Analysis Overview
SHA256
1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b
Threat Level: Known bad
The file 1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b was found to be: Known bad.
Malicious Activity Summary
UPX dump on OEP (original entry point)
UPX dump on OEP (original entry point)
Detects executables containing possible sandbox analysis VM usernames
UPX packed file
Reads user/profile data of web browsers
Checks computer location settings
Adds Run key to start application
Enumerates connected drives
Drops file in System32 directory
Drops file in Program Files directory
Drops file in Windows directory
Enumerates physical storage devices
Unsigned PE
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-03 19:06
Signatures
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-03 19:05
Reported
2024-04-03 19:08
Platform
win7-20240221-en
Max time kernel
150s
Max time network
147s
Command Line
Signatures
Detects executables containing possible sandbox analysis VM usernames
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\config\systemprofile\russian cum lesbian hidden (Sarah).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\blowjob lesbian YEâPSè& (Ashley,Tatjana).mpg.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\shared\brasilian animal hardcore uncut .rar.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\black porn gay hot (!) granny .zip.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\shared\trambling [bangbus] leather .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\cum fucking [milf] hole upskirt (Tatjana).zip.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\nude gay [bangbus] .rar.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Windows\System32\LogFiles\Fax\Incoming\hardcore [milf] feet latex .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\danish animal lesbian public hole .zip.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\lesbian voyeur glans .zip.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\Windows Journal\Templates\gay several models cock redhair (Liz).zip.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\microsoft shared\gay catfight (Sylvia).mpg.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\beast uncut feet sweet (Samantha).mpg.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\swedish animal fucking big redhair .zip.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\beast catfight (Curtney).zip.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\japanese kicking trambling girls sm .zip.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\horse big blondie (Sonja,Liz).avi.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\fucking [milf] wifey .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\lesbian several models titts (Britney,Sarah).zip.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Program Files\DVD Maker\Shared\black gang bang horse several models hole .avi.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\hardcore sleeping lady (Britney,Samantha).mpg.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\Download\russian cum lesbian full movie (Janette).zip.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\italian kicking xxx sleeping redhair .zip.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Shared Gadgets\brasilian animal bukkake catfight sm .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\danish gang bang gay big feet .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ea4a469ab7713182\british horse lesbian feet (Gina,Liz).zip.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8c6fc5a7aa8c435d\african blowjob hidden .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_bacc7ceffc55dca2\norwegian sperm masturbation hole fishy .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_39c9d74ef2ad6c7b\british xxx hot (!) feet .zip.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_6.1.7600.16385_none_a727eb798dcfb185\beastiality blowjob uncut titts latex (Janette).avi.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Windows\winsxs\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_6b16fa9f975e1109\sperm several models leather .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\bukkake sleeping .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_2e7f079c3208e549\gay voyeur (Karin).mpg.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_f27c4f066f5c6701\chinese beast masturbation glans circumcision .zip.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_es-es_00bfb7e81e458178\beastiality hardcore big glans high heels .rar.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_3863e9ef3f804dd9\norwegian lesbian big bedroom .zip.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_94ab98ac6d213009\canadian horse [free] hole leather .rar.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\tyrkish cumshot fucking sleeping (Sarah).rar.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\malaysia lesbian public cock traffic .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_99b74194b7347cab\norwegian beast public cock .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0835101f2d90c7b6\british blowjob public (Sarah).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_6.1.7600.16385_none_5499606faffb3f9f\canadian hardcore licking shower .rar.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_97a45841ff925aa0\tyrkish cumshot hardcore uncut glans latex .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\russian handjob sperm catfight .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\danish cum sperm hot (!) titts fishy (Melissa).mpg.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_94828572f7ddbf0f\chinese beast licking cock stockings .zip.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_4fe2107fd06efdd8\beastiality fucking hot (!) titts gorgeoushorny .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5d9f7d70ed4643fd\british sperm licking balls .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\american action trambling [bangbus] .rar.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f25d066604c2ad34\canadian hardcore full movie feet young .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_d81c96999f75bd77\german beast public 50+ .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a3772de7111797da\action gay uncut high heels .zip.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_6.1.7600.16385_none_49dd84a06c7c8863\tyrkish handjob sperm catfight glans .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_39374e2435a71b47\african xxx [milf] blondie .rar.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_aea650787d30ed8a\kicking horse [free] cock fishy (Liz).avi.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_3b85bcbe4734e96a\danish cum trambling girls (Melissa).avi.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Windows\mssrv.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\danish horse fucking [free] feet granny .avi.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_293ea1e3e6bc5364\malaysia hardcore [free] hole redhair .avi.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_965db382b6fef5cb\bukkake public .avi.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_d8216ed3d8746200\black cum lesbian catfight lady .rar.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_05ea1d9b8e2bf020\cumshot fucking [milf] cock .zip.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_aedaf3947d09fbe5\beast hot (!) feet lady .zip.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_dd18b2a07d49aa11\malaysia blowjob several models hole bedroom .rar.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\swedish nude xxx several models (Samantha).mpg.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Windows\winsxs\Temp\bukkake masturbation feet .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ad7c61fb28607522\beast hidden hole .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_00225053e03f4c04\french hardcore lesbian (Jade).avi.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_en-us_00f45b041e1e8fd3\african bukkake hot (!) cock beautyfull (Samantha).zip.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8d9f242de8497d58\swedish gang bang hardcore big bedroom .avi.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_dba3691c6002e10e\african fucking sleeping .avi.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_095efe9c8261401e\chinese horse lesbian titts .rar.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ac16749b75335680\japanese horse trambling big feet .zip.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_963e6ae24c653bfe\tyrkish cum bukkake hot (!) feet latex .rar.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Windows\SoftwareDistribution\Download\brasilian horse beast [bangbus] .rar.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_5e4ff1f4cf2dee9b\chinese lingerie masturbation hole penetration (Liz).avi.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_6.1.7600.16385_none_2958d4a31d2ec64f\asian gay [milf] stockings .zip.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8bc7919d3f36cee7\indian action trambling several models glans .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Windows\winsxs\InstallTemp\beastiality horse big glans .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_664dbffec8693dfe\gay public glans (Christine,Samantha).avi.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_de-de_5803850b2f40840e\black kicking gay [free] cock (Jenna,Curtney).mpg.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Windows\security\templates\brasilian animal xxx several models feet circumcision .zip.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_6f0f7833cb71e18d\african horse uncut hole .rar.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8bfc34b93f0fdd42\brasilian beastiality beast hot (!) feet .avi.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_60a2cbbf935c42b4\sperm big pregnant .avi.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\russian horse xxx uncut .zip.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-m..-temptable-provider_31bf3856ad364e35_6.1.7600.16385_none_1dd3ce8d1e7524cd\indian gang bang beast masturbation beautyfull (Kathrin,Melissa).zip.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Windows\Downloaded Program Files\xxx hidden glans YEâPSè& (Liz).rar.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_it-it_18a6fde3093acac7\animal gay sleeping .zip.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe
"C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe"
C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe
"C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe"
C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe
"C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 21.168.87.186.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.80.55.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 116.34.145.191.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.54.174.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.118.54.210.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.175.22.28.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 109.131.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 128.153.239.14.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.99.252.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 114.26.31.223.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 126.238.202.236.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 85.189.5.148.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.85.155.254.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 7.8.133.167.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.235.86.145.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.223.87.134.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 187.183.88.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.183.146.6.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 143.232.238.198.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.238.90.90.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 246.183.25.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 170.128.32.22.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.50.8.196.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.15.241.21.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.162.93.193.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 246.70.110.206.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 184.123.81.130.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 236.43.113.179.in-addr.arpa | udp |
Files
memory/2044-0-0x0000000000400000-0x0000000000429000-memory.dmp
C:\Program Files\Windows Sidebar\Shared Gadgets\brasilian animal bukkake catfight sm .mpg.exe
| MD5 | 9bce52e7018b771c2ec31500dd2ca931 |
| SHA1 | 1027a7a3252910f3d74c300b987abe1880ab2c0f |
| SHA256 | 917dc1f8316e14f3cda2463ffc4e511f9e184b39350c277a7906a5eab9eacc56 |
| SHA512 | 477d5bce98d16f183e71a2587693d4f6699e2446c581bba19145a0495f56278af644a7df76591addc307d21554db2416ec0bd5cb0f3b09eae5e6ab1a2d42f8cf |
memory/2044-57-0x0000000005BF0000-0x0000000005C19000-memory.dmp
memory/2400-58-0x0000000000400000-0x0000000000429000-memory.dmp
memory/2400-89-0x0000000004E10000-0x0000000004E39000-memory.dmp
memory/2612-90-0x0000000000400000-0x0000000000429000-memory.dmp
C:\debug.txt
| MD5 | c97782175e47a95d06fb869b454509fc |
| SHA1 | bba54e6cec2d0dc0c7a04681d44909c7a36002f7 |
| SHA256 | 259d4f047b29e70822150651a2a52de83ef6b0dbd1661cb7177769844f0e8bcd |
| SHA512 | a79b3dcdd5a0c2c39067bcac09021e0295a3fa03616c9f11b2f192fc4f5f197d3e44f8b1c5e8a7f7c57c9523ffff00a1aa28dd022d7177e51923614036501322 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-03 19:05
Reported
2024-04-03 19:08
Platform
win10v2004-20240226-en
Max time kernel
150s
Max time network
149s
Command Line
Signatures
Detects executables containing possible sandbox analysis VM usernames
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\System32\DriverStore\Temp\lesbian public vagina wifey .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\italian fetish hot (!) fishy .avi.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\animal cumshot uncut ash .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\canadian fucking sperm [free] black hairunshaved .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\SHARED\canadian blowjob sleeping pregnant .rar.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\black cum trambling [milf] glans sweet .zip.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\gang bang animal [milf] vagina 40+ .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\SHARED\lingerie uncut balls (Gina).zip.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Windows\System32\LogFiles\Fax\Incoming\nude lingerie sleeping glans .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\swedish gay fetish lesbian redhair .zip.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\beast nude lesbian glans (Ashley,Sonja).rar.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\kicking porn voyeur cock traffic .avi.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\Microsoft Office\root\Templates\spanish blowjob [milf] (Anniston).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\Download\bukkake hot (!) shoes .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\fetish hot (!) redhair .rar.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\italian horse lesbian wifey .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\danish bukkake action uncut \Û .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\horse lesbian .avi.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Program Files\Microsoft Office\Updates\Download\hardcore uncut .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\hardcore hidden .rar.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\horse lingerie [milf] girly .rar.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\action masturbation pregnant .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\hardcore sperm [milf] titts .zip.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\porn gang bang lesbian blondie .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\beastiality animal hot (!) hole sm .avi.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\gang bang lesbian titts (Tatjana).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\kicking nude uncut titts circumcision (Curtney,Samantha).avi.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Program Files\dotnet\shared\danish nude hidden .avi.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Shared Gadgets\russian blowjob cumshot hot (!) redhair .zip.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Microsoft Shared\malaysia animal [free] boobs Ôï .avi.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\tyrkish fucking action [milf] .avi.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.746_none_2212358fc33cc10f\japanese gay beastiality licking .zip.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.1_none_abfc9db6c377b91f\sperm full movie titts (Anniston).zip.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx-aspnet-sharedcomponents_b03f5f7f11d50a3a_4.0.19041.1_none_47ca94859da20b28\chinese action hardcore masturbation boobs .rar.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Windows\security\templates\russian cum gay voyeur boots .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Windows\SoftwareDistribution\Download\SharedFileCache\beastiality sleeping swallow .rar.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..ces-ime-eashared-lm_31bf3856ad364e35_10.0.19041.1_none_4756d423b091d10b\xxx beastiality catfight swallow .zip.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_de-de_21122d7205c6f5b9\gay catfight titts hotel (Janette).mpg.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_6c85d64de79e0985\malaysia gang bang porn uncut .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-s..-kf-commondownloads_31bf3856ad364e35_10.0.19041.1_none_a914e3e3f19ceda1\cumshot handjob [milf] ash .rar.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_adfc5e0bfca53431\fetish lingerie sleeping hotel (Anniston,Karin).zip.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5fdc43acc1be690d\porn horse [milf] (Liz,Liz).mpg.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_9aa486d790131d4e\japanese fetish hidden legs balls .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-w..acejoin-gptemplates_31bf3856ad364e35_10.0.19041.1_none_609f27436445f4da\tyrkish xxx blowjob hidden cock mature (Britney).zip.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Windows\mssrv.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_10.0.19041.1_none_a3d9a07cf2290837\black lesbian nude big glans hairy .rar.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1_none_97e9c0335b4cd39a\sperm fetish catfight (Anniston).zip.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_67a96afcfa248327\american bukkake voyeur black hairunshaved .zip.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_es-es_c9ce604ef4cbf323\sperm beastiality public (Sonja,Sylvia).zip.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\canadian handjob bukkake public 50+ .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\Downloads\cum [bangbus] boobs gorgeoushorny .avi.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-a..gement-uevtemplates_31bf3856ad364e35_10.0.19041.1_none_0d66b54875835a49\italian lingerie several models vagina fishy .rar.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-u..ell-sharedutilities_31bf3856ad364e35_10.0.19041.1_none_813610a8a9b59e0a\nude horse lesbian gorgeoushorny .avi.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1288_none_6115038ba57fcb33\beast [milf] (Sylvia).avi.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_89c0bf1761110f07\american gay voyeur .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.1_none_4a03fd12cb3f16c2\american fucking beastiality hot (!) bedroom .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_3a3c49005c947bac\italian beast full movie boobs hotel .rar.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_5d54c0aac5c3c12c\indian horse lingerie [milf] titts leather (Sarah,Tatjana).rar.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_de-de_3d077a9cd5de5151\spanish fetish bukkake big cock (Janette,Anniston).rar.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_10.0.19041.1_none_03040a328f65b761\canadian gang bang animal full movie swallow .rar.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.928_none_33e0d5558cdd7c61\xxx gay girls hairy .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_10.0.19041.1_none_ae957c4c35a7bf73\beastiality nude hot (!) titts circumcision .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.1_none_7862ecae0548fb54\german cum licking ash .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_10.0.19041.1_none_551afa5edf8be30e\animal uncut ash latex (Curtney).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5021dd18efc0460c\handjob bukkake uncut .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_5abbd3c4a3f2014c\action animal catfight penetration .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Windows\WinSxS\x86_netfx4-installsqlstatetemplate_sql_b03f5f7f11d50a3a_4.0.15805.0_none_bde408a455fc3ece\chinese action hardcore hidden YEâPSè& .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Windows\PLA\Templates\bukkake voyeur upskirt (Curtney,Sandy).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_57eddd48e7a74274\malaysia kicking lingerie hot (!) (Ashley).zip.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1_none_3cfd44d351b1a8ab\french lingerie xxx public .avi.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_e79b400a6df5fd2c\swedish sperm [milf] femdom .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Windows\WinSxS\x86_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_10.0.19041.1_none_34e3bab50607a64b\horse [milf] feet .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.1_none_0bc0f3d4cd7dc8fd\porn gang bang big fishy .rar.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-s..mon-sharedresources_31bf3856ad364e35_10.0.19041.1_none_5417ea1f38dbb76b\brasilian sperm sperm hot (!) Ôï (Curtney,Janette).zip.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_2fe79eae2833b9b1\american trambling uncut titts .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_es-es_bf79b5fcc06b3128\japanese beastiality catfight .zip.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_de-de_e4e52f411b7b0526\canadian beastiality licking .avi.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_1bbb9ab9fc52bac9\british trambling gay catfight boobs ejaculation (Janette).rar.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.746_none_d01527cffa9c25bc\cumshot lesbian full movie ash .zip.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1288_none_ca3007304990b2ea\malaysia handjob beastiality several models cock hairy .zip.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.964_none_1c1a193f5bfcf136\black beastiality fucking licking boobs stockings (Janette,Britney).rar.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_ca03036af4a5017e\cumshot [free] .avi.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\swedish fetish public (Jenna,Sonja).rar.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_it-it_bdb6c49fcea35732\porn fucking [bangbus] titts shower .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_f07d4fae3e8e883f\trambling cumshot catfight .avi.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Windows\WinSxS\Temp\malaysia fucking catfight shoes .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\bukkake girls vagina (Sonja,Sandy).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Windows\SystemResources\Windows.ShellCommon.SharedResources\norwegian cumshot kicking licking beautyfull (Sonja,Sandy).rar.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_5b152a8d329397ec\american fetish masturbation legs .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_855aff45853749ef\brasilian animal voyeur .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.84_none_81616275259e37fe\african cum lesbian .avi.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-m..ineshared.resources_31bf3856ad364e35_10.0.19041.1_en-us_99ddc8ce8d3d6dac\brasilian xxx [free] boobs redhair .zip.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedrealitysvc_31bf3856ad364e35_10.0.19041.1_none_5a23b464e1e0b15e\british animal kicking [free] bedroom .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.84_none_c494b3b28da10665\gang bang gay hidden redhair .rar.exe | C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe
"C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe"
C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe
"C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe"
C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe
"C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe"
C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe
"C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.66.18.2.in-addr.arpa | udp |
| US | 20.231.121.79:80 | tcp | |
| US | 8.8.8.8:53 | 149.177.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.11.103.171.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 213.122.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.211.172.186.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.133.171.138.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.232.32.236.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 160.54.86.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.27.191.78.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 246.29.53.102.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.7.129.73.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 127.1.139.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 37.142.26.190.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.39.33.247.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 114.205.57.175.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.184.192.42.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.108.196.224.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 248.208.195.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 207.32.43.9.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.157.212.242.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 219.182.238.49.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 151.241.27.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 253.184.190.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.203.16.65.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.117.216.79.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.191.132.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 207.39.66.220.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 182.145.179.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.161.31.225.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 167.28.128.168.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 219.114.110.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.210.50.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.81.228.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.202.145.28.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.114.140.16.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.188.128.116.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.66.135.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.65.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.125.140.221.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.115.145.228.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.179.99.203.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 147.139.220.252.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 247.186.230.207.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 191.29.180.153.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.217.43.32.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 224.71.163.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 189.140.46.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.95.122.214.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 165.253.154.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.240.209.235.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 96.106.16.245.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.207.183.15.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 223.121.152.1.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 102.117.254.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.147.229.135.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.151.49.166.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.32.119.28.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.182.26.249.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 189.46.224.99.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.193.234.125.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.152.118.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.165.22.146.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.60.74.63.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.1.226.107.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 123.138.192.161.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.26.243.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.47.168.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 211.21.191.237.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.79.229.117.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.213.255.228.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.65.87.252.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 45.252.92.133.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 51.254.203.86.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.239.227.24.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 189.49.142.220.in-addr.arpa | udp |
Files
memory/960-0-0x0000000000400000-0x0000000000429000-memory.dmp
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\gang bang lesbian titts (Tatjana).mpeg.exe
| MD5 | a4bd81082bd8258ee71460744a921c9d |
| SHA1 | ca89e00f4f774cbbb48e5dce286ff6a9a2488a3c |
| SHA256 | d4c2d730d4536e85a2ec1a0ab7ff0c7b2f0c2a15042664c7de8c2b097086dffb |
| SHA512 | 9409257bbe2f1e0a66892a041796354cd5f45b770aa4a62b7e1b70afa2f81c1e617676d4e8d6d2d1a97bcb59fc3d46b63774a64571310b07119d6ca0196f2fe5 |
memory/4836-30-0x0000000000400000-0x0000000000429000-memory.dmp
memory/4080-161-0x0000000000400000-0x0000000000429000-memory.dmp
memory/856-162-0x0000000000400000-0x0000000000429000-memory.dmp