Analysis Overview
SHA256
243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64
Threat Level: Known bad
The file 243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64 was found to be: Known bad.
Malicious Activity Summary
UPX dump on OEP (original entry point)
UPX dump on OEP (original entry point)
Detects executables containing possible sandbox analysis VM usernames
Checks computer location settings
Reads user/profile data of web browsers
UPX packed file
Enumerates connected drives
Adds Run key to start application
Drops file in System32 directory
Drops file in Windows directory
Drops file in Program Files directory
Enumerates physical storage devices
Unsigned PE
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-03 19:28
Signatures
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-03 19:28
Reported
2024-04-03 19:31
Platform
win10v2004-20240226-en
Max time kernel
150s
Max time network
155s
Command Line
Signatures
Detects executables containing possible sandbox analysis VM usernames
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\FxsTmp\horse [milf] glans boots .mpg.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\hardcore [free] .mpg.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\trambling [bangbus] glans shower (Curtney).avi.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\SHARED\lingerie several models titts pregnant (Samantha).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\american handjob lingerie full movie (Tatjana).mpg.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\russian kicking sperm hot (!) shoes .avi.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\tyrkish horse gay hot (!) sweet .rar.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\SHARED\blowjob big cock castration (Karin).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Windows\System32\LogFiles\Fax\Incoming\tyrkish horse bukkake hidden .mpg.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\american fetish bukkake licking femdom .avi.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\bukkake voyeur .avi.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\swedish action sperm full movie feet .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\Windows Sidebar\Shared Gadgets\beast public (Jade).zip.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\danish action horse lesbian 50+ .rar.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\Download\bukkake [bangbus] .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Templates\italian animal bukkake big glans (Kathrin,Sylvia).avi.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Program Files\Microsoft Office\Updates\Download\hardcore licking hotel .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\black fetish xxx uncut traffic .mpg.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\danish animal trambling public traffic (Anniston,Tatjana).avi.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\italian nude fucking big shoes .avi.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\trambling voyeur cock boots .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\japanese animal sperm [milf] hole lady (Curtney).zip.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\russian nude xxx [milf] titts .rar.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\swedish action fucking licking (Liz).rar.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Program Files\dotnet\shared\blowjob full movie glans high heels (Curtney).zip.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\american beastiality gay hidden fishy .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\beast full movie 50+ .zip.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\fucking lesbian hole .zip.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\indian kicking trambling hot (!) gorgeoushorny .avi.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Microsoft Shared\black nude blowjob public cock .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\mssrv.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_10.0.19041.1_none_91025638be651781\danish handjob hardcore [bangbus] (Liz).mpg.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_a4f93129c473df49\action beast voyeur .rar.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_5d54c0aac5c3c12c\danish action beast hot (!) sweet .avi.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_19d22204a1f3fcaf\french beast girls stockings .zip.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-security-ntlmshared_31bf3856ad364e35_10.0.19041.1_none_734900fc110387b6\asian hardcore [bangbus] .mpg.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_fe0807c37141be7a\porn lesbian licking traffic .zip.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.746_none_b53f8b98f2b3a373\swedish horse gay full movie cock upskirt .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_bfae5918c0443f83\sperm girls .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_887b2378b7b5651d\cum hardcore full movie (Tatjana).mpg.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedrealitysvc_31bf3856ad364e35_10.0.19041.746_none_822bf1ada1526fa8\horse full movie hole (Sonja,Jade).avi.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.746_none_aaeae146be52e178\japanese porn bukkake big redhair .rar.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_de-de_e4e52f411b7b0526\sperm hot (!) glans .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1288_none_6115038ba57fcb33\norwegian bukkake masturbation 50+ .rar.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1_none_3cfd44d351b1a8ab\indian gang bang sperm girls titts .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..ces-ime-eashared-lm_31bf3856ad364e35_10.0.19041.1_none_4756d423b091d10b\spanish fucking sleeping hole pregnant .zip.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_es-es_c9ce604ef4cbf323\norwegian horse hot (!) cock .zip.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_2426cc56d654beaa\animal hardcore catfight balls .avi.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Windows\assembly\tmp\swedish handjob sperm lesbian cock blondie (Liz).avi.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Windows\Downloaded Program Files\swedish animal xxx hidden glans bondage .avi.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_es-es_e5c3ad79c4e34ebb\tyrkish cumshot sperm [milf] .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1288_none_56c05939711f0938\swedish animal lingerie uncut shower .avi.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Windows\SystemResources\Windows.UI.ShellCommon\SharePickerUI\american handjob gay uncut cock leather .rar.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Windows\WinSxS\msil_microsoft.powershel..filedownloadmanager_31bf3856ad364e35_10.0.19041.1_none_cb69bad627df9263\fucking masturbation girly (Britney,Karin).mpg.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.546_none_cd016aa683e5a345\spanish fucking public Ôï .zip.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Windows\PLA\Templates\american action gay girls .mpg.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_b1ffa0e7b4ed03e2\hardcore uncut glans (Ashley,Jade).mpg.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\japanese porn xxx full movie feet .mpg.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-s..mon-sharedresources_31bf3856ad364e35_10.0.19041.1_none_5417ea1f38dbb76b\blowjob hot (!) boots .avi.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.84_none_c494b3b28da10665\indian nude hardcore big glans sm .zip.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx-aspnet-nonwow64-shared_b03f5f7f11d50a3a_4.0.19041.1_none_d66d07dacac85e2d\fetish horse hidden titts hotel (Sylvia).avi.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_fad1fa0072ef4a3a\british trambling voyeur latex .zip.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\brasilian cum gay girls .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1_none_a23e6a858fad9595\hardcore licking mistress .mpg.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_it-it_72a319bf8ee74a9b\horse horse [bangbus] (Sylvia).mpg.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_b597a55b603b537d\russian cumshot fucking several models wifey .mpg.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\sperm big blondie .zip.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_d58d4747b1d5988c\swedish cumshot hardcore girls hole circumcision .avi.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\Downloads\indian horse fucking [free] latex .mpg.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..s-ime-eashared-ihds_31bf3856ad364e35_10.0.19041.1_none_e8996b7d3512363f\japanese action hardcore voyeur .rar.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_2610450c30b37cc4\brasilian animal trambling [bangbus] (Curtney).rar.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d38ece58f77171b4\porn sperm big mature .avi.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_1bbb9ab9fc52bac9\norwegian gay lesbian titts mistress (Curtney).rar.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_10.0.19041.1_none_a3d9a07cf2290837\fucking full movie hole shoes (Melissa).mpg.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_10.0.19041.746_none_e2c6a972a81b8d2c\german sperm masturbation feet circumcision .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_93c5f32b7859ec4f\handjob fucking licking .zip.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c3d467c525734eb3\fetish sperm [milf] (Sarah).mpg.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-t..ervices-tsfairshare_31bf3856ad364e35_10.0.19041.746_none_0b33a1c93a22de1c\malaysia gay public 40+ .rar.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_en-us_8dd6053a0a5910eb\american cumshot hardcore masturbation (Melissa).zip.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.906_none_f962ab5f47e1e896\xxx hot (!) feet .zip.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-m..ineshared.resources_31bf3856ad364e35_10.0.19041.1_en-us_a4327320c19e2fa7\spanish gay full movie swallow .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.1266_none_7916f7558927ae23\trambling [milf] hole (Jenna,Karin).zip.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_e79b400a6df5fd2c\asian gay masturbation glans .rar.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_10.0.19041.1_none_ae957c4c35a7bf73\chinese blowjob sleeping bondage .rar.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_3a3c49005c947bac\indian cumshot hardcore big hotel .mpg.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1202_none_e2f5ebbcec2d8fca\horse hot (!) feet gorgeoushorny .mpg.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.906_none_ef0e010d1381269b\canadian trambling big gorgeoushorny (Gina,Tatjana).zip.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1_none_0b596e2a33be7d4c\swedish beastiality trambling masturbation gorgeoushorny (Christine,Karin).avi.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_10.0.19041.1_none_ee94ce5eb8e7e4c0\asian lesbian hot (!) (Janette).rar.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.746_none_de598551b74a3964\cum hardcore hidden (Karin).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx4-_dataperfcou.._shared12_neutral_h_b03f5f7f11d50a3a_4.0.15805.0_none_24ed4511dcc3019e\canadian bukkake big feet (Sandy,Jade).avi.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1_none_97e9c0335b4cd39a\italian horse sperm hot (!) (Curtney).rar.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\american horse gay voyeur glans hotel .mpg.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Windows\InputMethod\SHARED\blowjob uncut glans .zip.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe
"C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe"
C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe
"C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe"
C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe
"C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe"
C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe
"C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 226.108.222.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.58.20.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.117.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.151.140.114.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 60.52.37.99.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.73.98.57.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.238.167.7.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 123.160.85.70.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.154.33.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.108.222.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.18.158.38.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.168.168.210.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 224.221.161.77.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.110.25.249.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 221.12.213.168.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.52.50.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.196.183.5.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.6.116.174.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 51.15.216.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.153.206.48.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.37.176.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.98.183.86.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.64.103.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.28.76.242.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.101.131.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 247.183.255.57.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.22.76.112.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.133.116.136.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.114.78.32.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.153.84.205.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 85.232.31.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 221.43.35.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.168.31.127.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.42.29.170.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.96.144.115.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.218.134.208.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.84.173.16.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.35.62.233.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.74.49.14.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.235.114.76.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.73.42.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.229.80.202.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.247.65.45.in-addr.arpa | udp |
Files
memory/224-0-0x0000000000400000-0x000000000041C000-memory.dmp
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\american beastiality gay hidden fishy .mpeg.exe
| MD5 | 63be618c1304964c87b6c3951ae473d0 |
| SHA1 | b71ef70e37c43de8b314622eea6e9e3c0de50700 |
| SHA256 | d3e6b40b16a815291e2b95c2777835b28805500037ae927b608f1aab2e4e60ca |
| SHA512 | 9f0bd26ebec716bef3fad730113ff719ecadead395a57eed29a5be85c62555edb75420632e8642cb78462e1ff48d33ce6f0087e902d78624390116c588df1ea6 |
memory/224-143-0x0000000000400000-0x000000000041C000-memory.dmp
memory/1148-168-0x0000000000400000-0x000000000041C000-memory.dmp
memory/3972-184-0x0000000000400000-0x000000000041C000-memory.dmp
memory/1724-185-0x0000000000400000-0x000000000041C000-memory.dmp
memory/224-186-0x0000000000400000-0x000000000041C000-memory.dmp
memory/224-187-0x0000000000400000-0x000000000041C000-memory.dmp
memory/224-191-0x0000000000400000-0x000000000041C000-memory.dmp
memory/224-204-0x0000000000400000-0x000000000041C000-memory.dmp
memory/224-209-0x0000000000400000-0x000000000041C000-memory.dmp
memory/224-215-0x0000000000400000-0x000000000041C000-memory.dmp
memory/224-229-0x0000000000400000-0x000000000041C000-memory.dmp
memory/224-233-0x0000000000400000-0x000000000041C000-memory.dmp
memory/224-237-0x0000000000400000-0x000000000041C000-memory.dmp
memory/224-241-0x0000000000400000-0x000000000041C000-memory.dmp
memory/224-246-0x0000000000400000-0x000000000041C000-memory.dmp
memory/224-250-0x0000000000400000-0x000000000041C000-memory.dmp
memory/224-254-0x0000000000400000-0x000000000041C000-memory.dmp
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-03 19:28
Reported
2024-04-03 19:31
Platform
win7-20240221-en
Max time kernel
150s
Max time network
152s
Command Line
Signatures
Detects executables containing possible sandbox analysis VM usernames
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\config\systemprofile\russian cum beast [bangbus] cock .rar.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\tyrkish porn blowjob hot (!) (Samantha).zip.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Windows\System32\LogFiles\Fax\Incoming\black kicking fucking hot (!) titts .zip.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\japanese porn hardcore full movie 40+ .rar.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\shared\danish nude bukkake hot (!) YEâPSè& .zip.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\american nude hardcore masturbation feet sweet .mpg.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\tyrkish fetish lesbian masturbation leather .mpg.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\american handjob beast masturbation femdom .mpg.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\bukkake sleeping (Karin).zip.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\shared\tyrkish cum beast girls hole hairy (Sylvia).avi.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\Windows Sidebar\Shared Gadgets\indian animal bukkake [milf] upskirt .mpg.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\microsoft shared\bukkake public 40+ (Jenna,Liz).mpg.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\russian gang bang beast hidden stockings .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\beast [bangbus] feet 50+ .zip.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Program Files\DVD Maker\Shared\lesbian sleeping .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\italian cumshot blowjob lesbian mistress .rar.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\xxx uncut feet (Jenna,Melissa).avi.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\tyrkish kicking fucking several models pregnant .zip.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\beast [bangbus] cock .rar.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Program Files\Windows Journal\Templates\japanese action hardcore girls swallow .zip.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\italian cum trambling big (Samantha).zip.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\Download\swedish cumshot trambling licking sm .zip.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\trambling lesbian pregnant (Ashley,Jade).rar.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\russian action beast hidden .zip.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\brasilian cumshot blowjob girls hole hairy .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_ddab3bcb3a4ffb45\norwegian lingerie masturbation hole mistress .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\brasilian animal xxx several models (Sylvia).mpg.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_2e7f079c3208e549\fucking lesbian (Sarah).zip.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Windows\winsxs\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_79642285ffd2a388\kicking lingerie lesbian black hairunshaved .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_963e6ae24c653bfe\black handjob beast big (Samantha).mpg.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_4d274741486b900c\indian nude lingerie masturbation feet .rar.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\japanese fetish blowjob uncut 40+ .zip.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\xxx full movie YEâPSè& .zip.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Windows\Downloaded Program Files\bukkake hidden 40+ .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f25d066604c2ad34\spanish beast hidden glans penetration .avi.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0af98f1835676d1b\tyrkish nude trambling voyeur granny (Jenna,Sylvia).avi.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_5e4ff1f4cf2dee9b\german horse several models femdom .zip.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_bacc7ceffc55dca2\african xxx hidden (Liz).avi.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_a945e2c500c90142\lesbian catfight pregnant .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_515dc677700303ec\trambling hidden titts leather (Samantha).rar.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\gay [free] .mpg.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\indian cum lingerie full movie .rar.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Windows\assembly\temp\japanese animal hardcore big cock .avi.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_en-us_00f45b041e1e8fd3\cumshot lingerie uncut feet (Kathrin,Melissa).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0993a1b8823a4e79\nude hardcore [free] YEâPSè& .rar.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_dd18b2a07d49aa11\american porn gay [bangbus] hole ejaculation (Liz).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\swedish kicking xxx licking cock .mpg.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_65b23d3c3a97bfaf\beast public (Liz).avi.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_60c2504d62fd4f0e\gay catfight titts redhair .rar.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_94ab98ac6d213009\swedish beastiality beast lesbian ìï .zip.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\horse [bangbus] hole redhair (Curtney).rar.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8bfc34b93f0fdd42\spanish xxx hidden black hairunshaved .avi.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Windows\security\templates\gay lesbian gorgeoushorny .avi.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_94828572f7ddbf0f\malaysia bukkake girls titts .zip.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e30b5ec05031d17d\french blowjob [bangbus] hole fishy .rar.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ac16749b75335680\danish porn trambling hidden 40+ .zip.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_b7f38afb92de484f\african beast public .rar.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_6.1.7600.16385_none_49dd84a06c7c8863\african fucking licking (Melissa).avi.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_6208b91f46896156\horse lesbian big sweet .zip.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\fucking sleeping glans mistress .zip.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\russian kicking sperm voyeur traffic .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_f27c4f066f5c6701\italian beastiality blowjob big cock granny .avi.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_9498b282333b64ec\fucking masturbation feet traffic .avi.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_3c93ac15fd731acf\norwegian xxx hot (!) mistress .rar.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_657d9a203abeb154\british trambling [free] hole .zip.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_de-de_5803850b2f40840e\malaysia trambling catfight (Samantha).mpg.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_6.1.7600.16385_none_6377027f0030a06a\french bukkake big (Curtney).avi.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_it-it_18a6fde3093acac7\nude xxx [bangbus] feet (Gina,Liz).zip.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Windows\winsxs\InstallTemp\asian trambling masturbation gorgeoushorny .rar.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_f3c374fc18118ca2\indian nude sperm hot (!) .rar.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\lesbian hidden pregnant .avi.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\Downloads\tyrkish handjob lingerie masturbation 50+ .avi.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\italian kicking trambling catfight hole gorgeoushorny .rar.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\blowjob lesbian feet traffic .zip.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8d9f242de8497d58\danish horse horse masturbation hotel (Kathrin,Curtney).zip.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_095efe9c8261401e\japanese animal xxx big glans .rar.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_3b85bcbe4734e96a\german trambling licking hole ìï (Curtney).rar.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\bukkake full movie titts sm .mpg.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8c6fc5a7aa8c435d\porn gay [bangbus] feet ejaculation .zip.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_34400a5790d1d336\spanish lesbian licking young (Jenna,Melissa).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Windows\winsxs\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_6b16fa9f975e1109\brasilian gang bang gay uncut young .zip.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\Downloads\xxx full movie titts girly (Janette).rar.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_d81c96999f75bd77\cum trambling [milf] .rar.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_00225053e03f4c04\black cum lingerie masturbation glans fishy .avi.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_6.1.7600.16385_none_a727eb798dcfb185\porn lesbian public (Janette).avi.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_05ea1d9b8e2bf020\lesbian [free] .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_965db382b6fef5cb\danish action blowjob public feet granny (Tatjana).zip.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b4aea777fe683838\gang bang lingerie public bedroom .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_97a45841ff925aa0\norwegian blowjob lesbian castration (Kathrin,Tatjana).zip.exe | C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe
"C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe"
C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe
"C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe"
C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe
"C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe"
C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe
"C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 211.3.140.117.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.39.239.176.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 167.207.229.166.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.213.125.9.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 107.6.50.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.96.55.208.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 7.170.239.63.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.77.48.228.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.70.47.114.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 188.217.232.63.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.136.68.146.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 189.67.250.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.78.25.201.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 255.121.136.229.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.217.22.194.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.129.201.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.199.238.48.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 159.159.26.122.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.37.216.41.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.248.42.94.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.27.23.154.in-addr.arpa | udp |
Files
memory/2320-0-0x0000000000400000-0x000000000041C000-memory.dmp
C:\Program Files\Windows Sidebar\Shared Gadgets\indian animal bukkake [milf] upskirt .mpg.exe
| MD5 | 553f80d628e5674524040d702e2550ce |
| SHA1 | 7c2e02f2a9c1aeaca3338190c851d1ad5ee7a6ab |
| SHA256 | 1a7e68a7d754ab8a56f231e8f5dc840f6fee98e4b8a87e92d147ec4dada256ea |
| SHA512 | 3dce8ac05fbee88267d7fe23ab83bcf3abe7f295a90de8eb802f3954a9d509b02a95712a85c07818d1ca32731c4a5c0da18981b71fa4686db2e2695eb2e50a19 |
memory/2320-8-0x0000000000530000-0x000000000054C000-memory.dmp
memory/3024-9-0x0000000000400000-0x000000000041C000-memory.dmp
memory/3024-53-0x00000000044A0000-0x00000000044BC000-memory.dmp
memory/2320-54-0x00000000047F0000-0x000000000480C000-memory.dmp
memory/2508-55-0x0000000000400000-0x000000000041C000-memory.dmp
memory/2444-56-0x0000000000400000-0x000000000041C000-memory.dmp
memory/2320-90-0x0000000000400000-0x000000000041C000-memory.dmp
memory/3024-91-0x0000000000400000-0x000000000041C000-memory.dmp
memory/2320-94-0x0000000000400000-0x000000000041C000-memory.dmp
memory/2320-95-0x0000000000400000-0x000000000041C000-memory.dmp
memory/3024-100-0x00000000044A0000-0x00000000044BC000-memory.dmp
memory/2320-101-0x00000000047F0000-0x000000000480C000-memory.dmp
memory/2320-102-0x0000000000400000-0x000000000041C000-memory.dmp
memory/2320-116-0x0000000000400000-0x000000000041C000-memory.dmp
memory/2320-120-0x0000000000400000-0x000000000041C000-memory.dmp
memory/2320-124-0x0000000000400000-0x000000000041C000-memory.dmp
memory/2320-128-0x0000000000400000-0x000000000041C000-memory.dmp
memory/2320-132-0x0000000000400000-0x000000000041C000-memory.dmp
memory/2320-138-0x0000000000400000-0x000000000041C000-memory.dmp
memory/2320-142-0x0000000000400000-0x000000000041C000-memory.dmp
memory/2320-146-0x0000000000400000-0x000000000041C000-memory.dmp
memory/2320-156-0x0000000000400000-0x000000000041C000-memory.dmp
memory/2320-160-0x0000000000400000-0x000000000041C000-memory.dmp
memory/2320-164-0x0000000000400000-0x000000000041C000-memory.dmp