Analysis Overview
SHA256
21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b
Threat Level: Known bad
The file 21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b was found to be: Known bad.
Malicious Activity Summary
Detects executables containing possible sandbox analysis VM usernames
Detects executables containing possible sandbox analysis VM usernames
Reads user/profile data of web browsers
Checks computer location settings
Adds Run key to start application
Enumerates connected drives
Drops file in System32 directory
Drops file in Program Files directory
Drops file in Windows directory
Unsigned PE
Enumerates physical storage devices
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-03 19:21
Signatures
Detects executables containing possible sandbox analysis VM usernames
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-03 19:21
Reported
2024-04-03 19:23
Platform
win7-20240221-en
Max time kernel
150s
Max time network
151s
Command Line
Signatures
Detects executables containing possible sandbox analysis VM usernames
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\trambling licking feet .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\hardcore hot (!) cock femdom .mpg.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\malaysia horse [milf] .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\shared\xxx [bangbus] titts hotel (Sarah).avi.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\gay big cock granny (Samantha).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\shared\bukkake [milf] .avi.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\lingerie masturbation feet gorgeoushorny .avi.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Windows\System32\LogFiles\Fax\Incoming\beast catfight shoes .mpg.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\swedish cum beast full movie ejaculation .rar.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\swedish porn lesbian sleeping cock .rar.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Common Files\microsoft shared\lesbian full movie feet (Sandy,Sylvia).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\swedish cumshot gay catfight .rar.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Shared Gadgets\danish action hardcore licking titts black hairunshaved (Liz).mpg.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\xxx full movie ¼ç .zip.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\brasilian porn lingerie public feet upskirt (Janette).rar.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\japanese fetish bukkake hot (!) upskirt .rar.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\trambling [milf] .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\sperm girls cock YEâPSè& .zip.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Program Files\Windows Journal\Templates\russian fetish lingerie public .avi.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\russian horse gay hot (!) hairy .mpg.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\italian nude lesbian sleeping .mpg.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\action hardcore voyeur .rar.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\horse big cock .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Program Files\DVD Maker\Shared\indian porn sperm uncut YEâPSè& .zip.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\Download\swedish kicking horse voyeur feet wifey (Curtney).mpg.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\winsxs\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_39374e2435a71b47\spanish fucking girls latex .rar.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0993a1b8823a4e79\spanish horse masturbation titts castration .rar.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\italian cum fucking catfight (Samantha).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5d9f7d70ed4643fd\canadian beast masturbation upskirt .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_965db382b6fef5cb\chinese bukkake voyeur boots .zip.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\russian gang bang blowjob uncut glans upskirt .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\blowjob lesbian glans bondage (Jade).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5d6ada54ed6d35a2\trambling [milf] titts .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8c6fc5a7aa8c435d\fetish xxx lesbian .zip.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_a945e2c500c90142\malaysia bukkake full movie titts high heels (Tatjana).avi.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_7bfdfb15e7184c41\sperm girls feet .mpg.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0835101f2d90c7b6\black handjob lingerie catfight castration .avi.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_6.1.7600.16385_none_6377027f0030a06a\canadian blowjob uncut cock (Britney,Melissa).zip.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_1412267f4b3bb985\black porn beast voyeur glans .mpg.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_6.1.7600.16385_none_a727eb798dcfb185\spanish horse [free] cock circumcision .mpg.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_94ab98ac6d213009\german blowjob licking cock hotel (Samantha).zip.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_7f84cd98a7a56fd8\asian xxx voyeur hole mature .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Windows\winsxs\Temp\blowjob girls hole .rar.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Windows\winsxs\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_79642285ffd2a388\swedish gang bang lesbian big blondie .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_3d98a610fed70b75\brasilian nude horse licking girly .rar.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_3b85bcbe4734e96a\fetish horse voyeur glans .rar.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_99b74194b7347cab\spanish horse full movie feet sm .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0af98f1835676d1b\spanish sperm voyeur (Sarah).rar.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Windows\winsxs\InstallTemp\animal hardcore big (Sarah).avi.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_d81c96999f75bd77\malaysia lingerie public titts femdom .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_bcc167434bb9b3ea\malaysia horse [milf] (Curtney).avi.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f25d066604c2ad34\indian horse hardcore several models .avi.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8bfc34b93f0fdd42\animal blowjob masturbation YEâPSè& .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_aedaf3947d09fbe5\black fetish beast [free] .mpg.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_515dc677700303ec\trambling public .rar.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\danish gang bang beast several models leather .zip.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\horse licking (Samantha).zip.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\xxx girls YEâPSè& .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05\nude beast full movie .avi.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_5e4ff1f4cf2dee9b\handjob horse full movie blondie (Christine,Liz).rar.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_4d274741486b900c\african hardcore [bangbus] titts fishy .rar.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\danish horse beast public (Janette).mpg.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_6.1.7600.16385_none_49dd84a06c7c8863\french lingerie catfight glans .rar.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e30b5ec05031d17d\danish cum hardcore licking leather (Jenna,Sarah).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_6208b91f46896156\russian cum trambling licking (Sylvia).avi.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_dd18b2a07d49aa11\canadian trambling masturbation hole young .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_664dbffec8693dfe\french bukkake big hole gorgeoushorny .rar.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\indian fetish hardcore girls (Jade).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Windows\PLA\Templates\fucking several models glans .avi.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_34400a5790d1d336\nude horse public cock blondie (Liz).mpg.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_97a45841ff925aa0\blowjob girls (Tatjana).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_60a2cbbf935c42b4\black kicking sperm voyeur feet shoes .zip.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ad7c61fb28607522\indian nude trambling hot (!) hairy .mpg.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_dba3691c6002e10e\malaysia blowjob hidden (Liz).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Windows\Downloaded Program Files\italian animal xxx several models young .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\swedish cumshot gay masturbation swallow .avi.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\horse [free] 50+ .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_00225053e03f4c04\beast masturbation cock .rar.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Windows\SoftwareDistribution\Download\black handjob lingerie hidden (Sarah).avi.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_de-de_5803850b2f40840e\action beast public .mpg.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_963e6ae24c653bfe\lesbian catfight feet .mpg.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_d8216ed3d8746200\gay public hole .mpg.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_b7f38afb92de484f\brasilian action bukkake masturbation redhair .avi.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Windows\mssrv.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\Downloads\tyrkish porn fucking full movie leather .mpg.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0ac4ebfc358e5ec0\asian horse licking swallow .avi.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_05ea1d9b8e2bf020\xxx lesbian upskirt .avi.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_ddab3bcb3a4ffb45\brasilian horse blowjob voyeur wifey .avi.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Windows\assembly\temp\tyrkish kicking beast licking titts high heels .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe
"C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe"
C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe
"C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe"
C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe
"C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 242.198.179.183.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.188.83.219.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.57.170.221.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.130.250.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.171.149.59.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.43.12.25.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 160.14.213.81.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 51.232.216.29.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.113.106.58.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 143.135.203.221.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.57.168.227.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 112.35.133.82.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 204.77.230.76.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.42.24.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 214.248.37.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.203.118.41.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.251.47.123.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 253.118.25.182.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 181.204.131.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.19.109.253.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.74.165.222.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 7.157.26.248.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.90.105.197.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 123.102.134.59.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.164.65.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 244.171.14.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.65.188.12.in-addr.arpa | udp |
Files
memory/3028-0-0x0000000000400000-0x000000000042B000-memory.dmp
C:\Program Files (x86)\Common Files\microsoft shared\lesbian full movie feet (Sandy,Sylvia).mpeg.exe
| MD5 | 1d29952cd372fbece9f22944f3c4d116 |
| SHA1 | ae25625bcd24834f4e19457d1bd3b14ddb278aee |
| SHA256 | 58de123f1cb3efc1f3840557db6ae92b87c60558b08e31143c58a93e0b3ea767 |
| SHA512 | b60ee6db46a565a6cf70d9ab76e673d39ed2da988e24a711c51a900eef7ba02f797188d9fea80b54b5145d717ead84d7db9a3026ded7616683e9f1edb0f4bcd7 |
memory/3028-39-0x0000000005010000-0x000000000503B000-memory.dmp
memory/2588-42-0x0000000000400000-0x000000000042B000-memory.dmp
memory/2588-78-0x0000000004F20000-0x0000000004F4B000-memory.dmp
memory/1836-79-0x0000000000400000-0x000000000042B000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-03 19:21
Reported
2024-04-03 19:23
Platform
win10v2004-20231215-en
Max time kernel
150s
Max time network
146s
Command Line
Signatures
Detects executables containing possible sandbox analysis VM usernames
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\System32\DriverStore\Temp\horse licking balls .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\SHARED\xxx licking cock mature .avi.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\brasilian beastiality trambling [bangbus] .rar.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\gay masturbation feet black hairunshaved .rar.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\SHARED\tyrkish kicking blowjob [free] swallow .zip.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\swedish handjob hardcore catfight balls .avi.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\lesbian hot (!) feet redhair (Janette).zip.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\blowjob catfight feet .rar.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\japanese cumshot hardcore girls glans girly (Janette).rar.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Windows\System32\LogFiles\Fax\Incoming\horse [free] traffic .zip.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\gay several models fishy .avi.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\lesbian [milf] titts upskirt (Janette).zip.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\Microsoft Office\root\Templates\russian fetish lingerie public .avi.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\xxx full movie ΋ .zip.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Microsoft Shared\brasilian kicking fucking masturbation feet lady (Samantha).mpg.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\american gang bang gay hidden cock (Sonja,Janette).zip.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\russian horse hardcore uncut (Melissa).avi.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\danish action hardcore licking titts black hairunshaved (Liz).mpg.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\brasilian porn lingerie public feet upskirt (Janette).rar.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Shared Gadgets\russian horse gay hot (!) hairy .mpg.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\japanese fetish bukkake hot (!) upskirt .rar.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\black gang bang sperm masturbation (Samantha).mpg.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\horse big cock .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Program Files\dotnet\shared\indian porn sperm uncut YEâPSè& .zip.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\lesbian full movie feet (Sandy,Sylvia).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Program Files\Microsoft Office\Updates\Download\swedish kicking horse voyeur feet wifey (Curtney).mpg.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\hardcore licking hole leather .rar.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\Download\indian gang bang xxx hot (!) shoes .avi.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\lingerie public .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\brasilian handjob xxx sleeping (Curtney).zip.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\security\templates\tyrkish cum fucking masturbation titts pregnant (Janette).rar.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_8fafa997b9980bea\trambling girls .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Windows\WinSxS\x86_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_10.0.19041.1_none_34e3bab50607a64b\norwegian fucking big glans sm .rar.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Windows\SystemResources\Windows.UI.ShellCommon\SharePickerUI\swedish handjob fucking voyeur .rar.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.1_none_f42978969c79336a\british lingerie voyeur (Sarah).zip.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx-aspnet-sharedcomponents_b03f5f7f11d50a3a_4.0.19041.1_none_47ca94859da20b28\lesbian full movie titts sm .rar.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.1_none_b6514808f7d87b1a\african horse public sweet .zip.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_7860bee9439c3ae7\sperm hot (!) cock .avi.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.844_none_67b5915b5651dd8a\xxx [bangbus] hole penetration (Karin).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_855aff45853749ef\italian nude xxx lesbian (Samantha).avi.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_10.0.19041.1_none_91025638be651781\black beastiality blowjob catfight balls .mpg.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_bca64d70c79f104b\fetish fucking full movie penetration .mpg.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_fad1fa0072ef4a3a\african lingerie uncut titts (Sandy,Sarah).rar.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\hardcore public titts black hairunshaved .avi.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\Downloads\brasilian handjob beast uncut .mpg.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-s..mon-sharedresources_31bf3856ad364e35_10.0.19041.1_none_5417ea1f38dbb76b\black nude hardcore voyeur hole .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-update-upshared_31bf3856ad364e35_10.0.19041.1151_none_025296d718a7b3a8\asian horse [bangbus] feet .zip.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\trambling full movie upskirt .mpg.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\Downloads\italian handjob xxx hidden high heels (Anniston,Janette).rar.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_621728fcd3c9d5f6\norwegian lesbian lesbian (Janette).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.153_none_e23c926e32d07dc1\swedish animal blowjob licking lady .zip.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-u..ell-sharedutilities_31bf3856ad364e35_10.0.19041.1_none_813610a8a9b59e0a\blowjob [free] titts sweet (Janette).zip.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Windows\WinSxS\x86_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_10.0.19041.1_none_d980e9752d51efac\blowjob big (Liz).rar.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_de-de_881b257d159a5de8\chinese beast sleeping granny .mpg.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.1_none_c6da8048542fddc7\animal trambling big hole Ôï .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_10.0.19041.1_none_4ac6500cab2b2113\chinese trambling licking bedroom (Sonja,Melissa).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_e79b400a6df5fd2c\japanese beastiality blowjob licking swallow .zip.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_es-es_c9ce604ef4cbf323\lesbian hidden feet shower (Jade).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c3d467c525734eb3\bukkake voyeur sm (Sandy,Jade).rar.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_en-us_310bfb76047869ad\japanese kicking lingerie [bangbus] balls .avi.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_19d22204a1f3fcaf\italian horse beast masturbation hole .avi.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Windows\WinSxS\x86_netfx4-installsqlstatetemplate_sql_b03f5f7f11d50a3a_4.0.15805.0_none_bde408a455fc3ece\norwegian blowjob [bangbus] hole bedroom (Janette).zip.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_de-de_16bd831fd16633be\asian lesbian [bangbus] cock beautyfull (Curtney).zip.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1202_none_d8a1416ab7cccdcf\fetish horse several models cock .zip.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-m..ineshared.resources_31bf3856ad364e35_10.0.19041.1_en-us_a4327320c19e2fa7\norwegian lingerie hidden cock redhair .rar.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Windows\PLA\Templates\xxx hidden .avi.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_f3b35d713ce0fc7f\indian action hardcore masturbation glans .avi.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_de-de_3d077a9cd5de5151\canadian horse catfight castration .zip.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedrealitysvc_31bf3856ad364e35_10.0.19041.746_none_822bf1ada1526fa8\spanish lingerie hidden cock blondie .mpg.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_es-es_e5c3ad79c4e34ebb\hardcore hidden .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.1_none_d12f2a9a88909fc2\tyrkish beastiality hardcore [free] feet traffic .avi.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-security-ntlmshared_31bf3856ad364e35_10.0.19041.1_none_7d9dab4e456449b1\danish action fucking licking titts .mpg.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.1_none_0bc0f3d4cd7dc8fd\british lingerie licking shoes .rar.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_1bbb9ab9fc52bac9\swedish porn gay hidden (Jade).mpg.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_10.0.19041.1_none_359f84f8e5af60e2\spanish blowjob hot (!) titts YEâPSè& (Samantha).rar.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1288_none_6115038ba57fcb33\tyrkish kicking sperm [bangbus] titts ash .zip.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_215194e2327a46ac\italian action gay full movie bedroom .zip.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_de-de_e4e52f411b7b0526\hardcore voyeur fishy .avi.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_10.0.19041.207_none_e2f2dfeea7fa44fc\gay voyeur (Jade).rar.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_07787dd7ae0cf4f6\spanish trambling several models .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.746_none_a06b29f6c4bab99e\african bukkake sleeping .rar.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_b1ffa0e7b4ed03e2\swedish cumshot lingerie voyeur high heels .rar.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_10.0.19041.1_none_bd731e5b85dd203e\spanish gay licking feet mistress (Curtney).mpg.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.1_none_abfc9db6c377b91f\brasilian beastiality trambling [milf] sm .mpg.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_es-es_64c107d8bb3ade94\black horse fucking [milf] .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\danish gang bang beast full movie glans shoes (Sarah).mpg.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Windows\WinSxS\Temp\indian kicking hardcore [free] latex .zip.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.1_none_4a03fd12cb3f16c2\japanese action sperm uncut cock .zip.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.746_none_de598551b74a3964\blowjob licking penetration .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_it-it_56adcc94becfef03\kicking sperm licking .rar.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1_none_a23e6a858fad9595\cum sperm catfight Ôï .rar.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Windows\WinSxS\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_10.0.19041.1_none_4ab14109a3e1e067\spanish trambling catfight bondage .avi.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-s..-kf-commondownloads_31bf3856ad364e35_10.0.19041.1_none_a914e3e3f19ceda1\beast girls leather .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedpc-sharedpccsp_31bf3856ad364e35_10.0.19041.1_none_24f622f1fc5a3f3c\action hardcore masturbation penetration (Jenna,Liz).avi.exe | C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe
"C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe"
C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe
"C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe"
C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe
"C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe"
C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe
"C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.66.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.177.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.121.231.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.125.45.145.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 165.15.246.237.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.11.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.97.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.156.199.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.195.190.160.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 112.170.35.130.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.173.26.153.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 184.33.37.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.38.108.223.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.56.168.15.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.203.186.99.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.198.156.242.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.46.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.148.136.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.50.124.77.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.114.171.29.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.239.245.158.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.243.86.255.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.25.123.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.10.28.171.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.128.56.5.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 248.11.102.148.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 116.88.28.114.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 123.255.76.250.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.234.68.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 112.118.156.234.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.12.15.111.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 44.112.110.181.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 167.2.210.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.102.180.252.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 165.178.100.105.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.201.249.53.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.161.33.6.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 120.153.204.6.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 148.225.192.225.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.89.83.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.67.19.229.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.177.87.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 244.42.17.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.217.191.115.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.70.231.177.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 47.67.123.113.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 128.151.34.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.115.225.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.214.21.183.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.34.109.106.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 126.78.86.231.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 177.103.134.250.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 126.231.227.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.183.115.83.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 51.213.81.241.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.209.13.229.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 189.102.93.242.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.99.111.22.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 62.114.8.138.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.147.172.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 118.140.52.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.56.255.22.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.86.212.145.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.58.180.123.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.99.66.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 96.91.166.215.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.52.141.49.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.195.67.233.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.118.31.195.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.14.141.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.221.182.133.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.147.210.238.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.180.222.17.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.98.243.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 245.181.209.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.254.42.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.113.63.86.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.238.193.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | udp |
Files
memory/2244-0-0x0000000000400000-0x000000000042B000-memory.dmp
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\lesbian full movie feet (Sandy,Sylvia).mpeg.exe
| MD5 | 1d29952cd372fbece9f22944f3c4d116 |
| SHA1 | ae25625bcd24834f4e19457d1bd3b14ddb278aee |
| SHA256 | 58de123f1cb3efc1f3840557db6ae92b87c60558b08e31143c58a93e0b3ea767 |
| SHA512 | b60ee6db46a565a6cf70d9ab76e673d39ed2da988e24a711c51a900eef7ba02f797188d9fea80b54b5145d717ead84d7db9a3026ded7616683e9f1edb0f4bcd7 |
memory/1908-44-0x0000000000400000-0x000000000042B000-memory.dmp
memory/3712-165-0x0000000000400000-0x000000000042B000-memory.dmp