Analysis Overview
SHA256
108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7
Threat Level: Known bad
The file 108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7 was found to be: Known bad.
Malicious Activity Summary
UPX dump on OEP (original entry point)
Detects executables containing possible sandbox analysis VM usernames
UPX dump on OEP (original entry point)
UPX packed file
Checks computer location settings
Reads user/profile data of web browsers
Adds Run key to start application
Enumerates connected drives
Drops file in System32 directory
Drops file in Program Files directory
Drops file in Windows directory
Unsigned PE
Enumerates physical storage devices
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-03 18:45
Signatures
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-03 18:45
Reported
2024-04-03 18:48
Platform
win10v2004-20240226-en
Max time kernel
150s
Max time network
151s
Command Line
Signatures
Detects executables containing possible sandbox analysis VM usernames
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\spanish lesbian fucking hot (!) .zip.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\asian trambling several models shoes .avi.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\bukkake uncut legs pregnant .rar.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\beast bukkake uncut (Tatjana,Gina).zip.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\chinese xxx gay sleeping swallow (Sylvia).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\tyrkish blowjob hot (!) circumcision .rar.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\german porn hidden .zip.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\SHARED\lesbian [milf] glans .zip.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\SHARED\malaysia lesbian gay voyeur feet bedroom .mpg.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\beast several models feet girly (Christine,Janette).avi.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Windows\System32\LogFiles\Fax\Incoming\british lingerie lingerie hot (!) nipples sweet .mpg.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\spanish xxx beastiality hidden cock .mpg.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\dotnet\shared\japanese blowjob masturbation .avi.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Templates\swedish fetish porn hot (!) (Liz).zip.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\indian lesbian hidden (Sonja).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Shared Gadgets\danish animal licking mistress (Britney).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\cumshot trambling masturbation upskirt (Tatjana).rar.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\blowjob hidden .avi.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\african action licking black hairunshaved .avi.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\british porn lesbian shoes .rar.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\chinese kicking uncut (Curtney,Anniston).avi.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\lingerie sleeping boots (Melissa).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\brasilian trambling lesbian several models nipples (Janette,Christine).rar.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\chinese beast masturbation legs sm (Samantha,Sonja).mpg.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\danish cum sleeping pregnant .rar.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\brasilian animal nude [bangbus] pregnant (Samantha).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Program Files\Microsoft Office\Updates\Download\spanish beastiality catfight boobs .rar.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Microsoft Shared\african blowjob lesbian .rar.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\Download\xxx sleeping ash .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\sperm trambling licking .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\EU8B19.tmp\black sperm bukkake hot (!) .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\InputMethod\SHARED\fetish licking castration .zip.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1202_none_d8a1416ab7cccdcf\cum horse [bangbus] ash .avi.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Windows\WinSxS\x86_netfx4-uninstallsqlstatetemplate_sql_b03f5f7f11d50a3a_4.0.15805.0_none_231ddfc33015c6db\asian gay several models boots (Jade,Sarah).avi.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_ee7ea14f7d8a3ee3\cumshot kicking [bangbus] (Britney).avi.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.153_none_e23c926e32d07dc1\french handjob kicking [free] YEâPSè& (Kathrin).zip.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-security-ntlmshared_31bf3856ad364e35_10.0.19041.1_none_7d9dab4e456449b1\brasilian lingerie hidden legs (Melissa).avi.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_adfc5e0bfca53431\danish cumshot [bangbus] 40+ (Curtney,Sylvia).mpg.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.789_en-us_58ebf9ecc407e3c0\beastiality masturbation penetration .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_2fe79eae2833b9b1\chinese handjob fucking lesbian .avi.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1_none_3cfd44d351b1a8ab\blowjob full movie high heels (Karin,Sarah).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_2426cc56d654beaa\canadian bukkake animal sleeping 40+ .rar.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\blowjob animal several models feet .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_6c6bd34f082a97f1\french horse uncut .rar.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.84_none_cee95e04c201c860\german lesbian lingerie hot (!) vagina (Sandy,Tatjana).rar.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Windows\Downloaded Program Files\russian gay trambling several models glans .mpg.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx-aspnet-nonwow64-shared_b03f5f7f11d50a3a_4.0.19041.1_none_d66d07dacac85e2d\black hardcore handjob [milf] (Janette).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_3a3c49005c947bac\kicking fucking full movie .rar.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\Downloads\malaysia blowjob uncut titts .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c3d467c525734eb3\italian kicking [free] .rar.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1288_none_6115038ba57fcb33\malaysia hardcore beast full movie (Curtney,Samantha).rar.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.746_none_b53f8b98f2b3a373\swedish horse girls cock (Janette).mpg.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_19d22204a1f3fcaf\kicking kicking big .rar.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1_none_0b596e2a33be7d4c\cumshot sleeping titts .avi.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.1_none_b201c2e68d8dbc0d\indian horse lingerie lesbian glans (Sonja,Sonja).zip.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_4c786ae2f508e6d5\japanese cum big feet penetration .zip.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedrealitysvc_31bf3856ad364e35_10.0.19041.746_none_822bf1ada1526fa8\danish beastiality hidden girly (Sylvia).mpg.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_10.0.19041.1_none_c513167c1d0a90dd\brasilian action nude hidden (Ashley).avi.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\Downloads\horse voyeur .mpg.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.928_none_33e0d5558cdd7c61\italian trambling beastiality voyeur .mpg.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_07787dd7ae0cf4f6\swedish action voyeur Ôï (Gina,Curtney).zip.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_62312bfbb33d478a\british sperm nude voyeur .zip.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_14c898cc82025c76\kicking porn catfight bondage .rar.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1288_none_56c05939711f0938\russian animal catfight .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Windows\CbsTemp\horse hidden feet .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_211cf1c632a13851\porn public fishy .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_621728fcd3c9d5f6\gang bang nude [free] sm (Sarah).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.964_none_1c1a193f5bfcf136\bukkake horse lesbian legs bondage .rar.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_10.0.19041.1_none_a3d9a07cf2290837\german horse big stockings .mpg.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_887b2378b7b5651d\spanish cum [free] nipples leather (Sarah).zip.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_f07d4fae3e8e883f\action bukkake uncut nipples black hairunshaved .rar.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_b597a55b603b537d\swedish lingerie cum uncut legs .rar.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.84_none_c494b3b28da10665\lesbian licking glans balls .rar.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\action cumshot [bangbus] (Sandy).mpg.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_it-it_4c5922428a6f2d08\horse trambling masturbation .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_en-us_64f5aaf4bb13ecef\chinese gang bang sperm lesbian traffic .mpg.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\russian beast horse hidden (Kathrin).rar.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..se-shared-datafiles_31bf3856ad364e35_10.0.19041.1_none_2f5f00d280dce9f6\malaysia nude hot (!) legs .mpg.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.1_none_abfc9db6c377b91f\spanish blowjob big (Jenna).zip.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_de-de_e4e52f411b7b0526\cumshot [free] legs .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\indian gay animal several models granny (Curtney,Karin).rar.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1_none_a23e6a858fad9595\indian hardcore licking (Karin).zip.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_215194e2327a46ac\porn cum hidden vagina 40+ (Britney,Karin).zip.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5021dd18efc0460c\porn blowjob voyeur (Liz,Jenna).zip.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.1_none_6e0e425bd0e83959\fucking public .zip.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_10.0.19041.1_none_965fbcbe4df0916b\french handjob horse hot (!) hole swallow .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_bfae5918c0443f83\porn fetish masturbation bedroom .zip.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-m..ineshared.resources_31bf3856ad364e35_10.0.19041.1_en-us_99ddc8ce8d3d6dac\blowjob sleeping bondage .zip.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.1_none_d12f2a9a88909fc2\blowjob fetish voyeur legs shoes .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.1_none_f42978969c79336a\beastiality licking .zip.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_b1ffa0e7b4ed03e2\swedish gang bang cumshot hidden (Liz,Anniston).avi.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_10.0.19041.1_none_03040a328f65b761\beast animal hidden gorgeoushorny (Gina).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx4-_dataperfcou.._shared12_neutral_h_b03f5f7f11d50a3a_4.0.15805.0_none_24ed4511dcc3019e\fucking lingerie full movie .avi.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.746_none_de598551b74a3964\african gay blowjob big ejaculation .rar.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.867_en-us_49453482f1fb5356\beastiality big vagina (Gina,Kathrin).mpg.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe
"C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe"
C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe
"C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe"
C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe
"C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe"
C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe
"C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.186.56.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 213.122.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 47.206.59.25.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.44.215.182.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.7.76.101.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.173.125.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.244.192.191.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 174.252.156.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.185.117.249.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.166.145.97.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.105.171.107.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.134.181.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.12.233.113.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 248.118.198.226.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 252.107.67.236.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 115.229.234.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.250.139.210.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 141.142.154.125.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.202.215.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 115.202.42.155.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 245.238.47.59.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.108.222.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.226.90.122.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.59.89.80.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.143.156.5.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.183.122.129.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 132.27.244.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.253.229.250.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.27.196.153.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.56.237.195.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.19.129.251.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.234.224.113.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 116.152.139.24.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 252.169.164.28.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.62.253.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.226.12.225.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 115.60.240.21.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.247.133.113.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.107.159.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.70.182.242.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 147.48.38.135.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 116.16.73.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.130.225.30.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.114.217.223.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.96.44.220.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.201.91.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 135.179.1.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.147.197.1.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.39.94.202.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.81.111.149.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.241.55.164.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.104.222.220.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 54.43.46.186.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.103.3.41.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.93.90.220.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 230.9.135.15.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 243.49.23.82.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 230.74.202.145.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.213.21.165.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.145.226.165.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.7.250.24.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 247.248.191.33.in-addr.arpa | udp |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp |
Files
memory/2964-0-0x0000000000400000-0x000000000041B000-memory.dmp
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\brasilian animal nude [bangbus] pregnant (Samantha).mpeg.exe
| MD5 | c0e7c5ab583f0c5dc3ba8ceffff7bf83 |
| SHA1 | 080c3d42fdea2dea9d0908aeab1ea64e3a5b527c |
| SHA256 | 4694bb1132794b928fd71438986974eb447dd87da16ea46a0a7feaedf87c75cc |
| SHA512 | d0696d5b7d8bf1f05fb5451958465207d261c473db2525cc581605ec69bdc05c2e80398af9e56f012998fd24efb5264c552a45f81ed7da22a11584f9113f4340 |
memory/1568-55-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2188-170-0x0000000000400000-0x000000000041B000-memory.dmp
memory/1228-171-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2964-189-0x0000000000400000-0x000000000041B000-memory.dmp
memory/1568-190-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2188-192-0x0000000000400000-0x000000000041B000-memory.dmp
memory/1228-193-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2964-194-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2964-200-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2964-210-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2964-214-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2964-219-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2964-223-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2964-227-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2964-231-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2964-235-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2964-239-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2964-243-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2964-247-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2964-251-0x0000000000400000-0x000000000041B000-memory.dmp
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-03 18:45
Reported
2024-04-03 18:48
Platform
win7-20240221-en
Max time kernel
154s
Max time network
163s
Command Line
Signatures
Detects executables containing possible sandbox analysis VM usernames
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\IME\shared\gay lesbian catfight ejaculation (Ashley,Britney).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\kicking girls legs .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\malaysia fetish fucking hidden (Britney,Sylvia).zip.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\african trambling several models .mpg.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\gang bang sleeping titts mature (Sandy,Sonja).rar.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\japanese animal cum [free] 40+ (Anniston).mpg.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\italian xxx hot (!) ìï (Jenna).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\shared\asian handjob porn [bangbus] feet .zip.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Windows\System32\LogFiles\Fax\Incoming\beastiality big .rar.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\porn fucking licking vagina blondie .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\chinese porn sperm [bangbus] fishy .avi.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Program Files\Windows Journal\Templates\bukkake nude public vagina young .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\beast action hot (!) wifey .avi.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\Download\horse masturbation nipples mistress (Tatjana,Liz).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\japanese kicking [free] .mpg.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\fucking gang bang girls black hairunshaved .mpg.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\handjob kicking [milf] 50+ (Samantha,Tatjana).zip.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\indian horse sperm [free] shower .rar.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Program Files\DVD Maker\Shared\tyrkish lesbian hidden beautyfull .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Shared Gadgets\black action lingerie licking gorgeoushorny .mpg.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\swedish fucking licking boobs .mpg.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\microsoft shared\black cum several models lady .zip.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\swedish fucking uncut glans (Sonja,Sonja).rar.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\handjob nude big high heels .mpg.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\german horse hardcore [milf] glans .avi.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8d9f242de8497d58\russian beastiality animal public .rar.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_16a2bb1dbab1c595\indian cum masturbation .mpg.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_f3c374fc18118ca2\spanish gang bang porn lesbian swallow (Sandy,Sonja).rar.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f25d066604c2ad34\norwegian trambling hot (!) glans ìï .avi.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_34400a5790d1d336\fetish lesbian sleeping bedroom (Janette).rar.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_7bfdfb15e7184c41\fetish trambling voyeur .avi.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_94828572f7ddbf0f\brasilian blowjob bukkake hidden .avi.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_6.1.7600.16385_none_af6f98ff87b0e3cc\action licking boobs sweet (Sylvia).mpg.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_5e4ff1f4cf2dee9b\indian cum xxx [bangbus] girly .rar.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Windows\SoftwareDistribution\Download\gang bang beastiality [free] 40+ .avi.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_1412267f4b3bb985\xxx voyeur swallow .avi.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_60a2cbbf935c42b4\swedish action voyeur feet black hairunshaved .mpg.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Windows\mssrv.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_4fe2107fd06efdd8\asian horse [free] boobs wifey .rar.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0af98f1835676d1b\fucking beastiality lesbian ash high heels (Sarah).rar.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_cd2006602e5ee22e\trambling [free] vagina .rar.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_es-es_00bfb7e81e458178\danish horse public .avi.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_dba3691c6002e10e\norwegian horse big girly .rar.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_a945e2c500c90142\hardcore big balls .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\gang bang xxx [bangbus] .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\kicking lesbian beautyfull (Ashley,Liz).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Windows\assembly\tmp\trambling action licking vagina (Christine).avi.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\trambling girls hotel .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ea4a469ab7713182\nude full movie .avi.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_965db382b6fef5cb\german xxx [bangbus] ash .avi.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0993a1b8823a4e79\british kicking voyeur .mpg.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Windows\Downloaded Program Files\kicking full movie mistress .avi.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_6f0f7833cb71e18d\brasilian cumshot sleeping feet .mpg.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b4aea777fe683838\malaysia gang bang animal masturbation glans penetration .avi.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_bacc7ceffc55dca2\fucking trambling hot (!) castration .mpg.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_6.1.7600.16385_none_a727eb798dcfb185\italian nude hidden sm (Sonja).mpg.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\black lesbian hot (!) granny (Sylvia).zip.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\porn xxx uncut .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_99b74194b7347cab\handjob hidden glans castration .zip.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8c6fc5a7aa8c435d\black beastiality voyeur .rar.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_6.1.7600.16385_none_6377027f0030a06a\beastiality catfight (Britney).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_6208b91f46896156\norwegian fucking masturbation .zip.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_c26c5b8280c6af34\hardcore blowjob hot (!) vagina traffic .mpg.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\beast beast [bangbus] swallow .rar.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\Downloads\asian sperm sleeping hairy (Sonja).mpg.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8bfc34b93f0fdd42\cumshot [milf] fishy .mpg.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_aea650787d30ed8a\spanish beast girls young .mpg.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_b7f38afb92de484f\chinese horse [free] boobs leather .zip.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_00225053e03f4c04\asian fetish lesbian [bangbus] mistress .mpg.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ac16749b75335680\tyrkish fucking lesbian voyeur glans (Sonja,Christine).rar.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\porn [free] feet .rar.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\japanese beastiality blowjob hot (!) .avi.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_aedaf3947d09fbe5\fetish horse hot (!) .rar.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e30b5ec05031d17d\norwegian horse [milf] wifey .rar.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ad7c61fb28607522\blowjob masturbation penetration .mpg.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_05ea1d9b8e2bf020\fetish sleeping blondie .mpg.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_664dbffec8693dfe\american beastiality beast masturbation (Janette,Britney).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\british horse lesbian catfight femdom (Karin,Jenna).rar.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_6.1.7600.16385_none_5499606faffb3f9f\action xxx uncut femdom .mpg.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_3c93ac15fd731acf\chinese beast porn [milf] cock (Liz).avi.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\beast beast lesbian bedroom .rar.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\cum hot (!) granny .mpg.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a3772de7111797da\horse trambling full movie hole hairy .zip.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_97a45841ff925aa0\chinese beast [free] ash .mpg.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_39374e2435a71b47\fetish sleeping fishy (Curtney).zip.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_bcc167434bb9b3ea\black beast [milf] girly .mpg.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0ac4ebfc358e5ec0\cum nude several models .rar.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_4d274741486b900c\blowjob masturbation .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_7f84cd98a7a56fd8\hardcore hidden young (Janette).avi.exe | C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe
"C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe"
C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe
"C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe"
C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe
"C:\Users\Admin\AppData\Local\Temp\108a34d9c5263d13c6380872b7a788e7651acb29edbb4965eee2dfda54f3d7d7.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 166.207.116.25.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 187.207.117.79.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.202.7.70.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.190.84.179.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 115.113.201.242.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.245.30.29.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 186.82.74.129.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.155.59.116.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 219.98.150.170.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.28.233.231.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.137.198.220.in-addr.arpa | udp |
Files
memory/2860-0-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2860-4-0x00000000046D0000-0x00000000046EB000-memory.dmp
memory/2156-5-0x0000000000400000-0x000000000041B000-memory.dmp
C:\Program Files\Windows Sidebar\Shared Gadgets\black action lingerie licking gorgeoushorny .mpg.exe
| MD5 | c13d35bfb575722361f8a0c51818d546 |
| SHA1 | 6d2af12f5655eda7b6d07446b58846a7b7fdf2ad |
| SHA256 | 51d2ab1502a63a8df0fb8b5384bfda1b0b2f444a2566bb4dfe059fa6a2f76ebe |
| SHA512 | e62fcace23eb4917ef66ff7ca46fe27336c010b3fb9c9de59e554829cf3ba3a392088ccfea491b73c70928968dd7a16ad06516dfa95d3609ba27e73ccccc736f |
memory/2156-28-0x00000000047C0000-0x00000000047DB000-memory.dmp
memory/2616-29-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2860-63-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2156-64-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2616-65-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2860-70-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2860-89-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2860-95-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2860-98-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2860-101-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2860-104-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2860-107-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2860-111-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2860-124-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2860-127-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2860-130-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2860-135-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2860-138-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2860-141-0x0000000000400000-0x000000000041B000-memory.dmp