Analysis Overview
SHA256
1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09
Threat Level: Known bad
The file 1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09 was found to be: Known bad.
Malicious Activity Summary
UPX dump on OEP (original entry point)
Detects executables containing possible sandbox analysis VM usernames
UPX dump on OEP (original entry point)
UPX packed file
Reads user/profile data of web browsers
Checks computer location settings
Enumerates connected drives
Adds Run key to start application
Drops file in System32 directory
Drops file in Program Files directory
Drops file in Windows directory
Enumerates physical storage devices
Unsigned PE
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-03 19:06
Signatures
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-03 19:06
Reported
2024-04-03 19:08
Platform
win7-20240221-en
Max time kernel
150s
Max time network
149s
Command Line
Signatures
Detects executables containing possible sandbox analysis VM usernames
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\norwegian cum hot (!) swallow .avi.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\fetish porn girls feet latex (Anniston,Tatjana).avi.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\malaysia trambling lingerie full movie (Gina).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\norwegian bukkake horse voyeur 40+ .avi.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\shared\bukkake beast catfight nipples (Ashley).mpg.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\horse voyeur high heels .rar.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\malaysia cumshot masturbation traffic .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\shared\beastiality several models nipples young (Britney,Sonja).mpg.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Windows\System32\LogFiles\Fax\Incoming\tyrkish cumshot hidden ash .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\lesbian [milf] YEâPSè& .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\Common Files\Microsoft Shared\tyrkish hardcore lesbian lesbian titts 50+ .avi.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Program Files\Windows Journal\Templates\gay [free] upskirt .rar.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\microsoft shared\trambling big .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\action licking traffic .zip.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Program Files\DVD Maker\Shared\cumshot horse catfight .zip.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\Download\canadian bukkake bukkake lesbian hole YEâPSè& .zip.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\asian fetish big boots .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\french kicking [free] sm (Sandy).zip.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Shared Gadgets\french kicking hidden mature .avi.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\african cumshot voyeur .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\indian action beastiality public .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\chinese gang bang hot (!) lady .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\malaysia horse [bangbus] young .rar.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\sperm gang bang [bangbus] nipples .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\indian porn licking legs boots .zip.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05\italian fetish lesbian catfight castration (Melissa).avi.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0835101f2d90c7b6\beast porn [bangbus] blondie (Janette).avi.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_4fe2107fd06efdd8\fucking uncut swallow (Jenna).rar.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_1412267f4b3bb985\horse sperm full movie .avi.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_5e4ff1f4cf2dee9b\action public 50+ .avi.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_4d274741486b900c\chinese blowjob xxx catfight .avi.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Windows\assembly\temp\indian fucking trambling [free] feet fishy .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Windows\SoftwareDistribution\Download\horse public .avi.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\african gang bang public hole .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\Downloads\bukkake uncut (Janette,Anniston).mpg.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\Downloads\british nude several models castration .rar.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_657d9a203abeb154\horse full movie nipples 50+ .rar.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_05ea1d9b8e2bf020\cumshot licking hairy .avi.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\fetish [free] cock gorgeoushorny .avi.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\cum fucking licking .zip.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8c6fc5a7aa8c435d\gang bang gay [bangbus] feet YEâPSè& .zip.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_6f0f7833cb71e18d\gang bang lingerie catfight ìï (Kathrin,Sonja).mpg.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_es-es_00bfb7e81e458178\british gay gay hidden (Britney,Kathrin).zip.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_97a45841ff925aa0\sperm xxx hidden titts fishy (Sonja,Curtney).zip.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_dba3691c6002e10e\hardcore girls .avi.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_f3c374fc18118ca2\handjob big feet castration (Gina,Sonja).mpg.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\kicking licking .rar.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ad7c61fb28607522\horse [free] vagina .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_963e6ae24c653bfe\canadian beastiality [bangbus] sm .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\sperm horse catfight blondie .rar.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_3b85bcbe4734e96a\danish horse hardcore hidden legs (Sandy).mpg.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_6.1.7600.16385_none_2958d4a31d2ec64f\swedish horse gay [bangbus] .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_293ea1e3e6bc5364\indian trambling animal voyeur cock castration .zip.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_65b23d3c3a97bfaf\nude [milf] vagina ejaculation (Sylvia,Gina).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_2e7f079c3208e549\italian animal cumshot masturbation shoes (Karin).rar.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\lingerie animal hidden leather (Tatjana).mpg.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_99b74194b7347cab\bukkake [milf] .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a3772de7111797da\italian kicking licking redhair .avi.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0ac4ebfc358e5ec0\british gang bang nude [milf] (Britney).mpg.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Windows\winsxs\InstallTemp\american kicking several models ash .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_f27c4f066f5c6701\gay [bangbus] YEâPSè& (Melissa,Jenna).mpg.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_34400a5790d1d336\japanese horse lesbian black hairunshaved .zip.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_f0ca3430257ea13f\asian gay beast hidden 40+ .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_6.1.7600.16385_none_a727eb798dcfb185\russian cumshot porn public ìï .rar.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\hardcore girls wifey .rar.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_94828572f7ddbf0f\malaysia cum handjob [bangbus] femdom .rar.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f25d066604c2ad34\handjob nude hot (!) beautyfull .avi.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Windows\PLA\Templates\nude masturbation bedroom .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\malaysia xxx sperm uncut hotel .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Windows\winsxs\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_79642285ffd2a388\lesbian horse hot (!) beautyfull .avi.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_60a2cbbf935c42b4\german action nude [milf] YEâPSè& .rar.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Windows\assembly\tmp\british bukkake lesbian titts .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ea4a469ab7713182\norwegian cum hot (!) legs .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_b7f38afb92de484f\fucking [bangbus] legs (Jade).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\british blowjob [free] bondage .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_bcc167434bb9b3ea\japanese xxx action several models .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2fc4a33adb648f33\german bukkake cumshot hidden .avi.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_60c2504d62fd4f0e\japanese action voyeur .rar.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\french xxx porn licking cock Ôë .zip.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_bacc7ceffc55dca2\russian nude xxx girls beautyfull .zip.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_387a16fe7addf3b6\french horse lingerie girls redhair (Sonja,Sylvia).zip.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\african lingerie lingerie full movie .rar.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_de-de_5803850b2f40840e\american blowjob sleeping hairy (Anniston).zip.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_39374e2435a71b47\german animal uncut boobs ash .zip.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_cd2006602e5ee22e\trambling nude girls (Liz,Liz).zip.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\norwegian sperm animal public high heels .avi.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_6.1.7600.16385_none_af6f98ff87b0e3cc\animal hardcore [free] .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_c26c5b8280c6af34\handjob uncut pregnant .zip.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\danish gang bang girls .avi.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe
"C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe"
C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe
"C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe"
C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe
"C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 108.76.246.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.132.132.148.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.66.95.41.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.248.147.218.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 159.187.90.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.237.238.167.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 112.199.5.208.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.202.156.190.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.248.203.24.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.172.215.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 102.51.30.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 242.51.208.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 151.67.15.176.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.101.88.166.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 182.249.36.234.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 189.161.215.110.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.19.139.50.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.99.155.155.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.89.4.71.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 236.80.186.28.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.163.211.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 143.90.153.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 38.163.75.225.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 252.231.127.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.61.175.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.92.151.224.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 165.119.132.115.in-addr.arpa | udp |
Files
memory/2228-0-0x0000000000400000-0x000000000041E000-memory.dmp
C:\Program Files\Windows Sidebar\Shared Gadgets\french kicking hidden mature .avi.exe
| MD5 | d6edfcf7e4bfa498161bd32b16027e65 |
| SHA1 | c48e98774389ae1453e5bece4b39dc24aabdeec5 |
| SHA256 | 5ae0089b15b8a4cde6fe0493323dff4f2afff798ad575d8231768c3910a5368f |
| SHA512 | 51b29ccd2fc705b6625a515656d3d18c56f1259474a0e4c92b89eb757a11696b6220a0f90a14e01c5c355098020642409a6f635170f7b32631288b12e759e061 |
memory/2228-51-0x0000000005960000-0x000000000597E000-memory.dmp
memory/2752-54-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2752-86-0x0000000004DD0000-0x0000000004DEE000-memory.dmp
memory/1300-87-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2228-89-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2752-92-0x0000000000400000-0x000000000041E000-memory.dmp
C:\debug.txt
| MD5 | 3b08522a3c3206c4a4311b1e1776dc8b |
| SHA1 | 6115352ae8d47c0e665f16ff9d1423e7a71d9a91 |
| SHA256 | 22accc3aa9270023e691cd400c10e6269546600f9cb3b1332ed2f8e252581570 |
| SHA512 | 4ec4c168d352532ba4708f20a03539dc655d76a418d51e4416af8d988b2d01641fd78823f67d919c2fb89228d0e25b6e802975288e08967388354cdc926c655f |
memory/1300-101-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2228-103-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2228-102-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2228-104-0x0000000005960000-0x000000000597E000-memory.dmp
memory/2752-107-0x0000000004DD0000-0x0000000004DEE000-memory.dmp
memory/2228-108-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2228-111-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2228-114-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2228-119-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2228-122-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2228-125-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2228-128-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2228-131-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2228-134-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2228-137-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2228-140-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2228-143-0x0000000000400000-0x000000000041E000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-03 19:06
Reported
2024-04-03 19:08
Platform
win10v2004-20240226-en
Max time kernel
150s
Max time network
155s
Command Line
Signatures
Detects executables containing possible sandbox analysis VM usernames
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\black nude blowjob girls .avi.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\russian handjob lesbian several models hole hotel .rar.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\brasilian kicking blowjob [free] penetration .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\russian action beast voyeur (Samantha).mpg.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\brasilian gang bang blowjob big shower .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\indian kicking sperm uncut boots .avi.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\SHARED\horse uncut castration .zip.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\lingerie public hole high heels .zip.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\SHARED\american cum bukkake big (Melissa).mpg.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Windows\System32\LogFiles\Fax\Incoming\beast several models titts shower .avi.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\indian animal lesbian girls (Jade).rar.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\brasilian beastiality gay uncut .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Common Files\Microsoft Shared\hardcore licking high heels .avi.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\Download\italian action lesbian [milf] cock .rar.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\italian cumshot trambling uncut upskirt .zip.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Shared Gadgets\russian animal gay hot (!) beautyfull .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\fucking licking (Melissa).mpg.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Templates\italian beastiality horse hidden hole traffic .avi.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\blowjob big glans ash (Janette).avi.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Program Files\Microsoft Office\Updates\Download\italian handjob lesbian hidden balls .zip.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\black kicking bukkake uncut (Samantha).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\fetish blowjob catfight titts .avi.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\black beastiality hardcore big glans .rar.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\beast lesbian (Jade).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\black cum beast masturbation feet (Jenna,Sarah).mpg.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Program Files\dotnet\shared\lesbian [free] cock (Christine,Sarah).rar.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\brasilian nude lesbian hidden hole .avi.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\russian handjob sperm public titts shoes .avi.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\swedish beastiality gay uncut hole balls (Samantha).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\japanese porn bukkake lesbian .zip.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\horse hot (!) high heels .avi.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_7860bee9439c3ae7\gay girls titts (Christine,Sylvia).rar.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-s..mon-sharedresources_31bf3856ad364e35_10.0.19041.1_none_5417ea1f38dbb76b\spanish lesbian licking (Jade).avi.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx4-_dataperfcou.._shared12_neutral_h_b03f5f7f11d50a3a_4.0.15805.0_none_24ed4511dcc3019e\chinese lingerie catfight pregnant .zip.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\horse [free] ¤ç .zip.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_e79b400a6df5fd2c\cum blowjob licking mistress (Gina,Karin).zip.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_it-it_1a80ce63d483fe70\cumshot lesbian hot (!) sm .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_56cd15352969a8d0\porn beast voyeur glans beautyfull .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_10.0.19041.1_none_a3d9a07cf2290837\horse several models ejaculation .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_14c898cc82025c76\handjob lesbian [free] .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.1_none_6e0e425bd0e83959\beast [bangbus] glans .zip.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_fad1fa0072ef4a3a\indian action sperm uncut mature .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\templates\danish cum lingerie girls glans mistress (Janette).zip.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_de-de_881b257d159a5de8\kicking trambling hot (!) cock .avi.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.844_none_67b5915b5651dd8a\fetish xxx girls circumcision (Sonja,Tatjana).rar.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Windows\WinSxS\x86_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_10.0.19041.1_none_d980e9752d51efac\gay sleeping titts .rar.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Windows\InputMethod\SHARED\black animal blowjob public cock sm .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.906_none_ef0e010d1381269b\horse horse several models feet sweet (Jade).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.746_none_d404daff82e97769\chinese lesbian licking hotel (Sandy,Curtney).rar.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx-aspnet-nonwow64-shared_b03f5f7f11d50a3a_4.0.19041.1_none_d66d07dacac85e2d\lingerie full movie mature .avi.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\black fetish xxx [bangbus] hotel .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_d58d4747b1d5988c\japanese kicking trambling licking .rar.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Windows\SystemResources\Windows.ShellCommon.SharedResources\swedish kicking hardcore licking titts .avi.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.867_en-us_49453482f1fb5356\black gang bang fucking masturbation titts hairy .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_6242879b1c08046f\african lingerie hidden granny .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.1_none_d12f2a9a88909fc2\norwegian lingerie uncut hole .zip.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_en-us_64f5aaf4bb13ecef\canadian sperm big blondie .zip.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_10.0.19041.1_none_4ac6500cab2b2113\nude gay hidden upskirt .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_4c786ae2f508e6d5\fetish sperm several models .zip.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_2fe79eae2833b9b1\brasilian animal hardcore lesbian feet .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_10.0.19041.1_none_ae957c4c35a7bf73\asian blowjob public feet (Kathrin,Karin).avi.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Windows\WinSxS\x86_netfx4-installsqlstatetemplate_sql_b03f5f7f11d50a3a_4.0.15805.0_none_bde408a455fc3ece\german beast sleeping sm .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.746_none_96167fa49059f7a3\horse several models ejaculation .avi.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-update-upshared_31bf3856ad364e35_10.0.19041.84_none_85259eff919b7c9e\russian horse hardcore [milf] cock .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx-shared_registry_whidbey_31bf3856ad364e35_10.0.19041.1_none_1c68775f06732f08\malaysia lingerie public (Janette).avi.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.746_none_de598551b74a3964\swedish animal trambling [bangbus] glans (Sonja,Tatjana).rar.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-u..ell-sharedutilities_31bf3856ad364e35_10.0.19041.546_none_a93e4a2569276206\canadian blowjob voyeur feet fishy .zip.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_b1ffa0e7b4ed03e2\cum gay several models titts granny (Karin).avi.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Windows\security\templates\japanese handjob xxx [bangbus] cock traffic .rar.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_19d22204a1f3fcaf\cum beast full movie .avi.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.153_none_e23c926e32d07dc1\cum blowjob public mistress .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_f8d34ba1b1eb00de\swedish animal lesbian sleeping girly (Sonja,Samantha).rar.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_es-es_30d7585a049f5b52\malaysia trambling uncut castration .zip.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1_none_0b596e2a33be7d4c\cumshot bukkake sleeping hole ejaculation .rar.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.1_none_f42978969c79336a\canadian bukkake hot (!) .avi.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_it-it_56adcc94becfef03\tyrkish horse gay uncut castration .zip.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.746_none_d01527cffa9c25bc\danish beastiality sperm full movie castration (Ashley,Liz).mpg.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_de-de_e4e52f411b7b0526\indian kicking fucking [bangbus] feet young .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1202_none_e2f5ebbcec2d8fca\hardcore big shoes .rar.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Windows\WinSxS\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_10.0.19041.1_none_15ba23b7f1e2b81b\brasilian horse trambling masturbation cock .avi.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.546_none_cd016aa683e5a345\italian cumshot beast hidden granny .zip.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1151_none_fbdc4c5f677dc2ec\tyrkish action xxx girls femdom .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedrealitysvc_31bf3856ad364e35_10.0.19041.1_none_5a23b464e1e0b15e\tyrkish handjob gay licking (Curtney).rar.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_10.0.19041.1_none_ee94ce5eb8e7e4c0\italian porn bukkake [milf] (Sylvia).zip.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_es-es_8da1621e0a800290\african hardcore masturbation upskirt .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.1_none_b6514808f7d87b1a\swedish handjob sperm public hairy .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1_none_a23e6a858fad9595\action xxx [bangbus] .rar.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_en-us_310bfb76047869ad\tyrkish handjob bukkake hot (!) glans beautyfull (Melissa).zip.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_ee7ea14f7d8a3ee3\russian cumshot trambling hidden (Tatjana).rar.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedrealitysvc_31bf3856ad364e35_10.0.19041.746_none_822bf1ada1526fa8\beastiality fucking big hotel .avi.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_fe0807c37141be7a\swedish animal trambling [bangbus] titts young .zip.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.1_none_abfc9db6c377b91f\black cumshot beast several models titts ash (Janette).rar.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_fd7349c396c417ae\british bukkake uncut .avi.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.1_none_b201c2e68d8dbc0d\handjob lingerie voyeur (Curtney).avi.exe | C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe
"C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe"
C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe
"C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe"
C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe
"C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe"
C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe
"C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.66.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 218.122.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.130.120.42.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.184.110.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.255.103.195.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 250.44.18.164.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.169.226.32.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.222.242.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.161.52.32.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.50.254.218.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.15.69.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 252.76.81.227.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.63.144.197.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.32.112.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 199.136.17.147.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.233.145.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.55.14.65.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 219.132.109.139.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.162.225.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.14.36.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 179.138.155.251.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.54.242.220.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.140.8.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.144.228.53.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 112.151.211.230.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.41.123.27.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 188.119.136.170.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.233.64.168.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.227.220.98.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.40.254.21.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 224.143.70.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.105.8.127.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.187.239.110.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 235.224.86.42.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.91.128.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.208.181.177.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 245.228.61.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 159.117.134.205.in-addr.arpa | udp |
Files
memory/1272-0-0x0000000000400000-0x000000000041E000-memory.dmp
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\black cum beast masturbation feet (Jenna,Sarah).mpg.exe
| MD5 | 12f34df4f2cd5c45b99c5bf9d85df451 |
| SHA1 | b4f743b74a2c24bb0f53d22d07fc8804122b6b52 |
| SHA256 | 40e428408947d8386bc729b82010e40c3685c69dc864e840df1e54a1bea54874 |
| SHA512 | 6868989e860dd4af39f113073f2102e7e903772290843d109f5fc36f0d3f12f12d605823a7d039598edb766431ea38ff3bfea4cca28c8c2a26b98a4f61706968 |
memory/1272-144-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1944-164-0x0000000000400000-0x000000000041E000-memory.dmp
memory/4804-183-0x0000000000400000-0x000000000041E000-memory.dmp
memory/4144-184-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1272-185-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1272-186-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1272-190-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1272-203-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1272-208-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1272-212-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1272-218-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1272-228-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1272-232-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1272-236-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1272-240-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1272-244-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1272-249-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1272-253-0x0000000000400000-0x000000000041E000-memory.dmp