Analysis Overview
SHA256
091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5
Threat Level: Known bad
The file 091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5 was found to be: Known bad.
Malicious Activity Summary
UPX dump on OEP (original entry point)
UPX dump on OEP (original entry point)
Detects executables containing possible sandbox analysis VM usernames
Checks computer location settings
Reads user/profile data of web browsers
UPX packed file
Enumerates connected drives
Adds Run key to start application
Drops file in System32 directory
Drops file in Windows directory
Drops file in Program Files directory
Unsigned PE
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-03 18:24
Signatures
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-03 18:24
Reported
2024-04-03 18:27
Platform
win7-20240221-en
Max time kernel
150s
Max time network
151s
Command Line
Signatures
Detects executables containing possible sandbox analysis VM usernames
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\config\systemprofile\nude gay catfight .avi.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\asian lesbian uncut circumcision (Britney,Jenna).mpg.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\action public nipples .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\american cumshot lesbian licking hole black hairunshaved (Sandy,Sylvia).mpg.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\shared\french nude full movie beautyfull .avi.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Windows\System32\LogFiles\Fax\Incoming\french sperm hidden stockings (Melissa).rar.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\brasilian fucking sleeping pregnant .zip.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\asian lesbian masturbation sm .avi.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\hardcore porn [bangbus] penetration .avi.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\shared\spanish fucking blowjob voyeur nipples circumcision .mpg.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\Common Files\Microsoft Shared\german fetish fetish big .mpg.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\Download\black nude beast voyeur cock high heels .mpg.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\brasilian xxx action hidden girly .rar.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\gay hardcore public hotel (Melissa).avi.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Shared Gadgets\norwegian porn animal several models hairy .avi.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\microsoft shared\blowjob [bangbus] .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\hardcore animal big .mpg.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\malaysia cum action lesbian sweet .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Program Files\DVD Maker\Shared\handjob girls cock .mpg.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Program Files\Windows Journal\Templates\cum girls granny .mpg.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\canadian animal full movie circumcision .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\hardcore big .mpg.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\indian hardcore masturbation bondage .avi.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\handjob [milf] legs hairy .avi.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\kicking horse several models balls .mpg.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\trambling girls (Sarah).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_bacc7ceffc55dca2\norwegian hardcore sperm [free] stockings (Melissa,Anniston).rar.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0af98f1835676d1b\swedish cum full movie feet traffic (Tatjana,Sonja).rar.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_05ea1d9b8e2bf020\russian gang bang gay lesbian vagina .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_7f84cd98a7a56fd8\indian animal big legs gorgeoushorny .rar.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\Downloads\asian nude sleeping (Janette).rar.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\xxx sleeping (Janette,Tatjana).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\cumshot horse [milf] vagina .rar.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05\norwegian lesbian sleeping cock .rar.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_60c2504d62fd4f0e\handjob sleeping beautyfull .avi.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_a945e2c500c90142\canadian cumshot public young (Sonja,Sarah).avi.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Windows\SoftwareDistribution\Download\canadian fucking girls 50+ .mpg.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_515dc677700303ec\cum beastiality [milf] circumcision .avi.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\tyrkish handjob sleeping glans hotel (Jenna,Sandy).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_99b74194b7347cab\chinese fucking animal hidden glans .avi.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_00225053e03f4c04\german trambling girls glans leather .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_de-de_5803850b2f40840e\lingerie masturbation black hairunshaved .zip.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_ddab3bcb3a4ffb45\danish hardcore voyeur .rar.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Windows\mssrv.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\italian cum lesbian [free] pregnant .mpg.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_en-us_00f45b041e1e8fd3\danish cumshot xxx sleeping ash (Jenna).rar.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_c26c5b8280c6af34\beastiality sleeping legs ìï (Anniston).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_f27c4f066f5c6701\italian blowjob uncut high heels (Curtney,Gina).avi.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e30b5ec05031d17d\xxx nude voyeur .zip.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_6208b91f46896156\lingerie big .zip.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_4d274741486b900c\trambling several models traffic .avi.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_2e7f079c3208e549\horse hardcore [bangbus] (Sarah).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_9498b282333b64ec\brasilian blowjob sperm big stockings .mpg.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\french sperm public .avi.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\gang bang [bangbus] black hairunshaved (Christine).rar.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_bcc167434bb9b3ea\blowjob public glans .zip.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_6.1.7600.16385_none_6377027f0030a06a\african xxx sleeping cock stockings .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Windows\winsxs\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_6b16fa9f975e1109\fucking lesbian mature .rar.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\chinese kicking hidden high heels (Gina).mpg.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5d6ada54ed6d35a2\swedish blowjob horse hot (!) shower .zip.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_34400a5790d1d336\black beast girls ash granny .avi.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Windows\winsxs\InstallTemp\american lesbian uncut pregnant .rar.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8bc7919d3f36cee7\chinese kicking public glans femdom .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ad7c61fb28607522\horse gay lesbian .rar.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_16a2bb1dbab1c595\kicking horse public .zip.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_7bfdfb15e7184c41\japanese horse fucking [milf] ash .zip.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\canadian sperm [free] legs black hairunshaved .zip.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Windows\PLA\Templates\brasilian fucking lesbian girls boots (Melissa,Janette).rar.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_65b23d3c3a97bfaf\hardcore beastiality sleeping hotel (Janette,Britney).zip.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2fc4a33adb648f33\asian xxx action voyeur hole femdom .rar.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_dd18b2a07d49aa11\tyrkish handjob [bangbus] legs .zip.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\malaysia gang bang action lesbian boobs YEâPSè& .rar.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ea4a469ab7713182\black blowjob several models castration (Sarah,Sonja).mpg.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_94ab98ac6d213009\spanish lingerie full movie .avi.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_664dbffec8693dfe\action gang bang lesbian .rar.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8bfc34b93f0fdd42\horse lingerie voyeur hole .rar.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_6.1.7600.16385_none_5499606faffb3f9f\black action hot (!) .zip.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0ac4ebfc358e5ec0\horse lingerie big 50+ .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_f0ca3430257ea13f\american kicking beast catfight mature .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\horse gay masturbation ash femdom (Christine).avi.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\Downloads\canadian fetish several models latex .zip.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8c6fc5a7aa8c435d\cum public .zip.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_es-es_00bfb7e81e458178\swedish xxx [free] boobs .zip.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_39374e2435a71b47\beast lingerie sleeping (Jade).rar.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Windows\winsxs\Temp\black fetish porn hot (!) fishy .avi.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_d8216ed3d8746200\russian lesbian animal hidden boobs swallow .mpg.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\italian porn full movie castration .zip.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_dba3691c6002e10e\brasilian lingerie cumshot girls (Sandy,Sonja).rar.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Windows\winsxs\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_79642285ffd2a388\british nude [bangbus] ash YEâPSè& .mpg.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe
"C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe"
C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe
"C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe"
C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe
"C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 244.238.35.148.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.204.9.55.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 151.80.19.225.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.10.184.135.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 39.206.101.167.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.210.228.38.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.245.230.254.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.15.255.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.46.242.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 174.161.75.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 179.186.113.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.162.224.27.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.168.9.233.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.178.24.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 94.220.124.234.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.243.115.171.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.147.132.39.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.49.200.1.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.128.241.239.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.123.29.25.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.61.100.122.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.52.215.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 187.248.141.12.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 177.230.200.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.215.137.225.in-addr.arpa | udp |
Files
memory/2020-0-0x0000000000400000-0x0000000000420000-memory.dmp
C:\Program Files\Windows Sidebar\Shared Gadgets\norwegian porn animal several models hairy .avi.exe
| MD5 | 758a114b05413211d9f50f2fb1732156 |
| SHA1 | eaf0695171f72b0331bc5b92480296121e0caf3a |
| SHA256 | baf15d29bd5be1bc12413d361128f5ddd7211497cab0e0983eeb5fc72abe7bf9 |
| SHA512 | 0c365f7ded5dc0d2850684a12de1dcb66c57b4fc3f2f6ee42d18a42339e0bdb26b5680d3efd0e49d43a0e867a1f72720195c3c3c585c6af9295b4d8f484c4928 |
memory/2564-52-0x0000000000400000-0x0000000000420000-memory.dmp
memory/2564-86-0x0000000004A90000-0x0000000004AB0000-memory.dmp
memory/2492-88-0x0000000000400000-0x0000000000420000-memory.dmp
memory/2020-104-0x0000000000400000-0x0000000000420000-memory.dmp
memory/2020-106-0x0000000004F40000-0x0000000004F60000-memory.dmp
memory/2564-107-0x0000000000400000-0x0000000000420000-memory.dmp
memory/2564-108-0x0000000004A90000-0x0000000004AB0000-memory.dmp
memory/2492-110-0x0000000000400000-0x0000000000420000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-03 18:24
Reported
2024-04-03 18:27
Platform
win10v2004-20240226-en
Max time kernel
150s
Max time network
150s
Command Line
Signatures
Detects executables containing possible sandbox analysis VM usernames
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\FxsTmp\nude xxx girls .zip.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\norwegian porn [bangbus] ash .avi.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\chinese handjob kicking public boots .zip.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\horse sperm licking hole (Kathrin).mpg.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\SHARED\german fucking fetish [free] ash .zip.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\british fucking [milf] ash sweet .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\norwegian blowjob horse uncut vagina ash (Ashley,Karin).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\russian beastiality big fishy .zip.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\SHARED\blowjob [free] YEâPSè& .rar.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Windows\System32\LogFiles\Fax\Incoming\british lingerie cumshot voyeur stockings .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\german sperm masturbation (Liz).avi.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\black trambling hot (!) ejaculation (Christine).zip.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\Windows Sidebar\Shared Gadgets\gay trambling uncut mistress .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\chinese cum beastiality hot (!) mistress .mpg.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\lesbian lingerie big cock (Sarah).rar.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Program Files\Microsoft Office\Updates\Download\handjob several models gorgeoushorny (Melissa).mpg.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\beast big .mpg.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\fetish sleeping granny (Britney,Kathrin).avi.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\hardcore gang bang [bangbus] titts stockings .avi.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\gang bang lingerie full movie upskirt .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Microsoft Shared\japanese fetish several models .rar.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\nude hardcore full movie latex (Janette).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\swedish beast voyeur leather .avi.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Program Files\dotnet\shared\japanese sperm lesbian high heels .zip.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Templates\xxx xxx lesbian .zip.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\blowjob full movie vagina (Ashley).mpg.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\Download\norwegian xxx bukkake masturbation glans .mpg.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\malaysia fetish hidden (Ashley,Sandy).mpg.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\nude lesbian swallow .rar.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\cum beast hidden (Janette,Christine).mpg.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\WinSxS\InstallTemp\japanese xxx cumshot [milf] legs .avi.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_67a96afcfa248327\german animal horse hot (!) (Kathrin).rar.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_2426cc56d654beaa\trambling nude catfight sm .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.906_none_f962ab5f47e1e896\tyrkish lingerie handjob hot (!) titts .avi.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Windows\mssrv.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_fd7349c396c417ae\american blowjob hidden titts penetration (Sylvia,Jenna).mpg.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Windows\WinSxS\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_10.0.19041.1_none_a723631dce180fe0\norwegian fucking licking bondage (Kathrin).avi.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_es-es_30d7585a049f5b52\tyrkish lesbian uncut .avi.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_8d8f6812a0c99533\black nude kicking hot (!) vagina mistress (Anniston,Anniston).rar.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_cb389cf57d74d691\black trambling hot (!) .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.1266_none_7916f7558927ae23\brasilian handjob big penetration (Gina).rar.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_2fe79eae2833b9b1\sperm cum sleeping (Tatjana).zip.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.964_none_1c1a193f5bfcf136\gay masturbation vagina sm (Jade,Karin).avi.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_10.0.19041.1_none_0341fea186758116\cum uncut 50+ (Christine).mpg.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.572_none_cf90e12518baac85\cum [milf] hotel (Anniston).avi.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.746_none_aaeae146be52e178\danish porn lesbian (Liz,Karin).avi.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-security-ntlmshared_31bf3856ad364e35_10.0.19041.1_none_7d9dab4e456449b1\lingerie lesbian [milf] 50+ .mpg.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_f3b35d713ce0fc7f\kicking cumshot full movie boots .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.1_none_4a03fd12cb3f16c2\german fucking voyeur YEâPSè& (Sylvia).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.746_none_de598551b74a3964\bukkake girls cock (Sarah,Christine).avi.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_10.0.19041.1_none_ae957c4c35a7bf73\black horse action girls black hairunshaved .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Windows\assembly\temp\horse sleeping sm .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_5d54c0aac5c3c12c\french cum big circumcision (Curtney).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-m..ineshared.resources_31bf3856ad364e35_10.0.19041.1_en-us_99ddc8ce8d3d6dac\blowjob hardcore [milf] glans .zip.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Windows\WinSxS\msil_microsoft.powershel..filedownloadmanager_31bf3856ad364e35_10.0.19041.1_none_cb69bad627df9263\gang bang trambling hidden hole (Sarah).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Windows\CbsTemp\nude big mistress .mpg.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1_none_97e9c0335b4cd39a\african lingerie kicking several models boobs .avi.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_10.0.19041.1_none_91025638be651781\british gay masturbation shower (Ashley).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.1_none_c6da8048542fddc7\chinese lingerie nude several models 40+ .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_10.0.19041.1_none_a3d9a07cf2290837\sperm [milf] boobs balls .mpg.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Windows\WinSxS\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_10.0.19041.1_none_4ab14109a3e1e067\danish lesbian trambling full movie nipples balls .rar.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\canadian porn beastiality [milf] circumcision (Janette).rar.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.867_none_c29826784f9429f8\german animal cum public redhair (Karin).zip.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_10.0.19041.1_none_bd731e5b85dd203e\kicking several models bedroom .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-s..-kf-commondownloads_31bf3856ad364e35_10.0.19041.1_none_a914e3e3f19ceda1\horse hot (!) feet fishy .rar.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx4-_dataoraclec.._shared12_neutral_h_b03f5f7f11d50a3a_4.0.15805.0_none_3b8d4dacc2ea6b71\french gang bang public mature .rar.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Windows\SoftwareDistribution\Download\canadian fucking voyeur nipples .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_1bbb9ab9fc52bac9\japanese cumshot public lady .mpg.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\templates\chinese fetish [milf] glans wifey .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx-shared_registry_whidbey_31bf3856ad364e35_10.0.19041.1_none_1c68775f06732f08\beastiality beastiality [bangbus] traffic .mpg.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Windows\WinSxS\x86_netfx4-installsqlstatetemplate_sql_b03f5f7f11d50a3a_4.0.15805.0_none_bde408a455fc3ece\norwegian hardcore sperm lesbian 40+ .rar.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\templates\tyrkish horse lesbian licking .avi.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_it-it_bdb6c49fcea35732\porn trambling [milf] titts hairy .mpg.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1_none_0b596e2a33be7d4c\cumshot [bangbus] traffic .mpg.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.1_none_a7ad1894592cfa12\xxx full movie .zip.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_10.0.19041.1_none_03040a328f65b761\indian lesbian [milf] feet granny .mpg.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_10.0.19041.1_none_359f84f8e5af60e2\asian lingerie lesbian titts .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\Downloads\german bukkake trambling [milf] nipples 40+ .rar.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c3d467c525734eb3\british fetish hidden cock (Janette,Gina).zip.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_de-de_16bd831fd16633be\sperm horse public circumcision (Jade).rar.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_de-de_3d077a9cd5de5151\american beastiality [bangbus] (Jade,Melissa).avi.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_10.0.19041.1_none_096bb4dc0d5d63a0\american bukkake beastiality voyeur 50+ .mpg.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\norwegian fucking fetish hot (!) castration .zip.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Windows\PLA\Templates\animal catfight .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.1_none_f42978969c79336a\italian cumshot lingerie public Ôï .rar.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_5b152a8d329397ec\african hardcore horse girls ash hairy .zip.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.906_none_ef0e010d1381269b\norwegian handjob cum [free] vagina .zip.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.1_none_d12f2a9a88909fc2\asian cumshot uncut lady .mpg.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\chinese beast full movie feet young .zip.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_f07d4fae3e8e883f\lingerie public hairy (Sarah,Samantha).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_es-es_bf79b5fcc06b3128\horse catfight fishy .avi.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx4-uninstallsqlstatetemplate_sql_b03f5f7f11d50a3a_4.0.15805.0_none_db70a8ec1b999dd5\lesbian licking glans fishy .avi.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\african action nude girls glans sm .avi.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
| File created | C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\british fetish hot (!) .avi.exe | C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe
"C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe"
C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe
"C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe"
C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe
"C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe"
C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe
"C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.76.2.181.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 222.30.96.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 251.83.137.112.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.169.237.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 218.122.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.70.202.146.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 166.21.161.233.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 132.97.116.251.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.152.189.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.159.238.11.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.200.209.241.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.21.183.237.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 124.58.11.254.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 185.48.246.137.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.191.248.198.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 243.183.189.221.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 168.77.149.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.98.142.155.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.246.141.186.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 230.193.227.133.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.175.254.11.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 252.205.19.143.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 127.192.6.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.220.183.77.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.66.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 128.3.18.94.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 207.179.162.112.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 132.21.2.73.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.86.13.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.203.159.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 132.102.65.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.135.75.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.178.215.6.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.189.186.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.68.17.250.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.165.95.117.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 125.201.253.243.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 115.171.161.228.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.40.139.77.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 37.226.72.28.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.190.144.235.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.219.214.174.in-addr.arpa | udp |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | 139.110.86.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.232.146.144.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 141.130.155.65.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 166.60.161.6.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.224.4.212.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.12.170.99.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.138.126.202.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.211.173.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 37.109.114.220.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 128.55.175.120.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.143.102.227.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.77.186.117.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 94.60.225.129.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 201.113.33.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.139.133.28.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.190.181.167.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 253.204.51.75.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 128.250.240.111.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.18.171.242.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 93.224.183.211.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 168.111.172.14.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 251.78.88.25.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 224.1.163.76.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 47.121.232.160.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.34.11.135.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 122.133.240.211.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 243.180.146.137.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.218.132.186.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.218.227.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.221.251.107.in-addr.arpa | udp |
Files
memory/2540-0-0x0000000000400000-0x0000000000420000-memory.dmp
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\nude lesbian swallow .rar.exe
| MD5 | 3d3e40026616360e0e514b4bb20f360b |
| SHA1 | 9b8f8186b3d44f7225442e35d2b8041b78882678 |
| SHA256 | 8c7ef2cb12a5e61ae810ba2cf9bc32fd8789c3a84fdaa21bde92b568eb32ba65 |
| SHA512 | 83354884bf0ef128c21fedff4b7730a0f4f736fc8482af68658d8682e6f32f88af36ffff4e3d51edf91e4984b1e3132474ae91fd7ca177de59325c8be5a122e2 |
memory/4704-92-0x0000000000400000-0x0000000000420000-memory.dmp
memory/3012-166-0x0000000000400000-0x0000000000420000-memory.dmp
memory/4252-167-0x0000000000400000-0x0000000000420000-memory.dmp
memory/2540-194-0x0000000000400000-0x0000000000420000-memory.dmp
memory/4704-197-0x0000000000400000-0x0000000000420000-memory.dmp
memory/3012-198-0x0000000000400000-0x0000000000420000-memory.dmp
memory/4252-200-0x0000000000400000-0x0000000000420000-memory.dmp