Analysis Overview
SHA256
1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79
Threat Level: Known bad
The file 1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79 was found to be: Known bad.
Malicious Activity Summary
UPX dump on OEP (original entry point)
UPX dump on OEP (original entry point)
Detects executables containing possible sandbox analysis VM usernames
Checks computer location settings
Reads user/profile data of web browsers
UPX packed file
Adds Run key to start application
Enumerates connected drives
Drops file in System32 directory
Drops file in Program Files directory
Drops file in Windows directory
Enumerates physical storage devices
Unsigned PE
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-03 18:59
Signatures
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-03 18:59
Reported
2024-04-03 19:04
Platform
win7-20240221-en
Max time kernel
224s
Max time network
262s
Command Line
Signatures
Detects executables containing possible sandbox analysis VM usernames
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\IME\shared\french horse masturbation nipples beautyfull .rar.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\indian blowjob full movie hole .avi.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\action gang bang full movie .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\gay public ash .zip.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\swedish fucking big swallow (Christine,Tatjana).mpg.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\brasilian action masturbation legs ash .rar.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\russian sperm big titts .zip.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\shared\sperm full movie fishy .zip.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Windows\System32\LogFiles\Fax\Incoming\gang bang licking titts redhair .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\russian beast kicking hot (!) vagina balls .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Google\Temp\gang bang horse [milf] (Samantha).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\malaysia cumshot horse several models hotel .zip.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\swedish bukkake [milf] hotel .rar.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\german lesbian uncut balls (Sandy).avi.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Program Files\Windows Journal\Templates\swedish hardcore cumshot public legs .zip.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Shared Gadgets\nude animal several models girly (Tatjana,Ashley).avi.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\microsoft shared\french porn fucking voyeur feet circumcision (Anniston).rar.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\british fetish action [bangbus] .avi.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\norwegian blowjob xxx uncut black hairunshaved .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\asian porn big nipples mistress (Anniston).zip.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\blowjob bukkake sleeping (Karin,Gina).avi.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Program Files\DVD Maker\Shared\tyrkish beastiality uncut penetration (Britney,Jenna).zip.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\black handjob lingerie [milf] mistress (Sonja,Tatjana).mpg.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\Download\spanish sperm full movie .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\black cum voyeur black hairunshaved .rar.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\assembly\tmp\british fetish xxx several models .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\danish cum cumshot hot (!) young (Samantha).zip.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_9498b282333b64ec\brasilian handjob horse public mistress (Sonja,Sylvia).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_4d274741486b900c\american porn action voyeur .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_657d9a203abeb154\beast hidden bondage .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\brasilian action voyeur young (Jenna,Sonja).avi.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0993a1b8823a4e79\british kicking horse girls .zip.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8c6fc5a7aa8c435d\german gay voyeur (Britney,Christine).mpg.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_2e7f079c3208e549\nude catfight beautyfull .avi.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0ac4ebfc358e5ec0\indian animal horse voyeur .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\xxx catfight (Christine).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e30b5ec05031d17d\black fetish sleeping traffic .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_39c9d74ef2ad6c7b\swedish beast trambling catfight shower .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_f0ca3430257ea13f\swedish bukkake several models ejaculation (Janette,Tatjana).rar.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_3b85bcbe4734e96a\american cumshot full movie ìï (Kathrin,Liz).avi.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\german horse kicking public redhair .zip.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_6.1.7600.16385_none_a727eb798dcfb185\beast hardcore [free] (Curtney).rar.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_3863e9ef3f804dd9\xxx sperm catfight hairy .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_99b74194b7347cab\italian gang bang big pregnant .avi.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_965db382b6fef5cb\tyrkish beast catfight upskirt .zip.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_f27c4f066f5c6701\horse public hairy .rar.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05\japanese action bukkake girls traffic .avi.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_3d98a610fed70b75\kicking hot (!) 50+ .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-m..-temptable-provider_31bf3856ad364e35_6.1.7600.16385_none_1dd3ce8d1e7524cd\spanish action licking feet swallow .zip.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_515dc677700303ec\animal blowjob [bangbus] cock beautyfull .zip.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_b7f38afb92de484f\italian xxx cum [bangbus] bedroom .avi.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_664dbffec8693dfe\brasilian cumshot big high heels .avi.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0835101f2d90c7b6\asian horse animal several models circumcision .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0af98f1835676d1b\italian lesbian kicking hot (!) mistress (Liz,Sandy).zip.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_39374e2435a71b47\cumshot cum voyeur sweet (Samantha).avi.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_d8216ed3d8746200\brasilian fetish licking nipples 40+ .avi.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_00225053e03f4c04\swedish gang bang uncut glans ìï .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_3c93ac15fd731acf\trambling cumshot lesbian blondie .avi.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_5e4ff1f4cf2dee9b\chinese horse uncut shoes (Ashley,Sonja).zip.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_7f84cd98a7a56fd8\french cumshot lingerie big boobs .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_65b23d3c3a97bfaf\gay handjob hidden feet .avi.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Windows\security\templates\spanish action horse [bangbus] ash .rar.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_293ea1e3e6bc5364\lesbian sperm hidden legs swallow .rar.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Windows\winsxs\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_79642285ffd2a388\black nude fucking [bangbus] ìï .zip.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\swedish handjob trambling girls (Christine).mpg.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_6f0f7833cb71e18d\russian handjob beast lesbian penetration .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_7bfdfb15e7184c41\porn lesbian big feet penetration .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_aedaf3947d09fbe5\animal gang bang licking cock .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\gay lingerie sleeping .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\beast hidden glans fishy .rar.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\Downloads\trambling catfight sweet (Ashley).avi.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_en-us_00f45b041e1e8fd3\norwegian nude trambling full movie titts hotel .rar.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8bfc34b93f0fdd42\canadian cumshot cum licking wifey .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_1412267f4b3bb985\british hardcore hidden glans .zip.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Windows\winsxs\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_6b16fa9f975e1109\gay cum licking titts .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_f3c374fc18118ca2\indian cum bukkake hot (!) .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\cumshot big hairy .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\handjob uncut traffic .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\russian porn sleeping lady .zip.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_bcc167434bb9b3ea\chinese porn horse uncut hole 50+ (Curtney,Kathrin).avi.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_ddab3bcb3a4ffb45\french handjob cum public boobs .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\black animal voyeur (Kathrin,Sonja).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Windows\winsxs\InstallTemp\black gang bang hidden .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_05ea1d9b8e2bf020\horse xxx sleeping (Curtney).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_387a16fe7addf3b6\japanese lesbian hot (!) penetration .avi.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Windows\PLA\Templates\animal girls swallow (Kathrin).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\gay handjob voyeur glans .zip.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_94828572f7ddbf0f\spanish nude handjob hot (!) redhair .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\african xxx [milf] ash .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe
"C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe"
C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe
"C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe"
C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe
"C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 153.195.152.246.in-addr.arpa | udp |
Files
memory/2960-0-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2960-2-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2960-3-0x0000000000400000-0x000000000041E000-memory.dmp
C:\Program Files\Windows Sidebar\Shared Gadgets\nude animal several models girly (Tatjana,Ashley).avi.exe
| MD5 | 520ecc40f27b8e6e7c1cc1f8d88adaf5 |
| SHA1 | f7165f97b3ea5d30beafcd4a50fb89e286649707 |
| SHA256 | 85ccbf10101025d84d0e3a18ed2f34b5f6795aface41a6e1309bbcb78a75eea3 |
| SHA512 | ce4a685aa8a78336df1e7335cc403222e064a2446a5ac392b85c178970f2368146c1b91f9958b7816dbc18686cb7785a80c409b51d21f22be5ca47e30118d89a |
memory/2504-53-0x0000000000400000-0x000000000041E000-memory.dmp
memory/528-52-0x0000000001E80000-0x0000000001E9E000-memory.dmp
memory/2960-66-0x0000000000400000-0x000000000041E000-memory.dmp
memory/528-67-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2504-68-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2960-69-0x0000000000400000-0x000000000041E000-memory.dmp
memory/528-71-0x0000000001E80000-0x0000000001E9E000-memory.dmp
memory/2960-73-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2960-76-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2960-102-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2960-108-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2960-111-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2960-114-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2960-118-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2960-121-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2960-124-0x0000000000400000-0x000000000041E000-memory.dmp
C:\debug.txt
| MD5 | ac8b9d29b7190285213e2bc68c27a05f |
| SHA1 | c9a89c66b2cfa80c0082ef2a5ffbdf5d818c1d74 |
| SHA256 | 219bce714198b0eeae20f0a95c246d3b67d8e77907f149312e4462dbefa5b13f |
| SHA512 | 91d807d1423c1f06867bda90bbf6445be286a42fe784d04892fd2b50a51643cba4d3ed7e25f26f83d41085f9f107fc5faeeda99609d86b32dba35f3bcf73a8dd |
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-03 18:59
Reported
2024-04-03 19:02
Platform
win10v2004-20240226-en
Max time kernel
161s
Max time network
162s
Command Line
Signatures
Detects executables containing possible sandbox analysis VM usernames
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\FxsTmp\horse hardcore voyeur cock boots .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\SHARED\horse hot (!) titts .zip.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Windows\System32\LogFiles\Fax\Incoming\brasilian animal horse lesbian 40+ (Sonja,Karin).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\lesbian voyeur boots .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\russian cum lingerie public (Jade).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\japanese cumshot beast [bangbus] hole (Ashley,Sylvia).rar.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\russian kicking fucking uncut titts (Christine,Sarah).zip.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\horse hot (!) (Sylvia).zip.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\hardcore uncut .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\SHARED\tyrkish cumshot gay girls titts black hairunshaved .zip.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\tyrkish nude hardcore several models .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\fucking lesbian (Tatjana).rar.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\Windows Sidebar\Shared Gadgets\danish cumshot lingerie hot (!) hole beautyfull .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\indian kicking beast several models gorgeoushorny (Christine,Tatjana).rar.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\brasilian beastiality lesbian [free] shower .avi.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Install\{1FAC69E2-6A78-4418-8957-20DE7094BB95}\EDGEMITMP_86547.tmp\horse masturbation glans .rar.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Program Files\dotnet\shared\beast lesbian (Janette).rar.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\gay hidden beautyfull .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\american beastiality beast [bangbus] mistress .zip.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\japanese action lingerie hidden (Melissa).zip.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Program Files\Microsoft Office\Updates\Download\russian kicking trambling sleeping glans .zip.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\american action xxx hidden 50+ .zip.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Templates\blowjob hot (!) .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\american nude hardcore big (Melissa).avi.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Microsoft Shared\gay full movie titts circumcision .avi.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\Download\sperm [bangbus] sweet .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\brasilian kicking sperm hot (!) feet .rar.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\trambling masturbation feet upskirt .avi.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\xxx girls feet blondie .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\japanese gang bang lesbian hot (!) granny .avi.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\tyrkish nude fucking public pregnant .avi.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_fd7349c396c417ae\black porn sperm several models castration .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-m..ineshared.resources_31bf3856ad364e35_10.0.19041.1_en-us_99ddc8ce8d3d6dac\german sperm uncut glans leather .avi.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_de-de_881b257d159a5de8\hardcore licking circumcision (Gina,Samantha).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.746_none_d404daff82e97769\gang bang fucking several models glans bedroom .avi.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_es-es_8da1621e0a800290\handjob beast several models (Karin).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Windows\Downloaded Program Files\russian cumshot sperm [bangbus] glans pregnant .zip.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-composable-sharepicker_31bf3856ad364e35_10.0.19041.1_none_c87e96327faffd0e\nude beast full movie hotel .avi.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_855aff45853749ef\gay big glans (Sonja,Sarah).rar.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.1_none_0bc0f3d4cd7dc8fd\sperm uncut mistress .avi.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Windows\SoftwareDistribution\Download\SharedFileCache\american gang bang sperm lesbian (Sarah).mpg.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_9aa486d790131d4e\nude sperm [milf] titts pregnant .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.1266_none_7916f7558927ae23\french lingerie public redhair .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-s..mon-sharedresources_31bf3856ad364e35_10.0.19041.1_none_5417ea1f38dbb76b\italian horse horse girls redhair .avi.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.746_none_aaeae146be52e178\american nude sperm several models hole pregnant (Jade).zip.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Windows\InputMethod\SHARED\fucking [milf] hole 40+ (Sarah).mpg.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.1_none_fa09f84703cb02c5\russian fetish fucking [bangbus] cock .avi.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.572_none_cf90e12518baac85\chinese beast hot (!) .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_10.0.19041.1_none_ee94ce5eb8e7e4c0\cum sperm several models .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.84_none_81616275259e37fe\trambling public .zip.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_bfae5918c0443f83\animal beast public cock circumcision .avi.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_en-us_64f5aaf4bb13ecef\cumshot gay masturbation feet sweet (Janette).mpg.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_57eddd48e7a74274\chinese bukkake [milf] shoes .avi.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1151_none_fbdc4c5f677dc2ec\british bukkake girls glans leather .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_10.0.19041.1_none_ae957c4c35a7bf73\horse licking blondie .avi.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-update-upshared_31bf3856ad364e35_10.0.19041.84_none_85259eff919b7c9e\canadian gay public (Jade).zip.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_it-it_1a80ce63d483fe70\beastiality blowjob hidden cock boots .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\tyrkish action beast masturbation .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_adfc5e0bfca53431\russian fetish trambling several models titts (Jenna,Melissa).avi.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.928_none_33e0d5558cdd7c61\italian kicking xxx girls (Tatjana).rar.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_de-de_16bd831fd16633be\horse hardcore big feet high heels (Tatjana).mpg.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.746_none_96167fa49059f7a3\animal fucking hidden (Janette).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_10.0.19041.1_none_4ac6500cab2b2113\asian fucking uncut beautyfull .zip.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Windows\PLA\Templates\american beastiality gay voyeur cock swallow .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_10.0.19041.1_none_de1581e9a275faf8\kicking blowjob [bangbus] glans shower (Sarah).mpg.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.1_none_a80cea873b2a6772\norwegian lesbian catfight shoes .zip.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_it-it_72a319bf8ee74a9b\chinese beast public castration (Gina,Karin).avi.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_10.0.19041.1_none_096bb4dc0d5d63a0\beast sleeping hole .avi.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Windows\security\templates\danish nude horse several models castration .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\lingerie voyeur pregnant .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\tyrkish action lesbian uncut pregnant (Christine,Sylvia).rar.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_1bbb9ab9fc52bac9\horse fucking licking cock balls (Sarah).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_f07d4fae3e8e883f\trambling girls cock pregnant (Jade).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1288_none_ca3007304990b2ea\chinese sperm sleeping sm .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1_none_0b596e2a33be7d4c\hardcore voyeur glans .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.1_none_f42978969c79336a\fucking [bangbus] titts circumcision .avi.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\danish action lingerie girls titts 40+ .rar.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_es-es_64c107d8bb3ade94\animal blowjob masturbation mature (Britney,Karin).mpg.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_10.0.19041.746_none_e2c6a972a81b8d2c\gay licking beautyfull .zip.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-s..-kf-commondownloads_31bf3856ad364e35_10.0.19041.1_none_a914e3e3f19ceda1\japanese cumshot fucking [milf] feet .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5fdc43acc1be690d\cum sperm girls feet (Jenna,Samantha).zip.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_5b152a8d329397ec\handjob bukkake masturbation titts (Anniston,Curtney).rar.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_4c786ae2f508e6d5\african lingerie several models glans .zip.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_887b2378b7b5651d\norwegian sperm lesbian .rar.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedrealitysvc_31bf3856ad364e35_10.0.19041.746_none_822bf1ada1526fa8\nude lingerie voyeur (Samantha).rar.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_de-de_e4e52f411b7b0526\american cum gay [bangbus] cock sm (Janette).rar.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_211cf1c632a13851\gang bang beast uncut cock sweet .rar.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..ces-ime-eashared-lm_31bf3856ad364e35_10.0.19041.1_none_3d0229d17c310f10\asian bukkake [free] lady (Ashley,Curtney).mpg.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_it-it_4c5922428a6f2d08\horse trambling [free] .rar.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_en-us_310bfb76047869ad\french lingerie lesbian hole .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_10.0.19041.1_none_8c0b126c198fcf70\french xxx several models titts pregnant .avi.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_14c898cc82025c76\french gay voyeur granny .avi.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Windows\assembly\temp\japanese fetish gay voyeur .rar.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\templates\danish fetish sperm lesbian hotel (Kathrin,Janette).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
| File created | C:\Windows\SystemResources\Windows.ShellCommon.SharedResources\swedish porn lesbian lesbian mature .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe
"C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe"
C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe
"C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe"
C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe
"C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe"
C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe
"C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4880 --field-trial-handle=3488,i,1267426273081718772,6254127258555406296,262144 --variations-seed-version /prefetch:8
Network
| Country | Destination | Domain | Proto |
| NL | 52.142.223.178:80 | tcp | |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.66.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 218.122.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.58.20.217.in-addr.arpa | udp |
Files
memory/1580-0-0x0000000000400000-0x000000000041E000-memory.dmp
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\gay hidden beautyfull .mpeg.exe
| MD5 | 51c6b9cb044b4afaa56ec8ced2ea3e7c |
| SHA1 | 48d820d262ee4c4f17003079a3d12bcae594fbc4 |
| SHA256 | 7af5c0e4789dc1a033dbf333f11b22f15057ec5eafc557ec6969a579f1f74669 |
| SHA512 | 7edfdbc6bcbad457ef8c19357187e9a7154e9d5ad9c1ae9c2e4401c8efbede3bfc14debfe4bc927eddbb7eda15153f9bea883371620493d72816eaea15f15e8e |
memory/3364-11-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1580-20-0x0000000000400000-0x000000000041E000-memory.dmp
memory/4700-148-0x0000000000400000-0x000000000041E000-memory.dmp
memory/3364-162-0x0000000000400000-0x000000000041E000-memory.dmp
memory/3640-163-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1580-178-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1580-179-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1580-195-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1580-199-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1580-211-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1580-215-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1580-219-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1580-223-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1580-231-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1580-235-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1580-239-0x0000000000400000-0x000000000041E000-memory.dmp