Analysis Overview
SHA256
1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47
Threat Level: Known bad
The file 1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47 was found to be: Known bad.
Malicious Activity Summary
UPX dump on OEP (original entry point)
UPX dump on OEP (original entry point)
Detects executables containing possible sandbox analysis VM usernames
Reads user/profile data of web browsers
Checks computer location settings
UPX packed file
Adds Run key to start application
Enumerates connected drives
Drops file in System32 directory
Drops file in Program Files directory
Drops file in Windows directory
Enumerates physical storage devices
Unsigned PE
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-03 19:05
Signatures
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-03 19:05
Reported
2024-04-03 19:08
Platform
win7-20240221-en
Max time kernel
150s
Max time network
149s
Command Line
Signatures
Detects executables containing possible sandbox analysis VM usernames
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\config\systemprofile\handjob cumshot full movie stockings (Gina,Christine).mpg.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\black animal xxx [milf] wifey .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\asian handjob action [bangbus] .avi.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\swedish horse fetish public fishy .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\brasilian sperm hidden stockings .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\gang bang kicking licking beautyfull .rar.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\shared\russian horse sleeping mature .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\shared\blowjob catfight .avi.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Windows\System32\LogFiles\Fax\Incoming\cumshot sleeping .avi.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\japanese lesbian horse catfight .zip.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\Common Files\Microsoft Shared\handjob gay hot (!) bedroom (Sonja).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Program Files\DVD Maker\Shared\french kicking several models .rar.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Program Files\Windows Journal\Templates\bukkake lesbian shoes .rar.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\microsoft shared\gay [bangbus] hairy .rar.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\american action big latex (Karin).rar.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\african trambling action [free] lady .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\Download\fetish gang bang lesbian boobs .rar.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\tyrkish fucking [bangbus] (Sarah).mpg.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\sperm full movie ash castration (Sarah).avi.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\american kicking beast catfight black hairunshaved .avi.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Shared Gadgets\asian xxx several models boobs 40+ .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\american beast voyeur swallow .avi.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\horse catfight boobs (Curtney).zip.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\african cum lesbian several models boots .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\japanese fucking several models shower .zip.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_1412267f4b3bb985\nude cumshot hot (!) girly .zip.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_5e4ff1f4cf2dee9b\indian hardcore lesbian big shower (Samantha).zip.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_aedaf3947d09fbe5\french lingerie cumshot public mature .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_3b85bcbe4734e96a\american lingerie public ìï (Samantha,Janette).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Windows\SoftwareDistribution\Download\chinese kicking big .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_963e6ae24c653bfe\danish gang bang hidden feet lady .rar.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_ddab3bcb3a4ffb45\swedish fucking girls .rar.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_b7f38afb92de484f\african lesbian sleeping legs mature .rar.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\beast cum public (Karin,Gina).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\spanish trambling hardcore [milf] titts (Samantha,Sonja).mpg.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_97a45841ff925aa0\horse action hidden legs (Melissa,Jenna).rar.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ac16749b75335680\canadian handjob gay [milf] .rar.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_94828572f7ddbf0f\gay full movie pregnant (Sandy,Curtney).mpg.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\kicking fucking [free] glans (Curtney,Sandy).mpg.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\black kicking uncut feet femdom .rar.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_387a16fe7addf3b6\french horse animal catfight feet .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_4d274741486b900c\beastiality [milf] pregnant .rar.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\fetish full movie 50+ .zip.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_6.1.7600.16385_none_5499606faffb3f9f\african porn hardcore full movie cock granny .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\italian blowjob voyeur feet gorgeoushorny (Liz,Kathrin).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\Downloads\action blowjob big girly .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_de-de_5803850b2f40840e\beastiality licking balls .zip.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_60a2cbbf935c42b4\black sperm girls (Jenna,Melissa).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_99b74194b7347cab\french fucking cum masturbation .avi.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8bfc34b93f0fdd42\handjob lesbian penetration .avi.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_7f84cd98a7a56fd8\horse trambling hot (!) glans pregnant .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_6.1.7600.16385_none_6377027f0030a06a\swedish handjob hot (!) upskirt .avi.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_6208b91f46896156\action lesbian mistress .rar.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\cumshot horse full movie .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_293ea1e3e6bc5364\british gay voyeur glans blondie .avi.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ea4a469ab7713182\blowjob hidden feet traffic .avi.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_en-us_00f45b041e1e8fd3\fucking voyeur vagina (Sonja).avi.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_f3c374fc18118ca2\italian fetish horse sleeping feet (Ashley).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\tyrkish horse [bangbus] .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Windows\Downloaded Program Files\beast hardcore [free] (Jade).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_dba3691c6002e10e\italian fucking hot (!) titts (Curtney,Karin).avi.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0993a1b8823a4e79\porn blowjob [milf] feet pregnant .avi.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05\action several models .rar.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_bcc167434bb9b3ea\british lingerie beast hidden .zip.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_65b23d3c3a97bfaf\danish lingerie uncut (Jade).rar.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0af98f1835676d1b\japanese beast [milf] .zip.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\spanish porn xxx [milf] .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_515dc677700303ec\italian blowjob [milf] 40+ (Tatjana).zip.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\russian beastiality sleeping .rar.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Windows\security\templates\american porn lingerie uncut ash .avi.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\malaysia porn kicking [free] YEâPSè& (Gina).avi.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b4aea777fe683838\african animal lingerie hidden vagina (Sonja).mpg.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\japanese kicking horse hot (!) latex .avi.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_39c9d74ef2ad6c7b\malaysia kicking public (Sonja,Gina).mpg.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Windows\winsxs\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_79642285ffd2a388\xxx hot (!) boots .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_94ab98ac6d213009\indian beastiality cum full movie latex .rar.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\norwegian beast fetish hot (!) 50+ .rar.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2fc4a33adb648f33\beast beast full movie young (Sarah,Britney).avi.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_aea650787d30ed8a\canadian lingerie lesbian vagina (Tatjana).mpg.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_664dbffec8693dfe\beastiality masturbation mature .avi.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\canadian beastiality sperm hot (!) .zip.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_00225053e03f4c04\canadian fucking several models .avi.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_6.1.7600.16385_none_af6f98ff87b0e3cc\xxx masturbation .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_095efe9c8261401e\japanese bukkake big fishy .rar.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_d81c96999f75bd77\italian horse horse [milf] titts mistress .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e30b5ec05031d17d\indian porn blowjob several models .rar.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_9498b282333b64ec\sperm kicking [bangbus] gorgeoushorny .zip.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_6.1.7600.16385_none_2958d4a31d2ec64f\action [free] ash .rar.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5d9f7d70ed4643fd\black hardcore public fishy .rar.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe
"C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe"
C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe
"C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe"
C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe
"C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 137.70.23.43.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 207.47.13.70.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.252.113.253.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.29.247.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.242.192.30.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.23.18.86.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.50.68.5.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 51.201.74.9.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.227.163.111.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 147.121.101.174.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.56.107.57.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 126.18.115.212.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.23.14.121.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.181.66.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.19.204.7.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 60.107.191.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.194.235.213.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.147.246.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.110.177.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 153.196.80.27.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.188.179.159.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 38.87.201.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 253.178.193.248.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.197.81.168.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.3.25.245.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.168.223.185.in-addr.arpa | udp |
Files
memory/2132-0-0x0000000000400000-0x000000000041E000-memory.dmp
C:\Program Files\Windows Sidebar\Shared Gadgets\asian xxx several models boobs 40+ .mpeg.exe
| MD5 | 7806f4ab7dc717fde2eedea1cb8ecbba |
| SHA1 | 165209eb4028c93accbe627e5c84503401edcf2f |
| SHA256 | d451641a4fef71ddccfe10c791201dfa890a558086b1b41ffef8d1b8a6a36cab |
| SHA512 | a65ab3599f83c3daf8d75aa76ab028ec201c238f772b7dc9f686bb80847c2b2801c24bda8450bfe4b8e6bdddce82de190075bf7e483dc701303b790cda09cd4f |
memory/2132-51-0x0000000004A50000-0x0000000004A6E000-memory.dmp
memory/2788-52-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2788-87-0x00000000045C0000-0x00000000045DE000-memory.dmp
memory/2728-88-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2132-90-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2788-91-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2728-94-0x0000000000400000-0x000000000041E000-memory.dmp
C:\debug.txt
| MD5 | 7ce5931cf33c91ee8e59d9c7cda39d08 |
| SHA1 | 77d5770793ad426ecbccc3859bba8b34e9ed819e |
| SHA256 | 0f150abaaafd0c67c692ea1bfafb756a436f10c0809a18c86f87ef75bbafa77d |
| SHA512 | 1d078cb9c87bc36b6f8ffe56e4c0cf1de0e8a9e6d340a0030e162c86a163c116f5503f696c1640f71e23c0ab802adadf0c6a931ca6b4528e4a29b9dcd4e7931d |
memory/2132-103-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2132-106-0x0000000004A50000-0x0000000004A6E000-memory.dmp
memory/2788-107-0x00000000045C0000-0x00000000045DE000-memory.dmp
memory/2132-108-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2132-111-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2132-114-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2132-119-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2132-122-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2132-125-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2132-128-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2132-131-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2132-134-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2132-137-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2132-140-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2132-143-0x0000000000400000-0x000000000041E000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-03 19:05
Reported
2024-04-03 19:08
Platform
win10v2004-20240226-en
Max time kernel
157s
Max time network
162s
Command Line
Signatures
Detects executables containing possible sandbox analysis VM usernames
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\System32\LogFiles\Fax\Incoming\british trambling kicking big .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\black trambling lesbian sleeping .avi.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\blowjob horse sleeping beautyfull .rar.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\lesbian animal sleeping pregnant .avi.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\canadian beast action hidden .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\gang bang fetish uncut hole sm (Janette).rar.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\indian beast hot (!) titts (Sylvia).avi.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\SHARED\french beastiality [bangbus] fishy (Sonja).rar.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\french trambling uncut (Sonja).zip.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\german cum big shower (Anniston).zip.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\SHARED\xxx big .rar.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\handjob uncut vagina .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Common Files\Microsoft Shared\italian beastiality trambling full movie pregnant .avi.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Program Files\dotnet\shared\gay sperm [milf] hole .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\lingerie sperm [free] legs pregnant (Kathrin).rar.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Program Files\Microsoft Office\Updates\Download\indian beastiality big circumcision .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Shared Gadgets\lingerie hidden .rar.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\xxx porn hidden vagina balls .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\nude horse voyeur castration (Curtney).mpg.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\spanish action cumshot masturbation ejaculation .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\norwegian kicking hot (!) cock traffic (Sonja).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\german kicking catfight .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\lesbian girls black hairunshaved .zip.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\danish nude fucking uncut .zip.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\lingerie sperm sleeping hairy .avi.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\swedish lingerie lesbian ash (Sandy,Sandy).avi.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Templates\indian horse catfight glans .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\black hardcore animal uncut fishy (Anniston,Britney).zip.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\Download\beast cum several models hole mistress .rar.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\swedish beast fetish [free] .zip.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.1_none_fa09f84703cb02c5\swedish fucking catfight YEâPSè& .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.1266_none_7916f7558927ae23\norwegian gay [free] ejaculation (Kathrin).zip.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.1_none_f42978969c79336a\italian handjob [bangbus] vagina circumcision .zip.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\lingerie action catfight vagina (Jenna).rar.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_it-it_bdb6c49fcea35732\danish lesbian full movie .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-a..gement-uevtemplates_31bf3856ad364e35_10.0.19041.1_none_0d66b54875835a49\canadian blowjob hot (!) stockings .zip.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_19d22204a1f3fcaf\italian action uncut YEâPSè& .rar.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_fd7349c396c417ae\gay [free] ejaculation .zip.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d38ece58f77171b4\french sperm public ash .zip.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.867_none_c29826784f9429f8\animal uncut .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_es-es_e5c3ad79c4e34ebb\bukkake girls penetration .avi.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Windows\assembly\tmp\indian gay hidden upskirt .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\templates\japanese beastiality nude licking vagina granny (Ashley,Christine).rar.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..se-shared-datafiles_31bf3856ad364e35_10.0.19041.1_none_2f5f00d280dce9f6\kicking [milf] glans wifey .zip.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_es-es_bf79b5fcc06b3128\gay [free] .zip.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1202_none_d8a1416ab7cccdcf\norwegian horse voyeur pregnant .zip.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_887b2378b7b5651d\spanish nude hot (!) feet ash (Melissa,Sonja).avi.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_en-us_310bfb76047869ad\horse [free] cock granny (Kathrin).rar.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_cb389cf57d74d691\french lesbian full movie legs .rar.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.746_none_d01527cffa9c25bc\bukkake action public (Sylvia,Anniston).avi.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.746_none_2212358fc33cc10f\norwegian lingerie cum hot (!) .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_es-es_30d7585a049f5b52\french beast trambling voyeur castration .rar.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_5b152a8d329397ec\hardcore cumshot girls vagina mature (Ashley).mpg.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_2fe79eae2833b9b1\black nude sleeping penetration (Samantha).rar.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.964_none_1c1a193f5bfcf136\malaysia lingerie [free] legs stockings .rar.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_5abbd3c4a3f2014c\brasilian horse xxx big hairy .avi.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_57eddd48e7a74274\blowjob gay hidden .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_10.0.19041.1_none_bd731e5b85dd203e\beastiality nude girls upskirt .zip.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_7860bee9439c3ae7\fucking full movie pregnant .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_215194e2327a46ac\horse licking stockings .zip.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1151_none_fbdc4c5f677dc2ec\beastiality hot (!) .zip.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.1_none_c6da8048542fddc7\malaysia porn horse licking young .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c3d467c525734eb3\porn [milf] 40+ .avi.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.1_none_0bc0f3d4cd7dc8fd\fetish catfight .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.84_none_81616275259e37fe\black kicking girls glans .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_ab42fb092bda9182\lingerie sperm several models .zip.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_5d54c0aac5c3c12c\fucking public .rar.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_14c898cc82025c76\chinese sperm xxx [bangbus] .rar.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\trambling action hidden .zip.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.789_en-us_58ebf9ecc407e3c0\spanish hardcore beast voyeur (Tatjana,Anniston).rar.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..s-ime-eashared-ihds_31bf3856ad364e35_10.0.19041.1_none_e8996b7d3512363f\nude girls titts .rar.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.906_none_ef0e010d1381269b\spanish gay [milf] glans beautyfull .zip.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.746_none_d404daff82e97769\animal cum hot (!) .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1_none_0b596e2a33be7d4c\chinese handjob lesbian uncut pregnant .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_f07d4fae3e8e883f\sperm action [milf] (Ashley,Sandy).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.572_none_cf90e12518baac85\japanese handjob lesbian .avi.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_e79b400a6df5fd2c\french porn sleeping .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\bukkake big .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\lesbian blowjob voyeur mistress (Christine,Christine).mpg.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\nude nude public circumcision .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Windows\SystemResources\Windows.UI.ShellCommon\SharePickerUI\spanish trambling [milf] nipples shoes .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5021dd18efc0460c\beast girls .rar.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\black horse lesbian licking glans .rar.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5fdc43acc1be690d\african lingerie xxx big (Janette).zip.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.1_none_a80cea873b2a6772\asian porn hardcore big sm .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Windows\mssrv.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\animal [free] nipples .zip.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Windows\Downloaded Program Files\british gang bang big (Sonja,Jade).mpg.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_211cf1c632a13851\trambling fucking voyeur boobs young .avi.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_bfae5918c0443f83\kicking blowjob public legs .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\Downloads\norwegian handjob catfight castration .zip.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.867_en-us_49453482f1fb5356\cum sleeping (Sandy).zip.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_10.0.19041.1_none_a3d9a07cf2290837\spanish lingerie masturbation hotel .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_en-us_e5f85095c4bc5d16\american beast several models legs shower .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe
"C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe"
C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe
"C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe"
C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe
"C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe"
C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe
"C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 139.110.86.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.181.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.97.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.58.20.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.171.91.138.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.66.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.66.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 94.65.42.20.in-addr.arpa | udp |
Files
memory/3332-0-0x0000000000400000-0x000000000041E000-memory.dmp
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\lingerie sperm [free] legs pregnant (Kathrin).rar.exe
| MD5 | e9d90e7a9fac03ab037af4944db0e04d |
| SHA1 | 8585931a00de9cc1f3deee71cfd30271c3204970 |
| SHA256 | 6f6798281ec6d54a85bb2a8a52b0fce4dce0f230723e1917f564ec131ccff0dc |
| SHA512 | d452a71b6c139040e804253397a17c368098878f401fdfca483f2f72aab836aaef988e7a9534dd0e28dd7b10fe7f3f33bb35ea33edfbb9fa63d214f07678bd7c |
memory/2024-10-0x0000000000400000-0x000000000041E000-memory.dmp
memory/3332-19-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2024-26-0x0000000000400000-0x000000000041E000-memory.dmp
memory/4528-27-0x0000000000400000-0x000000000041E000-memory.dmp
memory/4348-28-0x0000000000400000-0x000000000041E000-memory.dmp
memory/3332-29-0x0000000000400000-0x000000000041E000-memory.dmp
memory/3332-153-0x0000000000400000-0x000000000041E000-memory.dmp
memory/3332-170-0x0000000000400000-0x000000000041E000-memory.dmp
memory/3332-174-0x0000000000400000-0x000000000041E000-memory.dmp
memory/3332-178-0x0000000000400000-0x000000000041E000-memory.dmp
memory/3332-182-0x0000000000400000-0x000000000041E000-memory.dmp
memory/3332-188-0x0000000000400000-0x000000000041E000-memory.dmp
memory/3332-198-0x0000000000400000-0x000000000041E000-memory.dmp
memory/3332-205-0x0000000000400000-0x000000000041E000-memory.dmp
memory/3332-224-0x0000000000400000-0x000000000041E000-memory.dmp
memory/3332-228-0x0000000000400000-0x000000000041E000-memory.dmp