Analysis Overview
SHA256
1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a
Threat Level: Known bad
The file 1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a was found to be: Known bad.
Malicious Activity Summary
UPX dump on OEP (original entry point)
UPX dump on OEP (original entry point)
Detects executables containing possible sandbox analysis VM usernames
UPX packed file
Checks computer location settings
Reads user/profile data of web browsers
Adds Run key to start application
Enumerates connected drives
Drops file in System32 directory
Drops file in Windows directory
Drops file in Program Files directory
Enumerates physical storage devices
Unsigned PE
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-03 19:01
Signatures
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-03 19:01
Reported
2024-04-03 19:04
Platform
win7-20240221-en
Max time kernel
150s
Max time network
155s
Command Line
Signatures
Detects executables containing possible sandbox analysis VM usernames
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\lingerie public redhair .rar.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\shared\bukkake catfight penetration (Kathrin,Karin).avi.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\brasilian handjob lesbian uncut shoes .avi.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\shared\italian kicking beast full movie black hairunshaved .zip.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\gay voyeur Ôë .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\russian horse xxx lesbian circumcision (Jenna,Janette).zip.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\cumshot fucking masturbation leather .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Windows\System32\LogFiles\Fax\Incoming\swedish action blowjob [bangbus] latex .rar.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\sperm several models hairy (Sandy,Jade).rar.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\american action lingerie several models cock gorgeoushorny (Sarah).rar.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Common Files\microsoft shared\brasilian nude fucking [milf] hole .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\american cumshot trambling big mature .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\swedish beastiality lesbian licking bondage (Anniston,Tatjana).mpg.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\danish kicking bukkake masturbation penetration .avi.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Program Files\DVD Maker\Shared\japanese beastiality fucking lesbian titts (Jenna,Curtney).zip.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\Download\indian fetish horse hidden titts .rar.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\brasilian cum horse voyeur .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\sperm [free] cock leather .avi.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Shared Gadgets\gay voyeur lady .avi.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Program Files\Windows Journal\Templates\black cumshot fucking public cock bedroom (Melissa).rar.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\indian gang bang hardcore [bangbus] penetration .zip.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\tyrkish cum bukkake uncut .rar.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\black cum lingerie girls glans leather .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\xxx big glans .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\danish action bukkake sleeping glans .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\winsxs\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_664dbffec8693dfe\chinese hardcore several models hole upskirt (Melissa).zip.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_65b23d3c3a97bfaf\beastiality hardcore sleeping hole .zip.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_05ea1d9b8e2bf020\black action sperm voyeur titts sm (Sylvia).zip.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_6.1.7600.16385_none_2958d4a31d2ec64f\swedish handjob blowjob [milf] (Sylvia).rar.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_6.1.7600.16385_none_5499606faffb3f9f\norwegian sperm hidden ejaculation .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_39374e2435a71b47\black handjob lesbian girls mature .rar.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_16a2bb1dbab1c595\black nude sperm sleeping (Tatjana).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_3c93ac15fd731acf\handjob xxx big titts .zip.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\american action horse hot (!) ash .zip.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Windows\Downloaded Program Files\russian cumshot sperm hot (!) hole wifey (Samantha).avi.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e30b5ec05031d17d\danish cum hardcore full movie penetration .zip.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5d9f7d70ed4643fd\chinese hardcore hidden cock beautyfull .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_6.1.7600.16385_none_49dd84a06c7c8863\chinese lingerie public boots .avi.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_dd18b2a07d49aa11\american nude beast big cock gorgeoushorny .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Windows\assembly\temp\tyrkish handjob lesbian public .zip.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b4aea777fe683838\nude sperm uncut glans granny .zip.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ac16749b75335680\spanish bukkake catfight hole gorgeoushorny .rar.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\brasilian action xxx catfight .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\lesbian full movie hairy .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8bc7919d3f36cee7\swedish kicking gay hot (!) .avi.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Windows\winsxs\InstallTemp\fetish xxx [milf] .rar.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_3b85bcbe4734e96a\horse xxx public titts .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\lesbian uncut (Sarah).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\japanese animal hardcore [bangbus] circumcision .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\danish horse blowjob voyeur cock .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_965db382b6fef5cb\beast public 50+ .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\fucking lesbian 40+ (Gina,Karin).mpg.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_es-es_00bfb7e81e458178\indian porn fucking hidden titts balls .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_97a45841ff925aa0\norwegian fucking several models cock sweet (Samantha).zip.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Windows\security\templates\russian cum trambling catfight redhair .rar.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_963e6ae24c653bfe\spanish sperm catfight bedroom .avi.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Windows\mssrv.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\hardcore voyeur hotel .avi.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05\malaysia fucking full movie blondie .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_cd2006602e5ee22e\brasilian nude sperm licking pregnant (Sonja,Janette).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_f3c374fc18118ca2\malaysia sperm full movie (Tatjana).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Windows\assembly\tmp\indian porn lesbian several models (Karin).mpg.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8c6fc5a7aa8c435d\xxx girls titts .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8bfc34b93f0fdd42\indian horse hardcore masturbation shoes .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\russian cum beast voyeur hole bedroom .rar.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8d9f242de8497d58\blowjob big glans granny (Karin).avi.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_it-it_18a6fde3093acac7\trambling [free] blondie .avi.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_d81c96999f75bd77\horse hidden .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5d6ada54ed6d35a2\asian blowjob [bangbus] cock high heels .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_6208b91f46896156\russian cumshot gay several models (Liz).rar.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\gay hidden hole .avi.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Windows\winsxs\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_79642285ffd2a388\beastiality fucking masturbation .rar.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\Downloads\xxx voyeur mistress .rar.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_515dc677700303ec\malaysia bukkake public castration (Britney,Jade).avi.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_94ab98ac6d213009\lingerie sleeping penetration .rar.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_6.1.7600.16385_none_af6f98ff87b0e3cc\gang bang lingerie lesbian shower .avi.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_7bfdfb15e7184c41\brasilian animal lingerie public (Liz).mpg.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2fc4a33adb648f33\malaysia beast [bangbus] titts swallow (Jade).mpg.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_f0ca3430257ea13f\american nude sperm catfight glans boots .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\russian cumshot hardcore [bangbus] young .avi.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\horse hidden .zip.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\indian horse blowjob full movie .avi.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0993a1b8823a4e79\british beast hot (!) feet bedroom (Melissa).mpg.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0ac4ebfc358e5ec0\german sperm masturbation penetration .zip.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_c26c5b8280c6af34\russian action gay full movie glans traffic .zip.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_387a16fe7addf3b6\xxx [free] bondage .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\xxx big feet hairy .rar.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_9498b282333b64ec\cum sperm hidden granny .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_aea650787d30ed8a\cumshot sperm full movie (Liz).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe
"C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe"
C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe
"C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe"
C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe
"C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 78.37.184.41.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.225.241.60.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 222.225.210.38.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.24.127.179.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.69.185.19.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 245.192.236.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.35.39.114.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.255.130.123.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.219.46.243.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.156.14.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 179.18.136.159.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.190.16.175.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.189.123.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 127.18.230.79.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.228.213.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 12.195.3.58.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.215.75.17.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.7.69.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.104.76.171.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.197.157.1.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 244.104.24.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 45.132.173.151.in-addr.arpa | udp |
Files
memory/2164-0-0x0000000000400000-0x000000000041E000-memory.dmp
C:\Program Files\Windows Sidebar\Shared Gadgets\gay voyeur lady .avi.exe
| MD5 | c52377a8b5366f4caaca6de524fb8899 |
| SHA1 | a8d7b86cce2060174f800022013ac58cfb96f7dc |
| SHA256 | 60b656bfb97f5e64e4092868742bf36bf71713e543512a2aadda2fc8e54e6d02 |
| SHA512 | fd3ff9c3e70a95d7764d10a0dc197b07dd1d502161323d99e0135844a532cef2954729dc1b65bdcd8415e02f9ff4e86cb09d140757a247a7a782bf3e4034816a |
memory/1160-11-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2164-10-0x0000000004DB0000-0x0000000004DCE000-memory.dmp
memory/1160-53-0x0000000004900000-0x000000000491E000-memory.dmp
memory/2164-87-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1160-88-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2372-89-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2164-90-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2164-91-0x0000000004DB0000-0x0000000004DCE000-memory.dmp
memory/2164-92-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2164-96-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2164-109-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2164-112-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2164-115-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2164-118-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2164-121-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2164-126-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2164-129-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2164-132-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2164-135-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2164-138-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2164-141-0x0000000000400000-0x000000000041E000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-03 19:01
Reported
2024-04-03 19:03
Platform
win10v2004-20240226-en
Max time kernel
150s
Max time network
151s
Command Line
Signatures
Detects executables containing possible sandbox analysis VM usernames
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\FxsTmp\gay big glans (Anniston,Liz).zip.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\danish cum blowjob full movie .rar.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\brasilian beastiality blowjob [free] hole ejaculation (Jade).zip.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\bukkake hidden titts shoes .rar.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\beast catfight glans bedroom .zip.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\japanese nude fucking hot (!) feet ash .rar.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\russian beastiality xxx hot (!) feet (Britney,Sarah).avi.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\SHARED\brasilian cum gay sleeping .rar.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\swedish beastiality beast hidden swallow .zip.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\handjob beast [free] lady .zip.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\SHARED\sperm [free] cock redhair (Tatjana).mpg.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Windows\System32\LogFiles\Fax\Incoming\blowjob hidden feet upskirt .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Google\Update\Download\gay hot (!) mature .rar.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\xxx [milf] feet (Britney,Curtney).zip.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\swedish gang bang sperm full movie cock .zip.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Templates\indian fetish bukkake catfight hole leather .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\indian handjob fucking sleeping (Tatjana).mpg.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\brasilian porn gay [bangbus] .zip.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\danish handjob trambling girls feet .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\swedish beastiality horse [milf] .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\indian horse horse [free] bedroom .zip.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\lesbian uncut blondie .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Program Files\dotnet\shared\lingerie hidden hole traffic (Liz).zip.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Program Files\Microsoft Office\Updates\Download\lesbian several models (Curtney).avi.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\horse masturbation lady .avi.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\lingerie big balls (Sonja,Sarah).mpg.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\horse hidden (Sarah).avi.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Shared Gadgets\horse hot (!) circumcision .avi.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\indian kicking hardcore lesbian bondage (Kathrin,Melissa).zip.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Microsoft Shared\lesbian girls cock .avi.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_5d54c0aac5c3c12c\black action hardcore licking glans sm .avi.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1288_none_ca3007304990b2ea\tyrkish animal sperm uncut cock gorgeoushorny .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_10.0.19041.746_none_292c449ed2edefa3\british bukkake licking sweet .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.1_none_6e0e425bd0e83959\beast sleeping (Liz).mpg.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-w..acejoin-gptemplates_31bf3856ad364e35_10.0.19041.1_none_609f27436445f4da\japanese gang bang hardcore public circumcision (Anniston,Tatjana).mpg.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_8fafa997b9980bea\cum lingerie hidden titts bondage (Curtney).avi.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d38ece58f77171b4\trambling lesbian latex .zip.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_10.0.19041.1_none_bd731e5b85dd203e\chinese sperm voyeur .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_de-de_3d077a9cd5de5151\indian nude fucking licking glans .rar.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.746_none_a06b29f6c4bab99e\nude lingerie several models .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.746_none_d01527cffa9c25bc\british trambling hidden granny .rar.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1202_none_e2f5ebbcec2d8fca\cumshot sperm sleeping cock upskirt .rar.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.1_none_d12f2a9a88909fc2\african hardcore [free] titts lady (Curtney).rar.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.867_none_c29826784f9429f8\danish beastiality lingerie hidden .zip.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_2426cc56d654beaa\fetish xxx sleeping glans castration (Melissa).zip.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Windows\WinSxS\x86_netfx4-uninstallsqlstatetemplate_sql_b03f5f7f11d50a3a_4.0.15805.0_none_231ddfc33015c6db\asian bukkake masturbation hotel .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_10.0.19041.1_none_03040a328f65b761\asian trambling uncut sweet (Britney,Melissa).avi.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-composable-sharepicker_31bf3856ad364e35_10.0.19041.1_none_c87e96327faffd0e\british hardcore [free] cock leather (Samantha).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_f07d4fae3e8e883f\japanese kicking lingerie [free] hole leather .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_bfae5918c0443f83\african fucking masturbation feet upskirt .rar.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1288_none_56c05939711f0938\german lingerie catfight Ôï .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_it-it_f1a0741e853eda74\italian cum lingerie girls femdom .avi.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.1_none_4a03fd12cb3f16c2\asian gay hot (!) girly .avi.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1288_none_6115038ba57fcb33\russian horse xxx girls (Jade).mpg.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_10.0.19041.1_none_de1581e9a275faf8\fucking girls .rar.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.1_none_a7ad1894592cfa12\beastiality fucking uncut feet redhair (Sylvia).avi.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_10.0.19041.746_none_e2c6a972a81b8d2c\lesbian lesbian latex .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.572_none_d9e58b774d1b6e80\cum lesbian sleeping feet (Kathrin,Melissa).zip.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5fdc43acc1be690d\black gang bang lesbian voyeur hole fishy (Tatjana).zip.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.746_none_d404daff82e97769\tyrkish nude bukkake masturbation mistress .zip.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_93c5f32b7859ec4f\sperm masturbation glans hotel (Curtney).rar.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-update-upshared_31bf3856ad364e35_10.0.19041.84_none_85259eff919b7c9e\asian blowjob several models glans .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..ces-ime-eashared-lm_31bf3856ad364e35_10.0.19041.1_none_4756d423b091d10b\german trambling catfight titts (Sonja,Samantha).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Windows\CbsTemp\black fetish fucking licking (Liz).avi.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_10.0.19041.1_none_a3d9a07cf2290837\german sperm lesbian lady .avi.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedpc-sharedpccsp_31bf3856ad364e35_10.0.19041.746_none_4cfe603abbcbfd86\xxx girls feet hairy (Jade).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-t..ervices-tsfairshare_31bf3856ad364e35_10.0.19041.746_none_0b33a1c93a22de1c\norwegian gay [bangbus] swallow .avi.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_215194e2327a46ac\lesbian catfight .avi.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-m..ineshared.resources_31bf3856ad364e35_10.0.19041.1_en-us_99ddc8ce8d3d6dac\bukkake hidden lady (Christine,Sylvia).zip.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_fd7349c396c417ae\african lesbian sleeping feet girly .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-s..mon-sharedresources_31bf3856ad364e35_10.0.19041.1_none_5417ea1f38dbb76b\gang bang fucking girls .rar.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_10.0.19041.1_none_096bb4dc0d5d63a0\indian porn bukkake several models penetration .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_cb389cf57d74d691\horse sperm hidden castration (Sonja,Janette).zip.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_4c786ae2f508e6d5\chinese horse full movie young .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx-aspnet-nonwow64-shared_b03f5f7f11d50a3a_4.0.19041.1_none_d66d07dacac85e2d\lesbian [bangbus] ash .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_56cd15352969a8d0\brasilian handjob horse hidden swallow .rar.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Windows\SystemResources\Windows.UI.ShellCommon\SharePickerUI\bukkake [bangbus] hole .zip.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_7860bee9439c3ae7\danish kicking blowjob uncut pregnant .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c3d467c525734eb3\norwegian trambling masturbation .avi.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-u..ell-sharedutilities_31bf3856ad364e35_10.0.19041.546_none_a93e4a2569276206\animal beast licking upskirt .avi.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.844_none_67b5915b5651dd8a\african blowjob hot (!) feet 40+ (Sarah).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_9aa486d790131d4e\nude horse several models bedroom .zip.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1_none_3cfd44d351b1a8ab\brasilian beastiality horse hot (!) bedroom .rar.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_d58d4747b1d5988c\french gay uncut glans Ôï (Liz).mpg.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_5abbd3c4a3f2014c\sperm hidden feet mature .rar.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedpc-sharedpccsp_31bf3856ad364e35_10.0.19041.1_none_24f622f1fc5a3f3c\malaysia bukkake girls stockings .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-update-upshared_31bf3856ad364e35_10.0.19041.1151_none_025296d718a7b3a8\tyrkish gang bang xxx masturbation feet (Sandy,Jade).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx4-_dataoraclec.._shared12_neutral_h_b03f5f7f11d50a3a_4.0.15805.0_none_3b8d4dacc2ea6b71\canadian fucking licking titts gorgeoushorny .avi.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_10.0.19041.207_none_e2f2dfeea7fa44fc\chinese xxx public hairy .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.746_none_aaeae146be52e178\african sperm [bangbus] (Janette).zip.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_en-us_8dd6053a0a5910eb\british xxx masturbation cock .avi.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_it-it_1a80ce63d483fe70\canadian gay uncut granny .avi.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Windows\WinSxS\msil_microsoft.powershel..filedownloadmanager_31bf3856ad364e35_10.0.19041.1_none_cb69bad627df9263\japanese horse lesbian hidden hole .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_b597a55b603b537d\french lingerie voyeur wifey .rar.exe | C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe
"C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe"
C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe
"C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe"
C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe
"C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe"
C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe
"C:\Users\Admin\AppData\Local\Temp\1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.134.161.107.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 213.122.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.57.40.26.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.231.13.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 159.129.13.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 44.106.41.31.in-addr.arpa | udp |
| NL | 52.142.223.178:80 | tcp | |
| US | 8.8.8.8:53 | 157.1.12.98.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.113.197.200.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.245.144.9.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 235.161.118.238.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.158.120.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 186.199.115.29.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.46.196.224.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 132.46.183.153.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.100.115.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.75.166.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 45.28.208.211.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 54.124.6.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 160.217.93.5.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 185.167.166.94.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.142.91.174.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 151.48.131.111.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.186.147.50.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 94.250.125.31.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.67.136.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 85.59.57.188.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.157.191.160.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.62.237.79.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.86.189.135.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.60.152.236.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 242.119.48.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 186.125.66.245.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.234.157.175.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 239.31.205.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 147.180.73.124.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.236.134.175.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 190.106.105.211.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.102.79.193.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.76.246.252.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 244.45.147.79.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 239.73.129.101.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.143.165.135.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.164.27.135.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.66.195.224.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.240.100.135.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.125.2.246.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.128.188.219.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.60.45.21.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 170.98.190.208.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.131.128.29.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 164.197.64.206.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.207.120.255.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.109.185.200.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.208.9.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.26.73.9.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.231.190.19.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.85.60.194.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.112.228.135.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.147.8.224.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.115.247.234.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.179.89.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.158.53.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.208.27.15.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.165.70.207.in-addr.arpa | udp |
Files
memory/4500-0-0x0000000000400000-0x000000000041E000-memory.dmp
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\indian handjob fucking sleeping (Tatjana).mpg.exe
| MD5 | f8cba72ec3c55090fafe9293f7705faf |
| SHA1 | 5bc6b5d2f13ef369ec7832e94fff6c380fed9f0e |
| SHA256 | d49c634347ec61f181b51977637da72a418c2cf2803be52acc2a2dade60240b2 |
| SHA512 | 4b75ea286751efd56f95a0c2df7dcf2715f5c65296cf23ff443bfd525211cffd5839c9c0a2d4c9364041a529e81e349d84a08383988d85fe06423513473d427c |
memory/4720-33-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2936-158-0x0000000000400000-0x000000000041E000-memory.dmp
memory/4328-160-0x0000000000400000-0x000000000041E000-memory.dmp
memory/4500-186-0x0000000000400000-0x000000000041E000-memory.dmp
memory/4720-187-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2936-188-0x0000000000400000-0x000000000041E000-memory.dmp
memory/4328-189-0x0000000000400000-0x000000000041E000-memory.dmp
memory/4500-191-0x0000000000400000-0x000000000041E000-memory.dmp
memory/4500-197-0x0000000000400000-0x000000000041E000-memory.dmp
memory/4500-207-0x0000000000400000-0x000000000041E000-memory.dmp
memory/4500-211-0x0000000000400000-0x000000000041E000-memory.dmp
memory/4500-216-0x0000000000400000-0x000000000041E000-memory.dmp
memory/4500-220-0x0000000000400000-0x000000000041E000-memory.dmp
memory/4500-224-0x0000000000400000-0x000000000041E000-memory.dmp
memory/4500-228-0x0000000000400000-0x000000000041E000-memory.dmp
memory/4500-232-0x0000000000400000-0x000000000041E000-memory.dmp
memory/4500-236-0x0000000000400000-0x000000000041E000-memory.dmp
memory/4500-240-0x0000000000400000-0x000000000041E000-memory.dmp
memory/4500-244-0x0000000000400000-0x000000000041E000-memory.dmp
memory/4500-248-0x0000000000400000-0x000000000041E000-memory.dmp