Analysis Overview
SHA256
1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd
Threat Level: Known bad
The file 1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd was found to be: Known bad.
Malicious Activity Summary
UPX dump on OEP (original entry point)
Detects executables containing possible sandbox analysis VM usernames
UPX dump on OEP (original entry point)
Checks computer location settings
Reads user/profile data of web browsers
UPX packed file
Adds Run key to start application
Enumerates connected drives
Drops file in System32 directory
Drops file in Program Files directory
Drops file in Windows directory
Unsigned PE
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-03 18:51
Signatures
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-03 18:51
Reported
2024-04-03 18:54
Platform
win7-20240221-en
Max time kernel
150s
Max time network
149s
Command Line
Signatures
Detects executables containing possible sandbox analysis VM usernames
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\IME\shared\italian fetish trambling masturbation boots .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\indian fetish fucking voyeur (Sarah).zip.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\blowjob full movie (Jade).mpg.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\japanese fetish trambling several models (Karin).rar.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\gay public (Melissa).rar.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\italian fetish beast girls .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\german trambling hot (!) .zip.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\shared\horse sleeping glans young .rar.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Windows\System32\LogFiles\Fax\Incoming\indian gang bang bukkake lesbian titts .zip.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\tyrkish gang bang sperm uncut YEâPSè& .rar.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\gay hot (!) wifey .zip.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Shared Gadgets\horse [bangbus] .zip.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\danish cum horse [bangbus] stockings (Anniston,Melissa).zip.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\swedish nude bukkake girls feet circumcision .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\handjob lesbian catfight glans (Jenna,Sylvia).avi.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Program Files\Windows Journal\Templates\fucking voyeur hole .zip.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\Download\swedish horse lesbian licking .rar.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\indian nude trambling [bangbus] YEâPSè& (Gina,Sarah).avi.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\russian porn lingerie licking .rar.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\italian cum lingerie several models hole wifey (Tatjana).rar.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\gay licking cock girly .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Program Files\DVD Maker\Shared\lesbian [bangbus] (Sylvia).rar.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\japanese cum beast catfight feet .avi.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\microsoft shared\swedish kicking hardcore licking (Karin).rar.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\black porn hardcore sleeping titts .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_3c93ac15fd731acf\porn beast [bangbus] (Melissa).avi.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-m..-temptable-provider_31bf3856ad364e35_6.1.7600.16385_none_1dd3ce8d1e7524cd\spanish sperm public feet wifey .avi.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\xxx [bangbus] titts .zip.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05\norwegian xxx licking hole (Anniston,Tatjana).rar.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_6208b91f46896156\action sperm lesbian .zip.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\lesbian licking (Melissa).mpg.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_60c2504d62fd4f0e\british hardcore full movie girly (Anniston,Samantha).zip.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_6.1.7600.16385_none_2958d4a31d2ec64f\african sperm hidden titts granny (Tatjana).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0ac4ebfc358e5ec0\cum lesbian girls 50+ (Anniston,Jade).avi.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_963e6ae24c653bfe\british gay licking .rar.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_d8216ed3d8746200\lingerie hot (!) cock penetration (Jade).avi.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_16a2bb1dbab1c595\cumshot beast masturbation titts pregnant .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_94ab98ac6d213009\tyrkish action hardcore uncut .avi.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\japanese handjob hardcore [bangbus] glans .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\italian animal trambling uncut feet traffic .avi.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_2e7f079c3208e549\tyrkish porn gay hot (!) fishy (Ashley,Sarah).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_f0ca3430257ea13f\canadian blowjob [bangbus] (Tatjana).zip.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_b7f38afb92de484f\porn sperm [milf] titts beautyfull .rar.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_bcc167434bb9b3ea\bukkake big titts shower .zip.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e30b5ec05031d17d\german lesbian [milf] .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_6.1.7600.16385_none_af6f98ff87b0e3cc\german xxx [milf] (Curtney).mpg.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\black gang bang lingerie [free] glans .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_387a16fe7addf3b6\chinese fucking voyeur swallow .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\american gang bang bukkake licking feet ash .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_94828572f7ddbf0f\norwegian fucking sleeping ìï (Ashley,Sylvia).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a3772de7111797da\african xxx [milf] pregnant (Sandy,Janette).zip.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\blowjob [free] high heels (Sonja,Tatjana).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Windows\assembly\temp\lingerie lesbian feet .avi.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_3b85bcbe4734e96a\indian cum xxx hidden ash .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_dba3691c6002e10e\malaysia trambling [milf] shoes .zip.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_657d9a203abeb154\african trambling lesbian .avi.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8bfc34b93f0fdd42\asian trambling several models upskirt (Ashley,Sylvia).avi.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_1412267f4b3bb985\chinese trambling girls .avi.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_99b74194b7347cab\french hardcore lesbian feet hotel .avi.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f25d066604c2ad34\lesbian uncut titts beautyfull .rar.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_6.1.7600.16385_none_49dd84a06c7c8863\french beast uncut cock sweet .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_bacc7ceffc55dca2\cum bukkake girls hotel .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_f27c4f066f5c6701\asian lingerie masturbation cock ash (Janette).rar.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Windows\winsxs\Temp\indian animal lesbian masturbation glans .avi.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_664dbffec8693dfe\german xxx masturbation wifey .rar.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_515dc677700303ec\spanish bukkake [bangbus] mistress .zip.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_7f84cd98a7a56fd8\cum beast catfight hole (Sandy,Janette).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_d81c96999f75bd77\british beast lesbian 50+ .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0835101f2d90c7b6\norwegian xxx [milf] hotel .rar.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_de-de_5803850b2f40840e\swedish kicking blowjob masturbation cock boots (Liz).zip.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_39374e2435a71b47\beastiality bukkake hot (!) YEâPSè& (Sonja,Melissa).zip.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\tyrkish handjob beast [free] swallow .zip.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_00225053e03f4c04\cum lingerie public .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_34400a5790d1d336\spanish hardcore several models shower .zip.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\brasilian gang bang lesbian girls granny .avi.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\danish horse sperm full movie glans mistress (Samantha).rar.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5d9f7d70ed4643fd\handjob horse hot (!) .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Windows\PLA\Templates\indian fetish trambling licking (Curtney).mpg.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_6.1.7600.16385_none_5499606faffb3f9f\russian animal hardcore hot (!) pregnant (Sonja,Karin).zip.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_3863e9ef3f804dd9\action hardcore public (Janette).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_aea650787d30ed8a\indian animal hardcore [milf] titts boots (Sylvia).zip.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_7bfdfb15e7184c41\canadian xxx public (Liz).rar.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_5e4ff1f4cf2dee9b\hardcore masturbation (Tatjana).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\malaysia beast several models beautyfull .zip.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_4fe2107fd06efdd8\malaysia lesbian voyeur hole hotel (Samantha).zip.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_en-us_00f45b041e1e8fd3\british beast [free] feet beautyfull .avi.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\tyrkish kicking sperm hot (!) glans YEâPSè& (Sylvia).rar.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_39c9d74ef2ad6c7b\porn lingerie sleeping .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_ddab3bcb3a4ffb45\italian handjob bukkake girls (Samantha).mpg.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe
"C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe"
C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe
"C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe"
C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe
"C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 66.240.70.76.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 135.113.87.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.131.233.236.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 153.223.232.158.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.120.165.38.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.80.46.252.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.141.167.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.165.187.138.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.105.226.224.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.58.75.159.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.33.93.53.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.72.29.7.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.230.212.55.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.58.55.114.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.58.59.219.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 239.176.105.73.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.51.240.136.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 165.246.130.7.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.35.55.254.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.9.146.238.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.227.65.145.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.123.134.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.61.210.155.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.140.5.15.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.90.162.165.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.64.230.102.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.65.72.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.122.182.118.in-addr.arpa | udp |
| US | 8.8.8.8:53 | udp |
Files
memory/1912-0-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Program Files\Windows Sidebar\Shared Gadgets\horse [bangbus] .zip.exe
| MD5 | adb9367884da0fa836870b96edd46011 |
| SHA1 | 0fcce10ff2186f30f4741b05009e29955c65a03d |
| SHA256 | b22bc787c2937522b1bffd84ac12ba622cfc6bf62cecca9090d2111958a9a312 |
| SHA512 | 91ce44359622a2c8a6e83471c4a82d0e2b9b6a673a1a0e7fbbf00eb2b2e1890b01a25516560da737f46c4573727e9edf480d53dd3e22ad356a6de3e081ea535c |
memory/1912-64-0x0000000005240000-0x000000000525F000-memory.dmp
memory/2360-65-0x0000000000400000-0x000000000041F000-memory.dmp
memory/2360-88-0x0000000004CD0000-0x0000000004CEF000-memory.dmp
memory/2424-89-0x0000000000400000-0x000000000041F000-memory.dmp
memory/1912-104-0x0000000000400000-0x000000000041F000-memory.dmp
memory/1912-106-0x0000000005240000-0x000000000525F000-memory.dmp
memory/2360-108-0x0000000000400000-0x000000000041F000-memory.dmp
memory/2360-110-0x0000000004CD0000-0x0000000004CEF000-memory.dmp
memory/2424-111-0x0000000000400000-0x000000000041F000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-03 18:51
Reported
2024-04-03 18:54
Platform
win10v2004-20240226-en
Max time kernel
150s
Max time network
151s
Command Line
Signatures
Detects executables containing possible sandbox analysis VM usernames
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\config\systemprofile\trambling lesbian hotel .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Windows\System32\LogFiles\Fax\Incoming\russian nude xxx uncut titts high heels .avi.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\russian porn fucking big circumcision .zip.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\SHARED\blowjob girls .zip.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\black handjob gay licking girly .rar.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\indian nude xxx catfight .zip.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\black cum trambling [bangbus] shoes (Sonja,Sylvia).rar.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\beast lesbian stockings .rar.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\american fetish bukkake big hole .rar.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\SHARED\indian beastiality blowjob girls .avi.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\american animal horse girls traffic .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\black animal horse hot (!) glans boots (Liz).zip.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\horse [bangbus] .zip.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Shared Gadgets\swedish nude bukkake girls feet circumcision .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\danish nude blowjob [bangbus] girly .rar.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\gay licking cock girly .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\japanese cum beast catfight feet .avi.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\black porn hardcore sleeping titts .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\trambling hot (!) traffic .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Program Files\dotnet\shared\lesbian [bangbus] (Sylvia).rar.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Program Files\Microsoft Office\Updates\Download\swedish horse lesbian licking .rar.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\horse lesbian cock shoes (Sarah).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Microsoft Shared\black nude xxx sleeping (Jade).zip.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\russian gang bang blowjob licking cock mistress .rar.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\danish cum horse [bangbus] stockings (Anniston,Melissa).zip.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\swedish kicking hardcore licking (Karin).rar.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\Download\brasilian nude lingerie licking YEâPSè& .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\japanese animal hardcore uncut hotel .rar.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\sperm lesbian latex (Ashley,Sarah).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Templates\fucking voyeur hole .zip.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_14c898cc82025c76\horse voyeur cock fishy .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_10.0.19041.746_none_292c449ed2edefa3\sperm [milf] titts wifey .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Windows\WinSxS\Temp\cumshot hardcore uncut wifey .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c3d467c525734eb3\danish handjob blowjob uncut ash .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_2fe79eae2833b9b1\swedish fetish gay masturbation sweet .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1288_none_ca3007304990b2ea\brasilian porn lesbian several models blondie .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1_none_0b596e2a33be7d4c\japanese beastiality lesbian public hotel (Sonja,Sylvia).avi.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_10.0.19041.1_none_03040a328f65b761\horse lingerie hidden .zip.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-sx-shared_31bf3856ad364e35_10.0.19041.1_none_f8e978b0ed48a6bb\cum sperm several models .rar.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_57eddd48e7a74274\trambling masturbation .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_en-us_64f5aaf4bb13ecef\horse hardcore [bangbus] .rar.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx-aspnet-nonwow64-shared_b03f5f7f11d50a3a_4.0.19041.1_none_d66d07dacac85e2d\animal sperm licking bedroom .rar.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_8fafa997b9980bea\horse hot (!) titts balls (Janette).avi.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_5d54c0aac5c3c12c\chinese trambling girls .zip.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.1_none_c6da8048542fddc7\german xxx licking (Karin).rar.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_e79b400a6df5fd2c\danish fetish trambling licking 40+ .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.1_none_b201c2e68d8dbc0d\fucking [bangbus] 50+ (Sonja,Melissa).rar.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Windows\SoftwareDistribution\Download\SharedFileCache\black action gay several models upskirt .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..ces-ime-eashared-lm_31bf3856ad364e35_10.0.19041.1_none_3d0229d17c310f10\beast hidden feet granny .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_6c6bd34f082a97f1\fucking uncut gorgeoushorny .avi.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-security-ntlmshared_31bf3856ad364e35_10.0.19041.1_none_7d9dab4e456449b1\italian porn trambling licking feet lady .rar.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.746_none_a06b29f6c4bab99e\british bukkake hidden hole traffic .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_it-it_56adcc94becfef03\russian cumshot lingerie lesbian pregnant .avi.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-m..ineshared.resources_31bf3856ad364e35_10.0.19041.1_en-us_a4327320c19e2fa7\malaysia xxx sleeping .zip.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_5b152a8d329397ec\blowjob uncut (Janette).zip.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_f3b35d713ce0fc7f\french horse hot (!) ash .rar.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_2610450c30b37cc4\nude gay lesbian glans (Sandy,Jade).avi.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.1266_none_7916f7558927ae23\porn bukkake full movie ash (Sandy,Karin).zip.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_de-de_e4e52f411b7b0526\british hardcore lesbian .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Windows\WinSxS\msil_microsoft.powershel..filedownloadmanager_31bf3856ad364e35_10.0.19041.1_none_cb69bad627df9263\american cum trambling lesbian .avi.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_d58d4747b1d5988c\danish porn xxx [free] .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\bukkake voyeur stockings .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.928_none_33e0d5558cdd7c61\porn lesbian full movie hole 40+ (Sylvia).rar.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.1_none_a80cea873b2a6772\horse trambling [milf] mistress .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_ee7ea14f7d8a3ee3\british blowjob big feet .zip.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_19d22204a1f3fcaf\nude bukkake catfight titts redhair .rar.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx-aspnet-sharedcomponents_b03f5f7f11d50a3a_4.0.19041.1_none_47ca94859da20b28\lingerie [milf] (Melissa).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Windows\Downloaded Program Files\japanese kicking beast hidden circumcision .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1_none_97e9c0335b4cd39a\russian gang bang lingerie full movie castration (Gina,Jade).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_10.0.19041.1_none_ee94ce5eb8e7e4c0\swedish gang bang horse [bangbus] 40+ .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5021dd18efc0460c\german lesbian public young .avi.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_10.0.19041.1_none_de1581e9a275faf8\spanish xxx [milf] cock .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_10.0.19041.1_none_ae957c4c35a7bf73\fetish hardcore big glans latex .rar.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_b1ffa0e7b4ed03e2\brasilian nude horse licking circumcision .avi.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Windows\SoftwareDistribution\Download\horse several models black hairunshaved .rar.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_es-es_c9ce604ef4cbf323\cumshot trambling hot (!) leather .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Windows\WinSxS\x86_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_10.0.19041.1_none_34e3bab50607a64b\american kicking bukkake several models hole .avi.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..ces-ime-eashared-lm_31bf3856ad364e35_10.0.19041.1_none_4756d423b091d10b\african horse big .avi.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\swedish gang bang lesbian [milf] sm .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.1_none_0bc0f3d4cd7dc8fd\handjob fucking hidden .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_it-it_4c5922428a6f2d08\canadian gay catfight (Curtney).rar.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.746_none_d404daff82e97769\malaysia horse girls balls .avi.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedpc-sharedpccsp_31bf3856ad364e35_10.0.19041.746_none_4cfe603abbcbfd86\beast licking latex .zip.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-t..ervices-tsfairshare_31bf3856ad364e35_10.0.19041.1_none_e32b64807ab11fd2\malaysia blowjob big (Janette).zip.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_10.0.19041.1_none_0341fea186758116\swedish horse hardcore full movie cock Ôï .rar.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_de-de_881b257d159a5de8\malaysia trambling big hole mistress (Sarah).mpg.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.746_none_d01527cffa9c25bc\japanese horse blowjob masturbation hole .avi.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_9aa486d790131d4e\norwegian trambling hidden hole .avi.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.789_en-us_58ebf9ecc407e3c0\spanish sperm girls cock .avi.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_2426cc56d654beaa\brasilian gang bang lesbian [free] .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\brasilian action hardcore lesbian feet gorgeoushorny .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Windows\security\templates\lingerie voyeur mistress .rar.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5fdc43acc1be690d\black action beast several models black hairunshaved .avi.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.964_none_1c1a193f5bfcf136\french horse catfight cock high heels .zip.exe | C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe
"C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe"
C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe
"C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe"
C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe
"C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe"
C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe
"C:\Users\Admin\AppData\Local\Temp\1314259fe21d8ee8102c8ed70c9b2e90113c085daa1d5842af6ccd53778560cd.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.108.222.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.160.190.20.in-addr.arpa | udp |
| US | 20.231.121.79:80 | tcp | |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 218.122.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 107.184.173.218.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.135.164.78.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 62.101.55.16.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 12.17.207.85.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 122.144.183.78.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.196.39.229.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.220.159.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 102.123.187.244.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.203.75.97.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.117.83.119.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 186.120.170.22.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.194.163.9.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.79.43.24.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 223.139.182.255.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.82.131.79.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.177.246.124.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.41.219.116.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.102.106.7.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 94.136.160.47.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.124.16.206.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.105.78.22.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 164.132.70.123.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.132.172.212.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.217.131.164.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 252.157.56.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.121.215.28.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 147.186.126.17.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 248.187.93.62.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 186.200.116.193.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 246.95.120.243.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.124.25.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.10.63.190.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.35.74.28.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.76.43.133.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.95.105.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 87.184.175.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.3.216.9.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.84.209.139.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.37.134.55.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.180.67.203.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 214.102.82.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 182.38.96.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.237.129.78.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 222.27.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.107.212.179.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 184.140.49.194.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.159.105.6.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.15.125.47.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.216.12.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 160.81.136.136.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 164.145.58.220.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 187.106.118.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.151.171.156.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 124.188.147.227.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 51.59.26.77.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 123.150.190.201.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.173.189.20.in-addr.arpa | udp |
Files
memory/4668-0-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\horse [bangbus] .zip.exe
| MD5 | adb9367884da0fa836870b96edd46011 |
| SHA1 | 0fcce10ff2186f30f4741b05009e29955c65a03d |
| SHA256 | b22bc787c2937522b1bffd84ac12ba622cfc6bf62cecca9090d2111958a9a312 |
| SHA512 | 91ce44359622a2c8a6e83471c4a82d0e2b9b6a673a1a0e7fbbf00eb2b2e1890b01a25516560da737f46c4573727e9edf480d53dd3e22ad356a6de3e081ea535c |
memory/4004-61-0x0000000000400000-0x000000000041F000-memory.dmp
memory/2100-165-0x0000000000400000-0x000000000041F000-memory.dmp
memory/4668-193-0x0000000000400000-0x000000000041F000-memory.dmp
memory/4004-196-0x0000000000400000-0x000000000041F000-memory.dmp
memory/2100-197-0x0000000000400000-0x000000000041F000-memory.dmp
memory/3208-199-0x0000000000400000-0x000000000041F000-memory.dmp