Analysis Overview
SHA256
155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a
Threat Level: Known bad
The file 155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a was found to be: Known bad.
Malicious Activity Summary
UPX dump on OEP (original entry point)
UPX dump on OEP (original entry point)
Detects executables containing possible sandbox analysis VM usernames
Checks computer location settings
UPX packed file
Reads user/profile data of web browsers
Adds Run key to start application
Enumerates connected drives
Drops file in System32 directory
Drops file in Program Files directory
Drops file in Windows directory
Enumerates physical storage devices
Unsigned PE
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-03 18:55
Signatures
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-03 18:55
Reported
2024-04-03 18:57
Platform
win7-20231129-en
Max time kernel
150s
Max time network
149s
Command Line
Signatures
Detects executables containing possible sandbox analysis VM usernames
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\FxsTmp\gang bang fucking uncut .zip.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\shared\lesbian [milf] shoes .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\italian porn trambling [milf] girly .zip.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\shared\trambling uncut glans balls (Janette).rar.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\beast several models glans .zip.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\xxx licking hole (Gina,Sarah).rar.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\horse big mistress .zip.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\american cum bukkake masturbation boots .avi.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\brasilian cumshot bukkake voyeur shower (Ashley,Tatjana).rar.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Windows\System32\LogFiles\Fax\Incoming\danish gang bang xxx full movie titts .avi.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\xxx big redhair .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Program Files\Windows Journal\Templates\gay [bangbus] black hairunshaved .mpg.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Shared Gadgets\horse [milf] glans .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\microsoft shared\tyrkish porn lingerie [milf] .avi.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\indian kicking sperm uncut high heels (Anniston,Tatjana).rar.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\trambling voyeur fishy .avi.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\brasilian handjob horse [milf] cock 50+ (Samantha).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\hardcore several models (Melissa).zip.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\japanese fetish lingerie licking circumcision .zip.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\brasilian gang bang fucking big bondage .rar.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\bukkake voyeur feet .avi.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Program Files\DVD Maker\Shared\italian kicking xxx [free] ìï .zip.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\italian cumshot lingerie catfight femdom .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\Download\lesbian hot (!) .mpg.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\russian handjob gay [free] cock .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_39c9d74ef2ad6c7b\blowjob big feet shoes .avi.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_dba3691c6002e10e\beastiality sperm [bangbus] feet .mpg.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_aea650787d30ed8a\swedish kicking trambling [free] titts gorgeoushorny .zip.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\italian cumshot gay [free] titts ejaculation (Sarah).mpg.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0af98f1835676d1b\black animal lesbian girls .mpg.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_664dbffec8693dfe\french gay big swallow .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\blowjob licking feet (Kathrin,Jade).avi.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ea4a469ab7713182\chinese hardcore sleeping pregnant .zip.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\beast full movie hole circumcision .avi.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Windows\winsxs\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_79642285ffd2a388\hardcore licking hairy .mpg.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-m..-temptable-provider_31bf3856ad364e35_6.1.7600.16385_none_1dd3ce8d1e7524cd\french blowjob [milf] latex .rar.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\fucking girls glans femdom .rar.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_c26c5b8280c6af34\german sperm licking balls .avi.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_94ab98ac6d213009\cumshot trambling masturbation granny .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\horse catfight cock .mpg.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\japanese handjob blowjob full movie sm .rar.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_es-es_00bfb7e81e458178\tyrkish animal trambling uncut .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_bacc7ceffc55dca2\swedish handjob lesbian hidden glans bedroom (Sylvia).zip.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_60c2504d62fd4f0e\british lingerie sleeping glans .mpg.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_3863e9ef3f804dd9\fetish sperm big ash .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\trambling girls (Sarah).mpg.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_99b74194b7347cab\spanish lingerie [milf] cock .mpg.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b4aea777fe683838\asian xxx several models mature .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_97a45841ff925aa0\malaysia lesbian hidden hole .avi.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_9498b282333b64ec\german horse big shower .avi.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\indian kicking lingerie masturbation hole mistress (Samantha).rar.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\tyrkish animal bukkake girls .mpg.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\hardcore big sm .mpg.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\xxx masturbation latex (Sandy,Sarah).avi.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\japanese beastiality sperm [bangbus] stockings .mpg.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_6208b91f46896156\sperm hot (!) ìï .rar.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_3d98a610fed70b75\sperm hot (!) titts latex (Karin).rar.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_b7f38afb92de484f\gang bang lingerie hot (!) bedroom .avi.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\sperm public glans ejaculation .avi.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0993a1b8823a4e79\asian hardcore public (Sylvia).mpg.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_6.1.7600.16385_none_49dd84a06c7c8863\asian horse catfight titts hairy .zip.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_65b23d3c3a97bfaf\american kicking bukkake big hole mistress .mpg.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_34400a5790d1d336\tyrkish action horse voyeur hole circumcision .mpg.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_6.1.7600.16385_none_5499606faffb3f9f\african trambling [milf] pregnant .avi.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_d8216ed3d8746200\fucking big hole (Sonja,Melissa).mpg.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_ddab3bcb3a4ffb45\danish nude horse masturbation .rar.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\danish fetish gay public glans ash (Sylvia).mpg.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_6.1.7600.16385_none_a727eb798dcfb185\canadian fucking lesbian bondage .rar.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_7f84cd98a7a56fd8\canadian lingerie licking titts .rar.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_1412267f4b3bb985\russian beastiality fucking girls granny (Gina,Melissa).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_293ea1e3e6bc5364\hardcore public hole ìï (Karin).rar.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_657d9a203abeb154\handjob blowjob full movie redhair .mpg.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_f0ca3430257ea13f\danish porn gay licking .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Windows\PLA\Templates\hardcore lesbian titts .rar.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05\sperm [free] boots .mpg.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_39374e2435a71b47\hardcore voyeur stockings (Sandy,Janette).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_cd2006602e5ee22e\black gang bang beast hot (!) titts .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_60a2cbbf935c42b4\animal fucking catfight .mpg.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\Downloads\fucking uncut glans Ôë .avi.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_6f0f7833cb71e18d\porn hardcore licking fishy .zip.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0ac4ebfc358e5ec0\spanish lesbian big (Melissa).zip.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_963e6ae24c653bfe\bukkake lesbian feet wifey .rar.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_94828572f7ddbf0f\asian horse [free] .rar.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_05ea1d9b8e2bf020\russian beastiality lesbian masturbation .mpg.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_387a16fe7addf3b6\japanese porn lesbian masturbation hole (Christine,Liz).mpg.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\sperm voyeur boots (Jenna,Samantha).mpg.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5d9f7d70ed4643fd\fucking public (Samantha).avi.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5d6ada54ed6d35a2\fetish fucking public circumcision (Christine,Karin).mpg.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Windows\winsxs\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_6b16fa9f975e1109\lingerie big penetration (Ashley,Tatjana).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe
"C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe"
C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe
"C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe"
C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe
"C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 240.34.64.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.132.182.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.19.54.124.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.3.143.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 246.182.95.177.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 114.78.139.112.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.201.244.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 148.202.61.223.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.96.41.107.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.241.254.254.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 135.9.169.243.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 116.100.28.71.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.254.56.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 44.224.178.6.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 239.87.118.114.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 255.172.233.194.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.239.38.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.88.221.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 51.36.100.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 61.51.189.143.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.12.186.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.182.103.170.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 251.217.195.249.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 244.153.202.245.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 143.169.69.224.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.140.95.170.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 168.219.127.25.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.131.7.135.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 199.110.225.11.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 189.130.189.200.in-addr.arpa | udp |
Files
memory/3040-0-0x0000000000400000-0x000000000041E000-memory.dmp
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\italian cumshot lingerie catfight femdom .mpeg.exe
| MD5 | cbdf90a4be35580fe3e34844e774782a |
| SHA1 | 72f2e0ad3d0a9fad9ad1e96fd0431bf943ec4dc0 |
| SHA256 | 2b2d871592217fbb350945fa7d516bdfb46788101c2049807ec5bd13defd05c5 |
| SHA512 | adb4d119711633cc859a69ba860013f0106fec1dd920b9d9f56e99ac929667556c7e3534236c27981d9503ed900a2e53472e065b15ac911377faec36bbb8b4e3 |
memory/3040-64-0x0000000005050000-0x000000000506E000-memory.dmp
memory/2592-65-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2592-88-0x0000000004CD0000-0x0000000004CEE000-memory.dmp
memory/2696-89-0x0000000000400000-0x000000000041E000-memory.dmp
memory/3040-91-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2592-102-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2696-103-0x0000000000400000-0x000000000041E000-memory.dmp
memory/3040-104-0x0000000000400000-0x000000000041E000-memory.dmp
memory/3040-105-0x0000000000400000-0x000000000041E000-memory.dmp
memory/3040-106-0x0000000005050000-0x000000000506E000-memory.dmp
memory/2592-109-0x0000000004CD0000-0x0000000004CEE000-memory.dmp
memory/3040-110-0x0000000000400000-0x000000000041E000-memory.dmp
memory/3040-113-0x0000000000400000-0x000000000041E000-memory.dmp
memory/3040-116-0x0000000000400000-0x000000000041E000-memory.dmp
memory/3040-121-0x0000000000400000-0x000000000041E000-memory.dmp
memory/3040-124-0x0000000000400000-0x000000000041E000-memory.dmp
memory/3040-127-0x0000000000400000-0x000000000041E000-memory.dmp
memory/3040-130-0x0000000000400000-0x000000000041E000-memory.dmp
memory/3040-133-0x0000000000400000-0x000000000041E000-memory.dmp
memory/3040-136-0x0000000000400000-0x000000000041E000-memory.dmp
memory/3040-139-0x0000000000400000-0x000000000041E000-memory.dmp
memory/3040-142-0x0000000000400000-0x000000000041E000-memory.dmp
memory/3040-145-0x0000000000400000-0x000000000041E000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-03 18:55
Reported
2024-04-03 18:57
Platform
win10v2004-20240226-en
Max time kernel
150s
Max time network
150s
Command Line
Signatures
Detects executables containing possible sandbox analysis VM usernames
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\russian action lingerie girls 50+ .rar.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\SHARED\action animal big feet latex .avi.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\african gang bang sleeping hole latex (Ashley).mpg.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\danish beast kicking [milf] hole black hairunshaved .mpg.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\SHARED\danish gay cum sleeping granny .zip.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Windows\System32\LogFiles\Fax\Incoming\cumshot cumshot full movie titts castration .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\asian cum sleeping mistress .rar.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\asian porn voyeur feet bedroom .mpg.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\cum xxx catfight latex .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\gang bang xxx voyeur .zip.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\spanish cum trambling public .avi.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\indian kicking cumshot uncut ash stockings .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\Microsoft Office\Updates\Download\nude gay big ash (Curtney,Britney).mpg.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\black horse girls .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\sperm uncut .rar.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\Download\lingerie hardcore public (Britney,Christine).avi.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\african nude [milf] boobs bedroom .avi.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\italian action horse hot (!) .avi.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\norwegian beastiality lesbian public sweet (Jenna,Sarah).avi.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\japanese cumshot horse big sweet (Liz).zip.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Shared Gadgets\lesbian hardcore public .rar.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Microsoft Shared\horse [bangbus] titts (Gina).zip.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\british bukkake kicking several models shoes (Anniston,Kathrin).avi.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Program Files\dotnet\shared\indian hardcore girls circumcision .rar.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Templates\danish handjob [free] black hairunshaved (Liz,Liz).mpg.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\swedish horse horse girls latex (Sarah,Liz).rar.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\lesbian trambling [free] .mpg.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\african horse girls boobs shower (Melissa).mpg.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\indian handjob cum [free] nipples .avi.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\animal blowjob masturbation fishy .zip.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1202_none_e2f5ebbcec2d8fca\sperm [bangbus] traffic (Tatjana).avi.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_adfc5e0bfca53431\italian action fucking several models .avi.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_en-us_310bfb76047869ad\nude action girls feet pregnant .mpg.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1202_none_d8a1416ab7cccdcf\beastiality catfight gorgeoushorny (Kathrin,Curtney).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.746_none_96167fa49059f7a3\cum voyeur .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-t..ervices-tsfairshare_31bf3856ad364e35_10.0.19041.1_none_e32b64807ab11fd2\spanish porn action [free] boobs Ôï .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_it-it_1a80ce63d483fe70\lesbian trambling girls nipples .mpg.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\canadian sperm licking YEâPSè& .mpg.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.844_none_67b5915b5651dd8a\german cum licking femdom .mpg.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1151_none_fbdc4c5f677dc2ec\japanese fetish cum masturbation .avi.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_10.0.19041.1_none_8c0b126c198fcf70\action cumshot masturbation vagina .avi.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.1_none_abfc9db6c377b91f\action girls .avi.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Windows\PLA\Templates\lesbian sleeping mistress (Sonja).zip.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Windows\WinSxS\Temp\blowjob cumshot voyeur hotel .avi.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-u..ell-sharedutilities_31bf3856ad364e35_10.0.19041.1_none_813610a8a9b59e0a\black animal blowjob [bangbus] YEâPSè& .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Windows\WinSxS\x86_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_10.0.19041.1_none_d980e9752d51efac\chinese handjob several models latex (Anniston).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_1bbb9ab9fc52bac9\canadian porn lesbian nipples swallow .mpg.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_10.0.19041.1_none_965fbcbe4df0916b\norwegian fucking beast full movie feet fishy (Curtney,Samantha).mpg.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.746_none_a06b29f6c4bab99e\cumshot trambling [milf] ejaculation (Britney).zip.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_10.0.19041.1_none_359f84f8e5af60e2\swedish blowjob cumshot public .avi.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.1_none_a7ad1894592cfa12\sperm [bangbus] ash upskirt .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_10.0.19041.1_none_01240756137c3159\nude uncut vagina femdom .avi.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_8d8f6812a0c99533\horse voyeur .zip.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.928_none_33e0d5558cdd7c61\african horse lesbian sm .zip.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_es-es_e5c3ad79c4e34ebb\black action catfight redhair .rar.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_10.0.19041.746_none_292c449ed2edefa3\blowjob sleeping .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.572_none_d9e58b774d1b6e80\handjob beast big titts blondie .mpg.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Windows\SystemResources\Windows.UI.ShellCommon\SharePickerUI\norwegian sperm public castration .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_57eddd48e7a74274\norwegian handjob girls .avi.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-w..acejoin-gptemplates_31bf3856ad364e35_10.0.19041.1_none_609f27436445f4da\german gay lesbian big titts YEâPSè& .mpg.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Windows\security\templates\japanese action trambling public (Samantha).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\xxx voyeur .mpg.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.1_none_4a03fd12cb3f16c2\norwegian bukkake porn several models upskirt .avi.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Windows\WinSxS\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_10.0.19041.1_none_15ba23b7f1e2b81b\lingerie fucking public sweet .rar.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\beastiality lingerie masturbation blondie (Melissa,Ashley).mpg.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_es-es_c9ce604ef4cbf323\lingerie handjob [free] bedroom .avi.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_ca03036af4a5017e\action animal hot (!) .mpg.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.1_none_fa09f84703cb02c5\american blowjob cum hidden (Karin,Curtney).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_6c6bd34f082a97f1\hardcore uncut (Liz,Sonja).mpg.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Windows\WinSxS\x86_netfx4-uninstallsqlstatetemplate_sql_b03f5f7f11d50a3a_4.0.15805.0_none_231ddfc33015c6db\american xxx licking nipples .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Windows\assembly\tmp\horse [milf] (Sonja,Gina).mpg.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.84_none_c494b3b28da10665\malaysia cum cum [milf] leather (Sylvia).mpg.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_bca64d70c79f104b\italian fucking girls YEâPSè& .mpg.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_10.0.19041.1_none_03040a328f65b761\trambling uncut legs .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_fad1fa0072ef4a3a\hardcore action [free] cock bedroom .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5021dd18efc0460c\russian beastiality fucking full movie .rar.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_10.0.19041.1_none_91025638be651781\brasilian fetish hidden fishy (Sylvia,Sonja).avi.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..ces-ime-eashared-lm_31bf3856ad364e35_10.0.19041.1_none_4756d423b091d10b\tyrkish action catfight shoes .rar.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_es-es_30d7585a049f5b52\chinese blowjob sperm [milf] .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.1_none_6e0e425bd0e83959\beast kicking hidden .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_10.0.19041.1_none_de1581e9a275faf8\danish gang bang catfight .mpg.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.1266_none_7916f7558927ae23\american fetish hardcore lesbian young .rar.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-update-upshared_31bf3856ad364e35_10.0.19041.84_none_85259eff919b7c9e\spanish cum porn hidden .avi.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Windows\mssrv.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_10.0.19041.1_none_ee94ce5eb8e7e4c0\cumshot lesbian lesbian .rar.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx4-_dataperfcou.._shared12_neutral_h_b03f5f7f11d50a3a_4.0.15805.0_none_24ed4511dcc3019e\malaysia cum beastiality uncut boobs .mpg.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1288_none_6115038ba57fcb33\black animal nude voyeur boobs balls (Sonja,Britney).avi.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_5b152a8d329397ec\danish animal bukkake big redhair .avi.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_f3b35d713ce0fc7f\hardcore full movie cock Ôï (Sylvia).rar.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_62312bfbb33d478a\beastiality [milf] castration .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1_none_97e9c0335b4cd39a\lesbian uncut .zip.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-update-upshared_31bf3856ad364e35_10.0.19041.1151_none_025296d718a7b3a8\porn kicking [bangbus] traffic .avi.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d38ece58f77171b4\french blowjob kicking sleeping girly .avi.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_3a3c49005c947bac\black bukkake full movie cock 50+ .zip.exe | C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe
"C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe"
C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe
"C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe"
C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe
"C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe"
C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe
"C:\Users\Admin\AppData\Local\Temp\155a1ee5c61a80243db4bceab6d17b4ebb58684073e6f249d272274c702cc36a.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 20.231.121.79:80 | tcp | |
| US | 8.8.8.8:53 | 210.108.222.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.121.231.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 185.33.228.32.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.71.62.55.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.46.242.17.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 213.122.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 122.55.214.219.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.106.136.41.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.228.226.156.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 45.66.18.183.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.234.49.171.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 248.11.211.125.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.118.45.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.116.107.210.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 120.91.122.119.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.246.110.77.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 186.15.156.39.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 166.238.215.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 148.134.186.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 187.48.237.186.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.2.42.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.85.53.225.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.150.14.120.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.35.105.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 187.145.102.247.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.242.2.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.5.5.78.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.150.246.73.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 132.61.177.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 165.121.16.131.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 7.108.60.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 148.74.249.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 176.72.235.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.107.20.126.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 213.56.166.85.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.28.193.65.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.131.148.82.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 116.228.142.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 44.238.18.213.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.187.122.223.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.224.233.161.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 182.188.67.133.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 125.150.110.198.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 62.122.200.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.147.177.210.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.43.159.5.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.123.21.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.66.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.62.229.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 62.46.2.48.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.107.224.137.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 147.168.81.179.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 211.100.122.29.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 132.90.252.250.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 207.47.78.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.205.220.195.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.220.203.98.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.122.212.207.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.107.120.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.7.66.56.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 148.149.157.254.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 207.240.5.39.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.230.173.235.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 38.121.152.250.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 166.206.229.127.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 62.53.227.72.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 187.32.64.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 190.5.141.161.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 159.108.78.27.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.164.247.189.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 246.242.177.24.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 179.119.40.253.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.70.124.77.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.39.159.197.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 252.177.233.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.110.73.48.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.104.209.14.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.251.200.111.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.181.5.71.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.23.254.107.in-addr.arpa | udp |
Files
memory/3632-0-0x0000000000400000-0x000000000041E000-memory.dmp
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\italian action horse hot (!) .avi.exe
| MD5 | 66b079aa21688400ae11743f74c5caa7 |
| SHA1 | 9b510e583506953584cd62129d6e09f7df44fe89 |
| SHA256 | faff241aa3665d7002827e9e3c716732b49308dc8f02a8f8b4e220fa02868b0d |
| SHA512 | e82b2cad8eca110739334084f29664df43db426e3a0568df991c8250a2cf95f8df66a84a335afb0205842c859d0434d9e7f437998b9078014071b5e5025d7c57 |
memory/1368-97-0x0000000000400000-0x000000000041E000-memory.dmp
memory/3872-166-0x0000000000400000-0x000000000041E000-memory.dmp
memory/3576-170-0x0000000000400000-0x000000000041E000-memory.dmp
memory/3632-186-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1368-187-0x0000000000400000-0x000000000041E000-memory.dmp
memory/3872-188-0x0000000000400000-0x000000000041E000-memory.dmp
memory/3632-191-0x0000000000400000-0x000000000041E000-memory.dmp
memory/3632-197-0x0000000000400000-0x000000000041E000-memory.dmp
memory/3632-208-0x0000000000400000-0x000000000041E000-memory.dmp
memory/3632-212-0x0000000000400000-0x000000000041E000-memory.dmp
memory/3632-217-0x0000000000400000-0x000000000041E000-memory.dmp
memory/3632-221-0x0000000000400000-0x000000000041E000-memory.dmp
memory/3632-225-0x0000000000400000-0x000000000041E000-memory.dmp
memory/3632-229-0x0000000000400000-0x000000000041E000-memory.dmp
memory/3632-233-0x0000000000400000-0x000000000041E000-memory.dmp
memory/3632-237-0x0000000000400000-0x000000000041E000-memory.dmp
memory/3632-241-0x0000000000400000-0x000000000041E000-memory.dmp
memory/3632-245-0x0000000000400000-0x000000000041E000-memory.dmp
memory/3632-249-0x0000000000400000-0x000000000041E000-memory.dmp