Malware Analysis Report

2025-03-14 22:54

Sample ID 240406-1qj3jaca5v
Target 6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80
SHA256 6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80
Tags
upx persistence spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80

Threat Level: Known bad

The file 6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80 was found to be: Known bad.

Malicious Activity Summary

upx persistence spyware stealer

UPX dump on OEP (original entry point)

Detects executables containing possible sandbox analysis VM usernames

UPX dump on OEP (original entry point)

Checks computer location settings

Reads user/profile data of web browsers

UPX packed file

Adds Run key to start application

Enumerates connected drives

Drops file in System32 directory

Drops file in Program Files directory

Drops file in Windows directory

Enumerates physical storage devices

Unsigned PE

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-06 21:51

Signatures

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-06 21:51

Reported

2024-04-06 21:53

Platform

win7-20240215-en

Max time kernel

150s

Max time network

149s

Command Line

"C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe"

Signatures

Detects executables containing possible sandbox analysis VM usernames

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\action gang bang full movie ash .avi.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\canadian trambling hidden cock mistress (Sandy,Melissa).rar.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\french kicking [milf] .mpeg.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\black action horse licking ash .avi.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\african lesbian full movie boobs mature .rar.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Windows\System32\LogFiles\Fax\Incoming\russian horse hot (!) legs shower .rar.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Windows\SysWOW64\IME\shared\danish kicking public (Christine,Janette).zip.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\german porn several models legs .mpg.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Windows\System32\DriverStore\Temp\xxx hardcore hidden mistress .zip.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Windows\SysWOW64\IME\shared\canadian lingerie bukkake uncut beautyfull .mpg.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Windows Sidebar\Shared Gadgets\xxx several models (Christine,Sonja).avi.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\tyrkish hardcore bukkake girls (Gina).zip.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\brasilian handjob sperm voyeur high heels (Sandy).avi.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Program Files\Windows Journal\Templates\indian horse [milf] .mpg.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\trambling full movie titts hairy (Karin).mpeg.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\malaysia kicking lingerie lesbian ash granny .avi.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\nude [milf] blondie .zip.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Program Files\DVD Maker\Shared\russian gang bang lingerie catfight stockings (Gina).mpg.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\lingerie blowjob licking blondie .zip.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\bukkake licking .rar.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Program Files (x86)\Google\Update\Download\french horse hot (!) girly (Janette).mpg.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\russian horse cum catfight .mpg.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\nude [free] cock .mpeg.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\lingerie hardcore [bangbus] boots (Sonja).mpg.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Program Files (x86)\Google\Temp\italian horse full movie lady .avi.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_3b85bcbe4734e96a\horse girls redhair .avi.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Windows\winsxs\x86_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_dd18b2a07d49aa11\danish gay hot (!) (Tatjana,Christine).zip.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_4d274741486b900c\spanish bukkake trambling girls glans black hairunshaved (Sandy).zip.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Windows\security\templates\blowjob public (Gina).rar.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_515dc677700303ec\indian fetish lingerie voyeur stockings .mpg.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0993a1b8823a4e79\animal xxx licking (Sonja).mpg.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_bcc167434bb9b3ea\french beast lesbian big gorgeoushorny .mpeg.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Windows\winsxs\amd64_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_c26c5b8280c6af34\american fucking hot (!) YEâPSè& .avi.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ac16749b75335680\fetish girls beautyfull (Britney).rar.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\british fetish handjob girls .rar.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\danish beast sleeping blondie .zip.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\american fucking [milf] sm (Sonja,Kathrin).rar.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\sperm voyeur .mpeg.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_d81c96999f75bd77\horse beast hidden glans ejaculation .avi.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8c6fc5a7aa8c435d\african beast lingerie uncut vagina granny .zip.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0ac4ebfc358e5ec0\canadian horse hidden titts (Sandy).rar.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_387a16fe7addf3b6\brasilian fucking full movie redhair .mpeg.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Windows\winsxs\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_5e4ff1f4cf2dee9b\xxx licking .rar.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\brasilian hardcore trambling catfight .mpg.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\german handjob sperm full movie shower .zip.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\british hardcore voyeur balls .avi.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Windows\SoftwareDistribution\Download\black fetish girls ash wifey .rar.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_7f84cd98a7a56fd8\american action hidden (Sandy).zip.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\african cumshot hardcore several models .avi.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_6.1.7600.16385_none_6377027f0030a06a\canadian blowjob masturbation feet circumcision .rar.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\spanish animal uncut .rar.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_6.1.7600.16385_none_2958d4a31d2ec64f\british lesbian beast licking boots (Sylvia).mpeg.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_293ea1e3e6bc5364\african xxx [free] .mpg.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05\spanish cumshot [free] high heels (Samantha).mpeg.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f25d066604c2ad34\hardcore lesbian mistress .mpeg.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b4aea777fe683838\russian sperm porn hot (!) .mpg.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Windows\winsxs\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_16a2bb1dbab1c595\norwegian lesbian full movie circumcision .avi.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_6b16fa9f975e1109\spanish lesbian full movie vagina .avi.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_095efe9c8261401e\kicking sperm sleeping legs black hairunshaved (Janette).avi.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\Downloads\norwegian beastiality blowjob [free] .zip.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\malaysia cumshot gang bang sleeping wifey .zip.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_d8216ed3d8746200\asian beastiality [milf] ejaculation .mpg.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\african cumshot masturbation feet (Karin).avi.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_it-it_18a6fde3093acac7\brasilian horse kicking [bangbus] .mpeg.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_60c2504d62fd4f0e\hardcore cumshot uncut .mpg.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_es-es_00bfb7e81e458178\trambling cumshot full movie titts (Sarah).avi.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_39c9d74ef2ad6c7b\blowjob girls traffic (Liz).avi.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_9498b282333b64ec\american fucking lesbian catfight traffic (Jenna).rar.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_ddab3bcb3a4ffb45\trambling hidden .zip.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ea4a469ab7713182\canadian bukkake bukkake voyeur (Samantha).zip.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8d9f242de8497d58\sperm sperm hidden (Samantha).rar.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e30b5ec05031d17d\asian kicking voyeur .rar.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8bc7919d3f36cee7\russian cumshot porn full movie stockings (Anniston,Jenna).mpeg.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_1412267f4b3bb985\spanish porn voyeur high heels .rar.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_65b23d3c3a97bfaf\spanish sperm cum hidden .mpeg.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0835101f2d90c7b6\fetish beastiality [milf] vagina circumcision (Kathrin,Britney).mpeg.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_en-us_00f45b041e1e8fd3\spanish animal [free] fishy .mpeg.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a3772de7111797da\malaysia horse public .rar.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_6.1.7600.16385_none_49dd84a06c7c8863\asian kicking cumshot [free] 50+ .mpeg.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Windows\winsxs\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_a945e2c500c90142\norwegian lingerie cumshot [bangbus] .zip.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_3d98a610fed70b75\african handjob lesbian gorgeoushorny .rar.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\kicking lingerie [milf] .mpg.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-m..-temptable-provider_31bf3856ad364e35_6.1.7600.16385_none_1dd3ce8d1e7524cd\italian horse gang bang uncut feet (Karin,Sonja).avi.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_7bfdfb15e7184c41\gang bang girls bondage .mpg.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_657d9a203abeb154\cumshot bukkake masturbation (Melissa,Liz).mpg.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_f0ca3430257ea13f\american fetish horse sleeping vagina (Tatjana,Sonja).mpg.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_f27c4f066f5c6701\malaysia sperm handjob voyeur swallow .rar.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\gay bukkake [bangbus] hole latex .rar.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_963e6ae24c653bfe\cum lesbian .mpeg.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1888 wrote to memory of 2564 N/A C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe
PID 1888 wrote to memory of 2564 N/A C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe
PID 1888 wrote to memory of 2564 N/A C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe
PID 1888 wrote to memory of 2564 N/A C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe
PID 2564 wrote to memory of 340 N/A C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe
PID 2564 wrote to memory of 340 N/A C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe
PID 2564 wrote to memory of 340 N/A C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe
PID 2564 wrote to memory of 340 N/A C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe

Processes

C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe

"C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe"

C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe

"C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe"

C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe

"C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 214.205.3.17.in-addr.arpa udp
US 8.8.8.8:53 188.44.139.177.in-addr.arpa udp
US 8.8.8.8:53 233.243.168.181.in-addr.arpa udp
US 8.8.8.8:53 249.84.72.78.in-addr.arpa udp
US 8.8.8.8:53 155.13.121.242.in-addr.arpa udp
US 8.8.8.8:53 225.244.140.90.in-addr.arpa udp
US 8.8.8.8:53 87.81.239.252.in-addr.arpa udp
US 8.8.8.8:53 115.76.223.111.in-addr.arpa udp
US 8.8.8.8:53 56.183.63.123.in-addr.arpa udp
US 8.8.8.8:53 201.184.11.212.in-addr.arpa udp
US 8.8.8.8:53 52.118.77.85.in-addr.arpa udp
US 8.8.8.8:53 165.254.178.47.in-addr.arpa udp
US 8.8.8.8:53 192.70.101.21.in-addr.arpa udp
US 8.8.8.8:53 49.240.227.242.in-addr.arpa udp
US 8.8.8.8:53 126.84.207.116.in-addr.arpa udp
US 8.8.8.8:53 238.208.89.55.in-addr.arpa udp
US 8.8.8.8:53 178.187.250.229.in-addr.arpa udp
US 8.8.8.8:53 128.201.83.134.in-addr.arpa udp
US 8.8.8.8:53 142.70.220.133.in-addr.arpa udp
US 8.8.8.8:53 41.103.60.249.in-addr.arpa udp
US 8.8.8.8:53 146.190.53.182.in-addr.arpa udp
US 8.8.8.8:53 155.142.69.83.in-addr.arpa udp
US 8.8.8.8:53 28.154.31.115.in-addr.arpa udp
US 8.8.8.8:53 96.162.115.78.in-addr.arpa udp
US 8.8.8.8:53 97.45.252.212.in-addr.arpa udp
US 8.8.8.8:53 182.56.47.181.in-addr.arpa udp
US 8.8.8.8:53 udp

Files

memory/1888-0-0x0000000000400000-0x000000000041C000-memory.dmp

C:\Program Files\Windows Sidebar\Shared Gadgets\xxx several models (Christine,Sonja).avi.exe

MD5 c78ea24a00186e052402b4339e2eae4d
SHA1 7505f99c0f96ebb73267220256db97317b9e2251
SHA256 17918c22810ec7a3033027f8874db356d22e6f60f2581f94451596e91d9700c8
SHA512 d91d62559f406d338c9f7d84f544afe317ac1db6dff8e68ac86059cf8b10bce936f2586ab159aab715e56d4dfd0a7ad397600b424d29627089c6cf8f490383da

memory/2564-65-0x0000000000400000-0x000000000041C000-memory.dmp

memory/2564-87-0x0000000004810000-0x000000000482C000-memory.dmp

memory/340-88-0x0000000000400000-0x000000000041C000-memory.dmp

memory/1888-92-0x0000000000400000-0x000000000041C000-memory.dmp

memory/2564-101-0x0000000000400000-0x000000000041C000-memory.dmp

memory/340-102-0x0000000000400000-0x000000000041C000-memory.dmp

memory/1888-103-0x0000000000400000-0x000000000041C000-memory.dmp

memory/1888-106-0x0000000000400000-0x000000000041C000-memory.dmp

memory/1888-109-0x0000000000400000-0x000000000041C000-memory.dmp

memory/1888-112-0x0000000000400000-0x000000000041C000-memory.dmp

memory/1888-117-0x0000000000400000-0x000000000041C000-memory.dmp

memory/1888-120-0x0000000000400000-0x000000000041C000-memory.dmp

memory/1888-123-0x0000000000400000-0x000000000041C000-memory.dmp

memory/1888-126-0x0000000000400000-0x000000000041C000-memory.dmp

memory/1888-129-0x0000000000400000-0x000000000041C000-memory.dmp

memory/1888-132-0x0000000000400000-0x000000000041C000-memory.dmp

memory/1888-135-0x0000000000400000-0x000000000041C000-memory.dmp

memory/1888-138-0x0000000000400000-0x000000000041C000-memory.dmp

memory/1888-141-0x0000000000400000-0x000000000041C000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-04-06 21:51

Reported

2024-04-06 21:53

Platform

win10v2004-20240226-en

Max time kernel

150s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe"

Signatures

Detects executables containing possible sandbox analysis VM usernames

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\IME\SHARED\norwegian beastiality gang bang [bangbus] vagina pregnant .mpg.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Windows\System32\LogFiles\Fax\Incoming\horse lesbian [milf] .mpg.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\action catfight (Melissa,Karin).mpg.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\german lingerie catfight beautyfull (Anniston,Anniston).rar.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\japanese lesbian handjob sleeping lady (Sarah,Sarah).zip.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\swedish lingerie nude uncut balls .avi.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Windows\System32\DriverStore\Temp\british cum public .mpg.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\british hardcore hot (!) .zip.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\nude [free] .mpeg.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Windows\SysWOW64\IME\SHARED\danish horse porn several models ash .avi.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\japanese cumshot [bangbus] sweet (Tatjana,Samantha).zip.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\cum uncut balls (Samantha,Jade).rar.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\microsoft shared\brasilian handjob sperm voyeur high heels (Sandy).avi.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\tyrkish hardcore bukkake girls (Gina).zip.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\trambling full movie titts hairy (Karin).mpeg.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Program Files\Microsoft Office\Updates\Download\french horse hot (!) girly (Janette).mpg.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\lingerie blowjob licking blondie .zip.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\hardcore lingerie catfight ash high heels .avi.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Program Files\Windows Sidebar\Shared Gadgets\russian horse cum catfight .mpg.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\brasilian cum voyeur hole Ôï .avi.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Program Files\dotnet\shared\russian gang bang lingerie catfight stockings (Gina).mpg.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\indian horse [milf] .mpg.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\tyrkish kicking sperm big (Gina,Tatjana).rar.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Program Files (x86)\Google\Update\Download\japanese cum big penetration (Tatjana,Curtney).mpg.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\french blowjob animal hidden (Liz,Anniston).zip.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\xxx several models (Christine,Sonja).avi.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\italian horse full movie lady .avi.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\brasilian beastiality voyeur traffic .zip.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Program Files (x86)\Google\Temp\cumshot uncut bondage (Sarah).zip.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\spanish lingerie lesbian nipples bondage .rar.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.746_none_aaeae146be52e178\animal fucking several models .mpg.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1288_none_56c05939711f0938\norwegian animal several models traffic .zip.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Windows\WinSxS\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_10.0.19041.1_none_15ba23b7f1e2b81b\kicking girls .mpg.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_fad1fa0072ef4a3a\xxx catfight .mpg.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Windows\WinSxS\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_10.0.19041.1_none_c049dbdb4e15bdd2\german nude big boobs granny .zip.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.964_none_1c1a193f5bfcf136\fetish hidden titts traffic (Karin,Sandy).zip.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Windows\WinSxS\amd64_netfx-aspnet-nonwow64-shared_b03f5f7f11d50a3a_4.0.19041.1_none_d66d07dacac85e2d\russian lesbian public stockings .avi.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.1_none_a80cea873b2a6772\canadian lesbian handjob licking titts leather .avi.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedrealitysvc_31bf3856ad364e35_10.0.19041.746_none_822bf1ada1526fa8\french cum nude catfight .rar.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_es-es_8da1621e0a800290\hardcore cumshot several models (Karin).zip.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Windows\WinSxS\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_10.0.19041.1_none_0341fea186758116\lingerie licking (Karin).avi.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.1_none_4a03fd12cb3f16c2\german nude nude public .rar.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_adfc5e0bfca53431\asian gay beast sleeping upskirt .mpeg.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedpc-sharedpccsp_31bf3856ad364e35_10.0.19041.1_none_24f622f1fc5a3f3c\black trambling big .mpg.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_10.0.19041.1_none_ee94ce5eb8e7e4c0\black animal girls boobs .mpeg.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-update-upshared_31bf3856ad364e35_10.0.19041.1151_none_025296d718a7b3a8\asian gang bang animal voyeur 40+ (Sarah,Britney).avi.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_fe0807c37141be7a\chinese porn porn [free] .rar.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.1_none_d12f2a9a88909fc2\xxx trambling [bangbus] ash .avi.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_10.0.19041.207_none_e2f2dfeea7fa44fc\xxx porn [free] .mpg.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_14c898cc82025c76\american porn horse lesbian .mpg.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_en-us_64f5aaf4bb13ecef\tyrkish gay kicking hidden glans black hairunshaved .avi.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Windows\WinSxS\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_10.0.19041.1_none_03040a328f65b761\gay sleeping hole .avi.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.746_none_de598551b74a3964\malaysia kicking bukkake girls hairy .mpg.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_f07d4fae3e8e883f\chinese lingerie full movie ash .mpg.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_es-es_30d7585a049f5b52\french hardcore full movie .mpeg.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.867_none_c29826784f9429f8\italian horse catfight hole (Sarah).mpeg.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Windows\WinSxS\Temp\chinese horse girls legs (Britney,Ashley).zip.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_a4f93129c473df49\italian horse public .mpeg.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.546_none_cd016aa683e5a345\tyrkish trambling trambling hot (!) ash mistress .zip.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.84_none_cee95e04c201c860\german nude uncut Ôï (Curtney).mpeg.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-composable-sharepicker_31bf3856ad364e35_10.0.19041.1_none_c87e96327faffd0e\porn animal full movie titts .avi.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_e79b400a6df5fd2c\bukkake hidden .avi.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_d58d4747b1d5988c\swedish animal [milf] hole .mpeg.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_6242879b1c08046f\canadian gang bang cum public ash shower .zip.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\templates\indian action hidden beautyfull .rar.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1_none_97e9c0335b4cd39a\russian handjob hidden mistress (Sandy,Tatjana).avi.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1288_none_ca3007304990b2ea\american xxx hidden 50+ .mpg.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_it-it_72a319bf8ee74a9b\asian blowjob fucking masturbation .mpeg.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..-kf-commondownloads_31bf3856ad364e35_10.0.19041.1_none_a914e3e3f19ceda1\canadian kicking nude uncut black hairunshaved (Gina,Sandy).mpg.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_7860bee9439c3ae7\gang bang hot (!) fishy .rar.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Windows\WinSxS\amd64_netfx-aspnet-sharedcomponents_b03f5f7f11d50a3a_4.0.19041.1_none_47ca94859da20b28\horse masturbation granny .rar.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_10.0.19041.1_none_c513167c1d0a90dd\animal hot (!) nipples upskirt (Liz,Karin).avi.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Windows\WinSxS\x86_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_10.0.19041.1_none_d980e9752d51efac\indian action hot (!) .mpg.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Windows\SoftwareDistribution\Download\SharedFileCache\norwegian fucking sleeping legs (Tatjana,Tatjana).mpg.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedpc-sharedpccsp_31bf3856ad364e35_10.0.19041.746_none_4cfe603abbcbfd86\lingerie public stockings .mpg.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_de-de_bc04d4fbcc35e12a\chinese cum uncut (Anniston,Jade).avi.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_it-it_4c5922428a6f2d08\beast licking legs .mpeg.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-security-ntlmshared_31bf3856ad364e35_10.0.19041.1_none_7d9dab4e456449b1\hardcore horse voyeur .mpeg.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\french gang bang xxx public fishy (Anniston,Sylvia).rar.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_1bbb9ab9fc52bac9\swedish gay voyeur titts (Janette,Kathrin).rar.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_bfae5918c0443f83\italian beast hot (!) .avi.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_fd7349c396c417ae\british action big (Tatjana,Gina).zip.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Windows\InputMethod\SHARED\handjob trambling sleeping high heels .mpg.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d38ece58f77171b4\african xxx handjob hot (!) glans .avi.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_57eddd48e7a74274\animal lesbian ash (Sandy).mpg.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_10.0.19041.1_none_bd731e5b85dd203e\danish kicking girls hairy .mpg.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.746_none_a06b29f6c4bab99e\chinese bukkake [free] .mpg.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Windows\assembly\tmp\african gang bang trambling sleeping nipples girly (Samantha).zip.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_10.0.19041.1_none_8c0b126c198fcf70\xxx kicking [bangbus] .rar.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Windows\WinSxS\x86_microsoft-windows-m..-temptable-provider_31bf3856ad364e35_10.0.19041.1_none_77cfea69a421a4a1\gay several models ash .avi.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Windows\WinSxS\x86_netfx4-uninstallsqlstatetemplate_sql_b03f5f7f11d50a3a_4.0.15805.0_none_231ddfc33015c6db\asian kicking big titts granny .rar.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_4c786ae2f508e6d5\fetish sleeping young .rar.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_9aa486d790131d4e\brasilian xxx public cock boots (Christine).mpg.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
File created C:\Windows\WinSxS\amd64_netfx4-uninstallsqlstatetemplate_sql_b03f5f7f11d50a3a_4.0.15805.0_none_db70a8ec1b999dd5\black fucking licking .zip.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3892 wrote to memory of 2404 N/A C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe
PID 3892 wrote to memory of 2404 N/A C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe
PID 3892 wrote to memory of 2404 N/A C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe
PID 2404 wrote to memory of 5000 N/A C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe
PID 2404 wrote to memory of 5000 N/A C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe
PID 2404 wrote to memory of 5000 N/A C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe

Processes

C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe

"C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe"

C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe

"C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe"

C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe

"C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 140.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 159.113.53.23.in-addr.arpa udp
US 8.8.8.8:53 134.71.91.104.in-addr.arpa udp
US 8.8.8.8:53 233.232.166.49.in-addr.arpa udp
US 8.8.8.8:53 111.13.240.139.in-addr.arpa udp
US 8.8.8.8:53 163.28.156.226.in-addr.arpa udp
US 8.8.8.8:53 79.147.94.181.in-addr.arpa udp
US 8.8.8.8:53 120.193.58.25.in-addr.arpa udp
US 8.8.8.8:53 95.11.210.74.in-addr.arpa udp
US 8.8.8.8:53 157.27.22.140.in-addr.arpa udp
US 8.8.8.8:53 244.89.153.247.in-addr.arpa udp
US 8.8.8.8:53 29.97.46.190.in-addr.arpa udp
US 8.8.8.8:53 172.21.199.131.in-addr.arpa udp
US 8.8.8.8:53 84.48.47.40.in-addr.arpa udp
US 8.8.8.8:53 77.98.253.85.in-addr.arpa udp
US 8.8.8.8:53 180.59.247.78.in-addr.arpa udp
US 8.8.8.8:53 178.207.110.213.in-addr.arpa udp
US 8.8.8.8:53 225.196.67.3.in-addr.arpa udp
US 8.8.8.8:53 203.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 89.187.191.172.in-addr.arpa udp
US 8.8.8.8:53 233.8.236.30.in-addr.arpa udp
US 8.8.8.8:53 84.13.214.4.in-addr.arpa udp
US 8.8.8.8:53 134.119.121.195.in-addr.arpa udp
US 8.8.8.8:53 244.145.50.23.in-addr.arpa udp
US 8.8.8.8:53 23.122.227.145.in-addr.arpa udp
US 8.8.8.8:53 183.133.140.145.in-addr.arpa udp
US 8.8.8.8:53 135.207.70.119.in-addr.arpa udp
US 8.8.8.8:53 208.198.246.29.in-addr.arpa udp
US 8.8.8.8:53 136.172.93.24.in-addr.arpa udp
US 8.8.8.8:53 175.91.165.26.in-addr.arpa udp
US 8.8.8.8:53 172.188.47.12.in-addr.arpa udp
US 8.8.8.8:53 158.32.222.95.in-addr.arpa udp
US 8.8.8.8:53 231.199.202.244.in-addr.arpa udp
US 8.8.8.8:53 34.148.108.44.in-addr.arpa udp
US 8.8.8.8:53 87.195.200.103.in-addr.arpa udp
US 8.8.8.8:53 49.195.4.112.in-addr.arpa udp
US 8.8.8.8:53 43.208.180.123.in-addr.arpa udp
US 8.8.8.8:53 44.182.145.184.in-addr.arpa udp
US 8.8.8.8:53 124.229.118.4.in-addr.arpa udp
US 8.8.8.8:53 213.34.220.27.in-addr.arpa udp
US 8.8.8.8:53 250.232.188.170.in-addr.arpa udp
US 8.8.8.8:53 254.99.184.223.in-addr.arpa udp
US 8.8.8.8:53 232.116.204.176.in-addr.arpa udp
US 8.8.8.8:53 151.80.188.68.in-addr.arpa udp
US 8.8.8.8:53 190.181.247.124.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 255.200.219.132.in-addr.arpa udp
US 8.8.8.8:53 130.110.91.9.in-addr.arpa udp
US 8.8.8.8:53 114.156.67.15.in-addr.arpa udp
US 8.8.8.8:53 88.171.46.228.in-addr.arpa udp
US 8.8.8.8:53 27.143.80.132.in-addr.arpa udp
US 8.8.8.8:53 35.237.195.147.in-addr.arpa udp
US 8.8.8.8:53 192.27.73.28.in-addr.arpa udp
US 8.8.8.8:53 230.233.210.41.in-addr.arpa udp
US 8.8.8.8:53 35.214.7.26.in-addr.arpa udp
US 8.8.8.8:53 83.148.111.185.in-addr.arpa udp
US 8.8.8.8:53 185.153.30.138.in-addr.arpa udp
US 8.8.8.8:53 154.133.1.175.in-addr.arpa udp
US 8.8.8.8:53 252.9.126.203.in-addr.arpa udp
US 8.8.8.8:53 232.52.202.82.in-addr.arpa udp
US 8.8.8.8:53 160.154.8.39.in-addr.arpa udp
US 8.8.8.8:53 130.122.86.210.in-addr.arpa udp
US 8.8.8.8:53 52.126.76.88.in-addr.arpa udp
US 8.8.8.8:53 136.62.225.248.in-addr.arpa udp
US 8.8.8.8:53 91.224.235.102.in-addr.arpa udp
US 8.8.8.8:53 70.45.194.102.in-addr.arpa udp
US 8.8.8.8:53 164.171.23.104.in-addr.arpa udp
US 8.8.8.8:53 117.224.53.64.in-addr.arpa udp
US 8.8.8.8:53 143.86.32.37.in-addr.arpa udp
US 8.8.8.8:53 125.195.35.150.in-addr.arpa udp
US 8.8.8.8:53 245.58.217.9.in-addr.arpa udp
US 8.8.8.8:53 168.218.183.63.in-addr.arpa udp
US 8.8.8.8:53 33.92.37.175.in-addr.arpa udp
US 8.8.8.8:53 196.50.118.233.in-addr.arpa udp
US 8.8.8.8:53 62.91.97.60.in-addr.arpa udp
US 8.8.8.8:53 210.149.165.88.in-addr.arpa udp
US 8.8.8.8:53 7.192.123.158.in-addr.arpa udp
US 8.8.8.8:53 234.25.209.182.in-addr.arpa udp
US 8.8.8.8:53 199.112.74.103.in-addr.arpa udp
US 8.8.8.8:53 162.111.245.162.in-addr.arpa udp
US 8.8.8.8:53 13.92.168.3.in-addr.arpa udp
US 8.8.8.8:53 52.132.134.195.in-addr.arpa udp
US 8.8.8.8:53 171.68.227.167.in-addr.arpa udp
US 8.8.8.8:53 95.52.5.230.in-addr.arpa udp
US 8.8.8.8:53 128.229.243.242.in-addr.arpa udp
US 8.8.8.8:53 192.218.171.100.in-addr.arpa udp
US 8.8.8.8:53 40.218.203.17.in-addr.arpa udp
US 8.8.8.8:53 117.18.104.57.in-addr.arpa udp
US 8.8.8.8:53 32.105.181.4.in-addr.arpa udp
US 8.8.8.8:53 26.144.99.200.in-addr.arpa udp
US 8.8.8.8:53 218.56.45.102.in-addr.arpa udp
US 8.8.8.8:53 135.94.13.171.in-addr.arpa udp

Files

memory/3892-0-0x0000000000400000-0x000000000041C000-memory.dmp

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\xxx several models (Christine,Sonja).avi.exe

MD5 c78ea24a00186e052402b4339e2eae4d
SHA1 7505f99c0f96ebb73267220256db97317b9e2251
SHA256 17918c22810ec7a3033027f8874db356d22e6f60f2581f94451596e91d9700c8
SHA512 d91d62559f406d338c9f7d84f544afe317ac1db6dff8e68ac86059cf8b10bce936f2586ab159aab715e56d4dfd0a7ad397600b424d29627089c6cf8f490383da

memory/2404-111-0x0000000000400000-0x000000000041C000-memory.dmp

memory/3892-182-0x0000000000400000-0x000000000041C000-memory.dmp

memory/2404-183-0x0000000000400000-0x000000000041C000-memory.dmp

memory/5000-184-0x0000000000400000-0x000000000041C000-memory.dmp

memory/3892-186-0x0000000000400000-0x000000000041C000-memory.dmp

memory/3892-191-0x0000000000400000-0x000000000041C000-memory.dmp

memory/3892-201-0x0000000000400000-0x000000000041C000-memory.dmp

memory/3892-204-0x0000000000400000-0x000000000041C000-memory.dmp

memory/3892-208-0x0000000000400000-0x000000000041C000-memory.dmp

memory/3892-211-0x0000000000400000-0x000000000041C000-memory.dmp

memory/3892-214-0x0000000000400000-0x000000000041C000-memory.dmp

memory/3892-217-0x0000000000400000-0x000000000041C000-memory.dmp

memory/3892-220-0x0000000000400000-0x000000000041C000-memory.dmp

memory/3892-223-0x0000000000400000-0x000000000041C000-memory.dmp

memory/3892-226-0x0000000000400000-0x000000000041C000-memory.dmp

memory/3892-229-0x0000000000400000-0x000000000041C000-memory.dmp

memory/3892-232-0x0000000000400000-0x000000000041C000-memory.dmp