Analysis Overview
SHA256
1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc
Threat Level: Known bad
The file 1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc was found to be: Known bad.
Malicious Activity Summary
UPX dump on OEP (original entry point)
Detects executables containing possible sandbox analysis VM usernames
UPX dump on OEP (original entry point)
Reads user/profile data of web browsers
Checks computer location settings
UPX packed file
Enumerates connected drives
Adds Run key to start application
Drops file in System32 directory
Drops file in Windows directory
Drops file in Program Files directory
Enumerates physical storage devices
Unsigned PE
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-03 19:14
Signatures
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-03 19:14
Reported
2024-04-03 19:16
Platform
win7-20240221-en
Max time kernel
153s
Max time network
154s
Command Line
Signatures
Detects executables containing possible sandbox analysis VM usernames
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\FxsTmp\lingerie catfight black hairunshaved .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\shared\italian kicking trambling several models titts wifey (Liz).mpg.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\horse voyeur feet .zip.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\brasilian fetish bukkake [free] ash .avi.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\beast [free] bedroom .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Windows\System32\LogFiles\Fax\Incoming\swedish action trambling girls hole hairy (Janette).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\brasilian horse xxx public pregnant (Sonja,Liz).zip.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\fucking girls feet .zip.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\lesbian [free] feet redhair (Sarah).avi.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\shared\brasilian beastiality gay [free] girly .zip.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\xxx lesbian cock .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\american animal blowjob big ash .avi.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\lingerie voyeur feet castration .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Shared Gadgets\american animal horse public glans beautyfull (Tatjana).mpg.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\fucking [free] .rar.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\brasilian horse hardcore big glans lady (Samantha).mpg.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Program Files\DVD Maker\Shared\russian fetish horse masturbation shower (Ashley,Sarah).zip.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\Download\swedish kicking beast sleeping (Sylvia).mpg.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\lingerie big swallow .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\fucking public cock .avi.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\lingerie lesbian .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\lingerie sleeping titts .avi.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Program Files\Windows Journal\Templates\indian gang bang hardcore girls (Samantha).zip.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\microsoft shared\brasilian animal sperm lesbian 40+ .avi.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\sperm hot (!) beautyfull .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\tyrkish beastiality blowjob girls cock balls .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\japanese handjob trambling public cock 40+ .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\trambling masturbation glans (Christine,Liz).zip.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_6.1.7600.16385_none_6377027f0030a06a\beast public feet .rar.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_bcc167434bb9b3ea\african beast hot (!) .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_65b23d3c3a97bfaf\horse blowjob licking glans hairy (Tatjana).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_34400a5790d1d336\animal gay girls leather .avi.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_de-de_5803850b2f40840e\indian fetish gay [bangbus] glans 40+ .avi.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_6.1.7600.16385_none_49dd84a06c7c8863\sperm big (Janette).rar.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_f0ca3430257ea13f\beastiality lingerie masturbation hole shower (Tatjana).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_7f84cd98a7a56fd8\bukkake uncut .zip.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_664dbffec8693dfe\action fucking hidden .avi.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Windows\SoftwareDistribution\Download\russian cum bukkake girls hole shoes .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_4fe2107fd06efdd8\british lingerie masturbation titts gorgeoushorny (Janette).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_095efe9c8261401e\british lesbian lesbian cock .rar.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Windows\mssrv.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_6.1.7600.16385_none_a727eb798dcfb185\malaysia trambling public .rar.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0993a1b8823a4e79\german beast [bangbus] redhair (Kathrin,Liz).mpg.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_515dc677700303ec\danish cumshot blowjob voyeur ìï .avi.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_6208b91f46896156\german blowjob sleeping blondie .zip.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Windows\winsxs\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_6b16fa9f975e1109\porn beast [milf] circumcision .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_f3c374fc18118ca2\cum xxx [free] (Jade).zip.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2fc4a33adb648f33\german blowjob girls mature .zip.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0ac4ebfc358e5ec0\chinese lingerie uncut .zip.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_657d9a203abeb154\malaysia sperm hot (!) titts YEâPSè& .rar.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_3b85bcbe4734e96a\gay [bangbus] .rar.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e30b5ec05031d17d\spanish horse uncut (Karin).rar.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\american fetish lesbian uncut (Samantha).mpg.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8c6fc5a7aa8c435d\spanish horse masturbation .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_963e6ae24c653bfe\nude bukkake hidden titts swallow .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\lesbian hot (!) stockings (Christine,Tatjana).mpg.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_39c9d74ef2ad6c7b\african beast uncut hole .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_293ea1e3e6bc5364\gang bang xxx several models mistress .avi.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-m..-temptable-provider_31bf3856ad364e35_6.1.7600.16385_none_1dd3ce8d1e7524cd\blowjob uncut .zip.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_aedaf3947d09fbe5\sperm lesbian blondie .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_5e4ff1f4cf2dee9b\italian horse xxx catfight young .zip.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\lesbian girls titts .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_f27c4f066f5c6701\russian gang bang horse voyeur hole 50+ .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\Downloads\russian porn blowjob hot (!) beautyfull .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_es-es_00bfb7e81e458178\animal bukkake lesbian cock girly (Melissa).zip.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ad7c61fb28607522\spanish beast several models .rar.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\danish cum trambling big girly (Ashley,Karin).avi.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\american action hardcore several models cock mistress (Liz).avi.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b4aea777fe683838\chinese lingerie full movie titts 40+ (Sylvia).rar.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_3d98a610fed70b75\black animal gay [free] hole ejaculation (Janette).avi.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_bacc7ceffc55dca2\malaysia lesbian masturbation feet (Jenna,Samantha).rar.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_39374e2435a71b47\african hardcore [milf] cock upskirt .zip.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5d9f7d70ed4643fd\asian gay voyeur hairy .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a3772de7111797da\animal sperm voyeur titts granny (Melissa).rar.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_05ea1d9b8e2bf020\nude bukkake masturbation femdom .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\trambling catfight titts girly .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_3c93ac15fd731acf\action blowjob full movie cock .zip.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_aea650787d30ed8a\xxx sleeping bondage .zip.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\fucking hot (!) penetration .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f25d066604c2ad34\russian gang bang hardcore public cock .rar.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\swedish fetish fucking [free] hotel (Anniston,Karin).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_00225053e03f4c04\chinese hardcore voyeur titts .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_6f0f7833cb71e18d\african lingerie several models feet leather .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_it-it_18a6fde3093acac7\gang bang beast licking hole sm .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_60a2cbbf935c42b4\german hardcore [milf] (Janette).avi.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_4d274741486b900c\chinese sperm uncut feet femdom (Liz).rar.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\brasilian fetish bukkake masturbation titts lady .rar.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Windows\PLA\Templates\indian kicking fucking licking .rar.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\fucking [milf] feet .zip.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe
"C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe"
C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe
"C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe"
C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe
"C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 157.52.227.170.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 44.101.49.59.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.201.61.55.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 122.28.203.252.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.182.34.56.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.125.164.50.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.59.96.195.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 94.187.250.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.228.196.79.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.98.84.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.218.24.15.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.19.92.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.111.109.159.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.30.22.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 126.240.241.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.137.117.61.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.40.73.181.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.244.12.225.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 45.224.174.241.in-addr.arpa | udp |
Files
memory/2372-0-0x0000000000400000-0x0000000000420000-memory.dmp
C:\Program Files\Windows Sidebar\Shared Gadgets\american animal horse public glans beautyfull (Tatjana).mpg.exe
| MD5 | 7ce1a4452f29952bad61719e45c6a075 |
| SHA1 | fba5b000102bb86fb417ad5f40a4532324b291cf |
| SHA256 | d8ca40097151b97a7951da13170065c0953b798ff565778b96da71a7938023a3 |
| SHA512 | 456bc8df0e24329b015dc853effb017285b3d25f71a80d037c0a5d5b60205145a23f438e7fcd81faf555ebcefbdb75b4bf3a86386a84e66bb5d2970ce6fc6d3f |
memory/2472-54-0x0000000000400000-0x0000000000420000-memory.dmp
memory/2372-78-0x0000000000400000-0x0000000000420000-memory.dmp
memory/2620-79-0x0000000000400000-0x0000000000420000-memory.dmp
memory/2472-80-0x0000000000400000-0x0000000000420000-memory.dmp
memory/2372-81-0x0000000000400000-0x0000000000420000-memory.dmp
memory/2372-89-0x0000000004B00000-0x0000000004B20000-memory.dmp
memory/2372-97-0x0000000000400000-0x0000000000420000-memory.dmp
memory/2372-101-0x0000000000400000-0x0000000000420000-memory.dmp
C:\debug.txt
| MD5 | c065747785e95940923644a7bf5713ea |
| SHA1 | c405c31b3681d580fc5135259a7fccd18aeafcee |
| SHA256 | 2ab3dea31ba37d8786e2aefb008d6360f446652214f3dca41e231f7bac0101bd |
| SHA512 | 78d2fc02cb326a91802205bc02bebc08bd6d583d5de8b1a499385e89721921df8aba40fad85d9499d59a0a6f7c07e401c08ff9b3d00edf8dc8ea372dc018764f |
memory/2372-114-0x0000000000400000-0x0000000000420000-memory.dmp
memory/2372-117-0x0000000000400000-0x0000000000420000-memory.dmp
memory/2372-120-0x0000000000400000-0x0000000000420000-memory.dmp
memory/2372-123-0x0000000000400000-0x0000000000420000-memory.dmp
memory/2372-128-0x0000000000400000-0x0000000000420000-memory.dmp
memory/2372-131-0x0000000000400000-0x0000000000420000-memory.dmp
memory/2372-134-0x0000000000400000-0x0000000000420000-memory.dmp
memory/2372-137-0x0000000000400000-0x0000000000420000-memory.dmp
memory/2372-140-0x0000000000400000-0x0000000000420000-memory.dmp
memory/2372-143-0x0000000000400000-0x0000000000420000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-03 19:14
Reported
2024-04-03 19:16
Platform
win10v2004-20240226-en
Max time kernel
150s
Max time network
151s
Command Line
Signatures
Detects executables containing possible sandbox analysis VM usernames
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\System32\LogFiles\Fax\Incoming\hardcore cumshot catfight hole hotel .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\asian gay hot (!) cock bondage .rar.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\porn public hole pregnant .zip.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\hardcore uncut .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\SHARED\hardcore [milf] (Kathrin).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\japanese action catfight feet boots .zip.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\trambling girls cock sm (Liz,Melissa).mpg.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\xxx blowjob public .avi.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\animal horse [bangbus] ash .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\SHARED\spanish lesbian sleeping granny (Jenna,Gina).mpg.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\sperm public .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\porn bukkake voyeur nipples shower (Liz).avi.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\Windows Sidebar\Shared Gadgets\gang bang full movie titts gorgeoushorny .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\horse girls ΋ .zip.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\sperm [bangbus] redhair (Britney,Sarah).avi.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Program Files\dotnet\shared\american fetish licking .avi.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Program Files\Microsoft Office\Updates\Download\russian cumshot masturbation ash shoes .avi.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\lesbian beastiality full movie (Jade).mpg.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\african sperm uncut shower (Jade).mpg.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\spanish gang bang girls wifey (Anniston,Janette).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\bukkake [bangbus] leather .rar.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Templates\canadian fetish big 40+ .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\lingerie gay catfight lady .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\EU8B19.tmp\animal hardcore lesbian glans 40+ (Sonja,Kathrin).mpg.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\asian hardcore hot (!) girly .zip.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\french gay nude big .avi.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Microsoft Shared\horse [free] girly .rar.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\Download\canadian blowjob bukkake hidden boobs .avi.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\sperm xxx public boobs shower (Tatjana,Gina).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\indian fucking fucking public (Anniston).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\russian lingerie porn [bangbus] (Jenna).rar.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_ee7ea14f7d8a3ee3\canadian hardcore beast hot (!) .avi.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1_none_3cfd44d351b1a8ab\brasilian fucking fetish [milf] ash stockings (Tatjana).rar.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.906_none_ef0e010d1381269b\horse nude hidden boots (Jade).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_de-de_3d077a9cd5de5151\kicking lesbian .avi.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_10.0.19041.1_none_01240756137c3159\animal catfight .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Windows\WinSxS\x86_microsoft-windows-m..-temptable-provider_31bf3856ad364e35_10.0.19041.1_none_77cfea69a421a4a1\swedish bukkake kicking several models nipples lady .avi.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Windows\Downloaded Program Files\indian animal several models traffic .zip.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_5d54c0aac5c3c12c\french sperm fucking catfight penetration .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_es-es_e5c3ad79c4e34ebb\african sperm big mature .rar.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-s..-kf-commondownloads_31bf3856ad364e35_10.0.19041.1_none_a914e3e3f19ceda1\malaysia gang bang gang bang hot (!) hairy .avi.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5fdc43acc1be690d\swedish beastiality sleeping pregnant .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx-aspnet-nonwow64-shared_b03f5f7f11d50a3a_4.0.19041.1_none_d66d07dacac85e2d\trambling fucking hot (!) .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1288_none_6115038ba57fcb33\danish horse catfight .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Windows\PLA\Templates\gang bang horse hot (!) blondie .rar.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Windows\WinSxS\x86_netfx4-installsqlstatetemplate_sql_b03f5f7f11d50a3a_4.0.15805.0_none_bde408a455fc3ece\african horse trambling big bedroom .zip.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Windows\SoftwareDistribution\Download\tyrkish fetish porn big black hairunshaved .avi.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_de-de_16bd831fd16633be\french gay nude uncut ejaculation .zip.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_e79b400a6df5fd2c\danish bukkake uncut gorgeoushorny .zip.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_10.0.19041.1_none_91025638be651781\danish beastiality sleeping nipples .avi.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_d58d4747b1d5988c\indian cum xxx lesbian shower .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_f8d34ba1b1eb00de\french porn lesbian .zip.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..ces-ime-eashared-lm_31bf3856ad364e35_10.0.19041.1_none_3d0229d17c310f10\cumshot action catfight cock penetration (Christine,Sarah).mpg.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_62312bfbb33d478a\action porn [free] boobs leather .rar.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_19d22204a1f3fcaf\indian beastiality [milf] 50+ .zip.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_8fafa997b9980bea\sperm [free] ash castration .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_adfc5e0bfca53431\canadian fucking voyeur glans .avi.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Windows\WinSxS\x86_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_10.0.19041.1_none_d980e9752d51efac\tyrkish fucking cum [free] redhair (Jenna).mpg.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\gang bang sperm big .avi.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_fd7349c396c417ae\xxx horse [milf] .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_10.0.19041.207_none_e2f2dfeea7fa44fc\japanese handjob horse catfight .zip.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_10.0.19041.1_none_096bb4dc0d5d63a0\german action horse lesbian blondie (Tatjana,Melissa).rar.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_b597a55b603b537d\sperm kicking lesbian stockings .zip.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_215194e2327a46ac\horse [milf] shoes .rar.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.867_en-us_49453482f1fb5356\spanish lingerie several models legs (Jade,Tatjana).mpg.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedpc-sharedpccsp_31bf3856ad364e35_10.0.19041.1_none_24f622f1fc5a3f3c\malaysia animal big upskirt .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-update-upshared_31bf3856ad364e35_10.0.19041.1151_none_025296d718a7b3a8\bukkake trambling public .zip.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_ca03036af4a5017e\malaysia blowjob sleeping pregnant .rar.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-sx-shared_31bf3856ad364e35_10.0.19041.1_none_f8e978b0ed48a6bb\kicking public .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_1bbb9ab9fc52bac9\blowjob licking shower (Ashley).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-u..ell-sharedutilities_31bf3856ad364e35_10.0.19041.546_none_a93e4a2569276206\nude girls .avi.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_6c6bd34f082a97f1\handjob masturbation .rar.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_833abdc06c68d338\kicking fetish full movie .avi.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_10.0.19041.1_none_ae957c4c35a7bf73\canadian lesbian sperm catfight gorgeoushorny .zip.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-t..ervices-tsfairshare_31bf3856ad364e35_10.0.19041.1_none_e32b64807ab11fd2\beastiality xxx voyeur boots (Melissa,Jade).rar.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.1_none_b201c2e68d8dbc0d\beast horse big cock redhair .avi.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\german gay voyeur mature .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Windows\security\templates\russian beastiality licking .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.1266_none_7916f7558927ae23\japanese bukkake nude girls titts .avi.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_10.0.19041.1_none_a3d9a07cf2290837\cum girls vagina granny (Samantha).rar.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1_none_97e9c0335b4cd39a\russian xxx porn big .rar.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_es-es_c9ce604ef4cbf323\trambling [bangbus] .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d38ece58f77171b4\kicking girls (Ashley,Kathrin).zip.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.572_none_cf90e12518baac85\swedish hardcore catfight nipples traffic (Karin).rar.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx4-uninstallsqlstatetemplate_sql_b03f5f7f11d50a3a_4.0.15805.0_none_db70a8ec1b999dd5\italian hardcore hidden .rar.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.1_none_0bc0f3d4cd7dc8fd\fetish horse lesbian boobs lady (Christine,Ashley).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_5b152a8d329397ec\african gay beast sleeping gorgeoushorny .zip.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.1_none_c6da8048542fddc7\porn handjob full movie feet castration (Anniston).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_b1ffa0e7b4ed03e2\italian gay xxx catfight (Tatjana).rar.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-security-ntlmshared_31bf3856ad364e35_10.0.19041.1_none_734900fc110387b6\bukkake masturbation nipples .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_10.0.19041.1_none_c513167c1d0a90dd\trambling fetish full movie cock upskirt .rar.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.964_none_1c1a193f5bfcf136\japanese fucking sperm sleeping traffic .zip.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_10.0.19041.746_none_292c449ed2edefa3\lesbian fetish catfight legs bedroom (Karin,Melissa).mpg.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_bca64d70c79f104b\black animal lesbian hotel .zip.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_de-de_21122d7205c6f5b9\tyrkish kicking beast hidden .rar.exe | C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe
"C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe"
C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe
"C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe"
C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe
"C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe"
C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe
"C:\Users\Admin\AppData\Local\Temp\1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.66.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| NL | 52.142.223.178:80 | tcp | |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.181.73.77.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 218.122.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 63.97.52.29.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.253.32.70.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 128.99.154.83.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 235.214.166.105.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.27.89.114.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.78.98.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 143.179.162.50.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.110.171.175.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 239.216.77.14.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 215.202.250.116.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.136.98.56.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.52.16.31.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.48.110.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 243.108.222.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 211.11.250.131.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.12.154.73.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.80.214.41.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.54.241.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.47.150.167.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.61.3.7.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 186.198.229.188.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.105.50.19.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 60.51.43.42.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.212.232.121.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.9.148.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 96.72.123.147.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.3.174.90.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 224.203.158.102.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.156.185.166.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 87.32.209.100.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.61.80.170.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.148.125.213.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 204.96.19.170.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 126.200.56.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 7.4.50.164.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 189.23.4.121.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.249.44.167.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 162.79.93.121.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 189.75.58.247.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.8.86.49.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 247.28.169.181.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 147.172.206.7.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 127.205.68.183.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 243.73.112.57.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 139.169.209.207.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.45.28.71.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 253.229.109.25.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.90.187.119.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.134.42.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 128.155.110.94.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.130.1.98.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 124.230.141.116.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.116.139.19.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 37.163.206.167.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 199.180.100.227.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 199.188.215.247.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 253.222.97.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 177.180.112.231.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.1.236.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.165.238.255.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 187.251.141.247.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.186.19.248.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.55.182.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 63.174.3.72.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.217.223.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 118.131.9.68.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.23.220.129.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 199.174.151.14.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.14.118.134.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.189.177.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.143.182.52.in-addr.arpa | udp |
Files
memory/2484-0-0x0000000000400000-0x0000000000420000-memory.dmp
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\asian hardcore hot (!) girly .zip.exe
| MD5 | dda7e1512cbb4df04374387beda072e8 |
| SHA1 | 3537e3083ce5f1f49afa5a7e4babb7ba9f91b8fb |
| SHA256 | cd1054eabdaf124b7eee5cfe674c0822d46ec5e40c24013bc4f0706010f26302 |
| SHA512 | 8726227c3a624817b596cd278c4fd9cc6c5001acdb6c070d7c83e011aa4bd7642bca37bd6620eb2862a00032c30367c6fd49e5f1e0cb33ee629cbde008502d96 |
memory/1520-130-0x0000000000400000-0x0000000000420000-memory.dmp
memory/2484-183-0x0000000000400000-0x0000000000420000-memory.dmp
memory/1520-184-0x0000000000400000-0x0000000000420000-memory.dmp
memory/3760-185-0x0000000000400000-0x0000000000420000-memory.dmp
memory/2204-186-0x0000000000400000-0x0000000000420000-memory.dmp
memory/2484-188-0x0000000000400000-0x0000000000420000-memory.dmp
memory/2484-194-0x0000000000400000-0x0000000000420000-memory.dmp
memory/2484-204-0x0000000000400000-0x0000000000420000-memory.dmp
memory/2484-208-0x0000000000400000-0x0000000000420000-memory.dmp
memory/2484-213-0x0000000000400000-0x0000000000420000-memory.dmp
memory/2484-217-0x0000000000400000-0x0000000000420000-memory.dmp
memory/2484-221-0x0000000000400000-0x0000000000420000-memory.dmp
memory/2484-225-0x0000000000400000-0x0000000000420000-memory.dmp
memory/2484-229-0x0000000000400000-0x0000000000420000-memory.dmp
memory/2484-233-0x0000000000400000-0x0000000000420000-memory.dmp
memory/2484-237-0x0000000000400000-0x0000000000420000-memory.dmp
memory/2484-241-0x0000000000400000-0x0000000000420000-memory.dmp
memory/2484-245-0x0000000000400000-0x0000000000420000-memory.dmp