Analysis Overview
SHA256
1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827
Threat Level: Known bad
The file 1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827 was found to be: Known bad.
Malicious Activity Summary
UPX dump on OEP (original entry point)
Detects executables containing possible sandbox analysis VM usernames
UPX dump on OEP (original entry point)
UPX packed file
Checks computer location settings
Reads user/profile data of web browsers
Enumerates connected drives
Adds Run key to start application
Drops file in System32 directory
Drops file in Windows directory
Drops file in Program Files directory
Enumerates physical storage devices
Unsigned PE
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-03 19:03
Signatures
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-03 19:03
Reported
2024-04-03 19:05
Platform
win7-20240221-en
Max time kernel
150s
Max time network
149s
Command Line
Signatures
Detects executables containing possible sandbox analysis VM usernames
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\FxsTmp\french nude voyeur glans (Tatjana,Jenna).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Windows\System32\LogFiles\Fax\Incoming\american sperm trambling public fishy (Janette).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\american gay sperm several models 50+ (Liz).mpg.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\gay hardcore masturbation feet .avi.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\brasilian fucking [bangbus] hairy (Jade,Tatjana).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\american handjob [bangbus] feet .rar.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\swedish beast several models .zip.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\shared\indian lingerie sleeping penetration .avi.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\horse sleeping (Tatjana,Christine).avi.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\shared\american fetish trambling uncut .zip.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Google\Update\Download\swedish blowjob trambling public .rar.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\spanish gang bang sleeping glans young (Jade,Melissa).rar.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\italian gay lesbian cock (Ashley).zip.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\fucking hidden YEâPSè& .rar.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Shared Gadgets\handjob sperm licking boobs sm .rar.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\microsoft shared\norwegian cumshot beastiality [bangbus] hole .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\nude nude [free] wifey .rar.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\blowjob lesbian (Kathrin,Sonja).zip.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\porn voyeur .avi.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\gay action hot (!) titts high heels .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Program Files\DVD Maker\Shared\russian lesbian hidden redhair .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Program Files\Windows Journal\Templates\cumshot [free] young .zip.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\chinese beast [bangbus] blondie (Samantha).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\lesbian sperm several models boobs lady .avi.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\action catfight titts leather .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\cumshot blowjob hot (!) (Sonja).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\action horse [free] nipples mistress .rar.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ac16749b75335680\danish xxx public latex (Sarah).rar.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_5e4ff1f4cf2dee9b\horse lesbian [milf] .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_664dbffec8693dfe\tyrkish lingerie masturbation fishy .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0af98f1835676d1b\horse blowjob licking .avi.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\malaysia porn xxx full movie granny .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\Downloads\norwegian gay porn licking .rar.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2fc4a33adb648f33\british xxx xxx girls .rar.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_39c9d74ef2ad6c7b\italian gay public .rar.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Windows\winsxs\InstallTemp\animal fetish uncut shoes (Sarah).zip.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Windows\winsxs\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_79642285ffd2a388\norwegian beastiality cum big upskirt .rar.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Windows\winsxs\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_6b16fa9f975e1109\chinese nude nude hidden shower .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_3d98a610fed70b75\canadian handjob voyeur blondie .rar.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_94ab98ac6d213009\trambling lesbian .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\african bukkake catfight legs latex .rar.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\malaysia gay horse voyeur (Sandy).mpg.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\cumshot hidden feet .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_f27c4f066f5c6701\norwegian horse bukkake big boobs .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0835101f2d90c7b6\asian blowjob gang bang public feet (Jenna,Sarah).avi.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5d9f7d70ed4643fd\gang bang horse licking hairy .zip.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_34400a5790d1d336\german fucking hidden boobs mature .avi.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8bfc34b93f0fdd42\blowjob cum full movie legs swallow .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_cd2006602e5ee22e\swedish hardcore beastiality big (Sonja,Curtney).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_963e6ae24c653bfe\cumshot cum catfight castration (Melissa).avi.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_f3c374fc18118ca2\porn hot (!) ash girly (Liz).zip.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Windows\assembly\tmp\bukkake action [free] boots (Gina,Melissa).mpg.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05\asian xxx licking femdom .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_60c2504d62fd4f0e\american horse bukkake full movie boots (Janette,Christine).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Windows\Downloaded Program Files\chinese fetish fetish lesbian high heels .avi.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\fetish fucking hidden .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5d6ada54ed6d35a2\italian trambling horse hidden .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_2e7f079c3208e549\black nude hardcore full movie ìï .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_7bfdfb15e7184c41\french nude girls glans (Tatjana,Janette).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_es-es_00bfb7e81e458178\swedish bukkake handjob [bangbus] latex .rar.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\indian fucking full movie .zip.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\black horse porn catfight ash .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_60a2cbbf935c42b4\chinese nude hot (!) feet (Melissa).avi.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_aea650787d30ed8a\blowjob lesbian full movie stockings .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_515dc677700303ec\sperm lesbian masturbation titts mistress .avi.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_4d274741486b900c\italian porn hidden 40+ (Christine,Melissa).mpg.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_a945e2c500c90142\porn hidden hole .rar.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\Downloads\canadian cum girls .avi.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_6.1.7600.16385_none_a727eb798dcfb185\british handjob sperm several models black hairunshaved .zip.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_387a16fe7addf3b6\chinese lingerie girls sweet (Sandy).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\indian gay horse sleeping hotel (Christine,Britney).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_94828572f7ddbf0f\trambling big redhair (Janette).mpg.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\african trambling gang bang masturbation young .avi.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\spanish kicking full movie high heels .rar.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\french porn lesbian several models sm .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8c6fc5a7aa8c435d\russian gay lesbian .rar.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_97a45841ff925aa0\indian beastiality voyeur latex .rar.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Windows\winsxs\Temp\danish cumshot xxx masturbation .avi.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_b7f38afb92de484f\fucking handjob public ash (Janette,Samantha).avi.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_dd18b2a07d49aa11\cum handjob hidden (Gina).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_657d9a203abeb154\handjob sperm sleeping glans .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_bacc7ceffc55dca2\canadian lesbian xxx [free] leather (Christine,Britney).zip.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_6208b91f46896156\chinese cumshot nude catfight feet high heels (Anniston).avi.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_1412267f4b3bb985\danish bukkake action licking lady (Tatjana,Sandy).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-m..-temptable-provider_31bf3856ad364e35_6.1.7600.16385_none_1dd3ce8d1e7524cd\asian xxx hardcore [free] .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_6.1.7600.16385_none_2958d4a31d2ec64f\italian gay big (Anniston).avi.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Windows\PLA\Templates\asian gay fucking [free] wifey .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_293ea1e3e6bc5364\swedish fetish voyeur .avi.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_00225053e03f4c04\french lingerie public mature .rar.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe
"C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe"
C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe
"C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe"
C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe
"C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 139.17.11.22.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.220.136.48.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.142.71.234.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 207.106.70.243.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 219.144.50.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.250.36.131.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 87.170.178.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 44.214.221.109.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.15.222.227.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 186.74.187.180.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.74.147.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 124.169.195.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 142.65.74.82.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.161.200.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.140.106.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.15.89.112.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.201.79.137.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 60.107.217.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 44.25.151.182.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 191.17.245.220.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 54.224.69.1.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.3.118.194.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.90.63.122.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 246.10.47.143.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.252.114.161.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 168.22.219.237.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.120.14.154.in-addr.arpa | udp |
Files
memory/2172-0-0x0000000000400000-0x000000000041D000-memory.dmp
C:\Program Files\Windows Sidebar\Shared Gadgets\handjob sperm licking boobs sm .rar.exe
| MD5 | 963863834d0fb83e671181dfb80d250d |
| SHA1 | 5d4221460ca46d59dbe40e50b8c50ec47ba6aa30 |
| SHA256 | 995ab23422422aed7fa1ca07ac61938a3fd5a771e43316a986d894bfbeebbb24 |
| SHA512 | 8129303d68407fcc33592ffa27ecd4c801fec6d1f8fda5e41b8163d20a5fcb1deedad1722863b096d0b2714d6b044804ce863f353773071c0669286241368a32 |
memory/2172-53-0x0000000001F20000-0x0000000001F3D000-memory.dmp
memory/2424-54-0x0000000000400000-0x000000000041D000-memory.dmp
memory/2712-84-0x0000000000400000-0x000000000041D000-memory.dmp
memory/2172-91-0x0000000000400000-0x000000000041D000-memory.dmp
memory/2172-104-0x0000000000400000-0x000000000041D000-memory.dmp
memory/2172-105-0x0000000000400000-0x000000000041D000-memory.dmp
memory/2172-107-0x0000000001F20000-0x0000000001F3D000-memory.dmp
memory/2172-109-0x0000000000400000-0x000000000041D000-memory.dmp
memory/2172-112-0x0000000000400000-0x000000000041D000-memory.dmp
memory/2172-115-0x0000000000400000-0x000000000041D000-memory.dmp
memory/2172-120-0x0000000000400000-0x000000000041D000-memory.dmp
memory/2172-123-0x0000000000400000-0x000000000041D000-memory.dmp
memory/2172-126-0x0000000000400000-0x000000000041D000-memory.dmp
memory/2172-129-0x0000000000400000-0x000000000041D000-memory.dmp
memory/2172-132-0x0000000000400000-0x000000000041D000-memory.dmp
memory/2172-135-0x0000000000400000-0x000000000041D000-memory.dmp
memory/2172-138-0x0000000000400000-0x000000000041D000-memory.dmp
memory/2172-141-0x0000000000400000-0x000000000041D000-memory.dmp
memory/2172-144-0x0000000000400000-0x000000000041D000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-03 19:03
Reported
2024-04-03 19:05
Platform
win10v2004-20240226-en
Max time kernel
150s
Max time network
157s
Command Line
Signatures
Detects executables containing possible sandbox analysis VM usernames
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\System32\DriverStore\Temp\sperm gang bang girls hotel .avi.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Windows\System32\LogFiles\Fax\Incoming\british cum full movie 40+ (Tatjana,Anniston).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\japanese trambling hardcore masturbation sweet .zip.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\tyrkish trambling lesbian castration (Samantha).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\asian cum lingerie licking traffic (Christine,Sonja).zip.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\SHARED\canadian lesbian beast several models feet leather .avi.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\kicking xxx lesbian vagina leather (Janette).avi.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\asian handjob masturbation titts .avi.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\canadian action lingerie hot (!) blondie .zip.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\SHARED\xxx gang bang several models feet bondage (Melissa,Anniston).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\lingerie lesbian ash penetration .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\brasilian lingerie voyeur .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\asian cumshot girls ash .avi.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\swedish bukkake cumshot [free] bondage .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\american fucking blowjob [bangbus] balls .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Install\{1FAC69E2-6A78-4418-8957-20DE7094BB95}\EDGEMITMP_86547.tmp\animal hardcore catfight bondage .avi.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\action action public fishy .rar.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Program Files\dotnet\shared\malaysia lesbian blowjob several models hole .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\german beast action several models pregnant (Ashley,Samantha).zip.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Program Files\Microsoft Office\Updates\Download\action sperm [free] .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\japanese horse catfight titts (Sandy).avi.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\sperm girls redhair .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\swedish trambling voyeur ash .avi.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Shared Gadgets\italian lesbian licking wifey .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\swedish lingerie masturbation swallow .avi.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Microsoft Shared\russian horse public .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\Download\fetish licking .zip.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\african animal cum [milf] 40+ .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Templates\nude nude catfight .rar.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\spanish lingerie kicking masturbation (Sandy,Tatjana).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\chinese lingerie kicking masturbation boobs mistress (Sandy,Melissa).zip.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1202_none_d8a1416ab7cccdcf\action public titts circumcision (Gina,Karin).rar.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_es-es_c9ce604ef4cbf323\horse big mature (Sonja,Melissa).zip.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\cumshot [milf] legs ΋ .avi.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-update-upshared_31bf3856ad364e35_10.0.19041.84_none_85259eff919b7c9e\fetish beastiality licking vagina (Samantha,Christine).avi.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx4-uninstallsqlstatetemplate_sql_b03f5f7f11d50a3a_4.0.15805.0_none_db70a8ec1b999dd5\american kicking horse public vagina shower .avi.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\lesbian [bangbus] .avi.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d38ece58f77171b4\chinese porn masturbation ash (Anniston).rar.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_10.0.19041.1_none_8c0b126c198fcf70\handjob nude hot (!) .avi.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_en-us_e5f85095c4bc5d16\trambling [milf] hole femdom (Kathrin).mpg.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_6c85d64de79e0985\canadian action [bangbus] ash 50+ .zip.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\templates\action cumshot licking legs .rar.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\malaysia hardcore [milf] (Anniston,Britney).rar.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..ces-ime-eashared-lm_31bf3856ad364e35_10.0.19041.1_none_3d0229d17c310f10\norwegian fetish fetish sleeping (Britney,Samantha).rar.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_de-de_3d077a9cd5de5151\horse hidden penetration .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_10.0.19041.1_none_01240756137c3159\french gay several models gorgeoushorny .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_10.0.19041.1_none_c513167c1d0a90dd\italian action licking ejaculation (Curtney).mpg.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Windows\mssrv.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\horse sleeping pregnant .zip.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_d58d4747b1d5988c\american blowjob [milf] titts 50+ .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_fe0807c37141be7a\horse lesbian blondie (Jade).mpg.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-security-ntlmshared_31bf3856ad364e35_10.0.19041.1_none_7d9dab4e456449b1\animal [bangbus] black hairunshaved .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Windows\WinSxS\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_10.0.19041.1_none_4ab14109a3e1e067\canadian nude handjob hot (!) leather .zip.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.1266_none_7916f7558927ae23\lingerie porn voyeur .rar.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1_none_0b596e2a33be7d4c\fucking big (Jade,Kathrin).avi.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.1_none_6e0e425bd0e83959\french lingerie lesbian redhair .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\handjob [bangbus] cock gorgeoushorny .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_es-es_30d7585a049f5b52\brasilian porn full movie titts .rar.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_5b152a8d329397ec\chinese blowjob full movie stockings .avi.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_de-de_16bd831fd16633be\cum masturbation .avi.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_de-de_881b257d159a5de8\spanish animal full movie .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Windows\SoftwareDistribution\Download\SharedFileCache\japanese xxx kicking several models sweet (Curtney,Jenna).mpg.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_f07d4fae3e8e883f\russian beastiality porn hidden penetration .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\african gang bang beast licking .zip.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.844_none_67b5915b5651dd8a\brasilian horse licking Ôï .avi.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_es-es_bf79b5fcc06b3128\nude gang bang masturbation pregnant (Janette).avi.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1288_none_ca3007304990b2ea\porn porn [free] sweet .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_10.0.19041.1_none_096bb4dc0d5d63a0\danish hardcore catfight hotel .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-u..tyvm-sysprep-shared_31bf3856ad364e35_10.0.19041.1_none_3ba048793ab5eb3f\black bukkake uncut .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Windows\PLA\Templates\gang bang gang bang girls glans upskirt (Anniston,Tatjana).rar.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Windows\SystemResources\Windows.UI.ShellCommon\SharePickerUI\action uncut blondie (Ashley).zip.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c3d467c525734eb3\cumshot hot (!) boobs balls (Sandy).mpg.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-t..ervices-tsfairshare_31bf3856ad364e35_10.0.19041.746_none_0b33a1c93a22de1c\bukkake masturbation ejaculation (Anniston,Jenna).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_ca03036af4a5017e\black sperm xxx sleeping ash granny .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1_none_a23e6a858fad9595\gang bang gang bang lesbian .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Windows\assembly\temp\danish action action [milf] stockings .zip.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_10.0.19041.207_none_e2f2dfeea7fa44fc\kicking hardcore several models traffic .avi.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Windows\WinSxS\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_10.0.19041.1_none_c049dbdb4e15bdd2\sperm catfight .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_215194e2327a46ac\asian gay porn girls .zip.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-s..-kf-commondownloads_31bf3856ad364e35_10.0.19041.1_none_a914e3e3f19ceda1\lingerie several models boots (Karin).rar.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx-aspnet-nonwow64-shared_b03f5f7f11d50a3a_4.0.19041.1_none_d66d07dacac85e2d\beast handjob hot (!) redhair .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_10.0.19041.1_none_03040a328f65b761\italian fucking [bangbus] penetration .zip.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_5abbd3c4a3f2014c\black nude cum licking penetration .avi.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_cb389cf57d74d691\sperm gay hot (!) .zip.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..se-shared-datafiles_31bf3856ad364e35_10.0.19041.1_none_2f5f00d280dce9f6\black beastiality porn voyeur bedroom .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_b1ffa0e7b4ed03e2\tyrkish gang bang uncut shower (Anniston).avi.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_3058d81cfd5218f2\brasilian beast girls balls (Liz).mpg.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\xxx hardcore licking .avi.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_14c898cc82025c76\asian animal sperm masturbation mistress .zip.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_6242879b1c08046f\blowjob fucking girls sm .zip.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_4c786ae2f508e6d5\african porn fucking [free] bedroom .zip.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Windows\security\templates\fucking lesbian 50+ .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1_none_97e9c0335b4cd39a\canadian porn girls mistress .zip.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-m..ineshared.resources_31bf3856ad364e35_10.0.19041.1_en-us_99ddc8ce8d3d6dac\spanish gay lesbian .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.1_none_abfc9db6c377b91f\sperm public lady (Ashley,Jade).zip.exe | C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe
"C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe"
C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe
"C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe"
C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe
"C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe"
C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe
"C:\Users\Admin\AppData\Local\Temp\1953df40a750dbc5e981264ef67f593084c01a699f5feefeb00c379b59908827.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3848 --field-trial-handle=2256,i,6057863739127169200,6895476048812676039,262144 --variations-seed-version /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.66.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | chromewebstore.googleapis.com | udp |
| US | 8.8.8.8:53 | chromewebstore.googleapis.com | udp |
| GB | 172.217.169.74:443 | chromewebstore.googleapis.com | tcp |
| US | 8.8.8.8:53 | pki.goog | udp |
| US | 8.8.8.8:53 | pki.goog | udp |
| US | 216.239.32.29:80 | pki.goog | tcp |
| US | 8.8.8.8:53 | 74.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
| US | 13.107.246.64:443 | tcp | |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 218.122.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 186.110.86.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.147.20.38.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.196.65.218.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.236.49.113.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 142.112.154.197.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.129.226.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.123.200.94.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 246.192.169.229.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.237.99.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 109.27.18.97.in-addr.arpa | udp |
Files
memory/4988-0-0x0000000000400000-0x000000000041D000-memory.dmp
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\swedish trambling voyeur ash .avi.exe
| MD5 | 16ff47dde7e82d6ff862c0f42b704cfd |
| SHA1 | bd56b02c6b8d7b0e3e64aec44829b8aa38d0a517 |
| SHA256 | 7f70e7162b7cb1427c8c14d0f19b6b829e5d4dcb810eea36e4dccac06c995528 |
| SHA512 | 5c51e3e4ccc461f741a812cd35a3540cc926dfec5c495a450bb7cdfe0fb931f6629abcfd245b9f8114329635e18701d2d09bfea0ade9fc373443f2e0fa18cf75 |
memory/1168-11-0x0000000000400000-0x000000000041D000-memory.dmp
memory/3088-35-0x0000000000400000-0x000000000041D000-memory.dmp
memory/4988-121-0x0000000000400000-0x000000000041D000-memory.dmp
memory/1168-151-0x0000000000400000-0x000000000041D000-memory.dmp
memory/3088-152-0x0000000000400000-0x000000000041D000-memory.dmp
memory/3804-153-0x0000000000400000-0x000000000041D000-memory.dmp
memory/4988-154-0x0000000000400000-0x000000000041D000-memory.dmp
memory/4988-164-0x0000000000400000-0x000000000041D000-memory.dmp
memory/4988-180-0x0000000000400000-0x000000000041D000-memory.dmp
memory/4988-202-0x0000000000400000-0x000000000041D000-memory.dmp
memory/4988-206-0x0000000000400000-0x000000000041D000-memory.dmp
memory/4988-210-0x0000000000400000-0x000000000041D000-memory.dmp
memory/4988-215-0x0000000000400000-0x000000000041D000-memory.dmp
memory/4988-219-0x0000000000400000-0x000000000041D000-memory.dmp
memory/4988-227-0x0000000000400000-0x000000000041D000-memory.dmp
memory/4988-231-0x0000000000400000-0x000000000041D000-memory.dmp
memory/4988-237-0x0000000000400000-0x000000000041D000-memory.dmp
memory/4988-247-0x0000000000400000-0x000000000041D000-memory.dmp
memory/4988-251-0x0000000000400000-0x000000000041D000-memory.dmp