbb9c046a24d2660986356194f93cc134cc4
SHA512 686a99b78860c6cbd8bfd33f1915084cddc10020f86e0f2274299c6f4a1300e60c24c88660bc98baafd518f856e6288d3b4ff6973569f977eef579acbda7fc50

memory/3640-34-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1940-168-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1848-187-0x0000000000400000-0x000000000041E000-memory.dmp

memory/4556-188-0x0000000000400000-0x000000000041E000-memory.dmp

memory/3640-189-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1940-190-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1940-191-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1940-195-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1940-199-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1940-204-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1940-208-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1940-214-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1940-224-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1940-228-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1940-232-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1940-236-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1940-241-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1940-245-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1940-249-0x0000000000400000-0x000000000041E000-memory.dmp