Analysis Overview
SHA256
6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80
Threat Level: Known bad
The file 6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80 was found to be: Known bad.
Malicious Activity Summary
UPX dump on OEP (original entry point)
Detects executables containing possible sandbox analysis VM usernames
UPX dump on OEP (original entry point)
Checks computer location settings
Reads user/profile data of web browsers
UPX packed file
Adds Run key to start application
Enumerates connected drives
Drops file in System32 directory
Drops file in Program Files directory
Drops file in Windows directory
Enumerates physical storage devices
Unsigned PE
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-06 21:51
Signatures
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-06 21:51
Reported
2024-04-06 21:53
Platform
win7-20240215-en
Max time kernel
150s
Max time network
149s
Command Line
Signatures
Detects executables containing possible sandbox analysis VM usernames
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\action gang bang full movie ash .avi.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\canadian trambling hidden cock mistress (Sandy,Melissa).rar.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\french kicking [milf] .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\black action horse licking ash .avi.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\african lesbian full movie boobs mature .rar.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Windows\System32\LogFiles\Fax\Incoming\russian horse hot (!) legs shower .rar.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\shared\danish kicking public (Christine,Janette).zip.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\german porn several models legs .mpg.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\xxx hardcore hidden mistress .zip.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\shared\canadian lingerie bukkake uncut beautyfull .mpg.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\Windows Sidebar\Shared Gadgets\xxx several models (Christine,Sonja).avi.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\tyrkish hardcore bukkake girls (Gina).zip.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\brasilian handjob sperm voyeur high heels (Sandy).avi.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Program Files\Windows Journal\Templates\indian horse [milf] .mpg.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\microsoft shared\trambling full movie titts hairy (Karin).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\malaysia kicking lingerie lesbian ash granny .avi.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\nude [milf] blondie .zip.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Program Files\DVD Maker\Shared\russian gang bang lingerie catfight stockings (Gina).mpg.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\lingerie blowjob licking blondie .zip.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\bukkake licking .rar.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\Download\french horse hot (!) girly (Janette).mpg.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\russian horse cum catfight .mpg.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\nude [free] cock .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\lingerie hardcore [bangbus] boots (Sonja).mpg.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\italian horse full movie lady .avi.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_3b85bcbe4734e96a\horse girls redhair .avi.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_dd18b2a07d49aa11\danish gay hot (!) (Tatjana,Christine).zip.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_4d274741486b900c\spanish bukkake trambling girls glans black hairunshaved (Sandy).zip.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Windows\security\templates\blowjob public (Gina).rar.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_515dc677700303ec\indian fetish lingerie voyeur stockings .mpg.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0993a1b8823a4e79\animal xxx licking (Sonja).mpg.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_bcc167434bb9b3ea\french beast lesbian big gorgeoushorny .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_c26c5b8280c6af34\american fucking hot (!) YEâPSè& .avi.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ac16749b75335680\fetish girls beautyfull (Britney).rar.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\british fetish handjob girls .rar.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\danish beast sleeping blondie .zip.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\american fucking [milf] sm (Sonja,Kathrin).rar.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\sperm voyeur .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_d81c96999f75bd77\horse beast hidden glans ejaculation .avi.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8c6fc5a7aa8c435d\african beast lingerie uncut vagina granny .zip.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0ac4ebfc358e5ec0\canadian horse hidden titts (Sandy).rar.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_387a16fe7addf3b6\brasilian fucking full movie redhair .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_5e4ff1f4cf2dee9b\xxx licking .rar.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\brasilian hardcore trambling catfight .mpg.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\german handjob sperm full movie shower .zip.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\british hardcore voyeur balls .avi.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Windows\SoftwareDistribution\Download\black fetish girls ash wifey .rar.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_7f84cd98a7a56fd8\american action hidden (Sandy).zip.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\african cumshot hardcore several models .avi.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_6.1.7600.16385_none_6377027f0030a06a\canadian blowjob masturbation feet circumcision .rar.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\spanish animal uncut .rar.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_6.1.7600.16385_none_2958d4a31d2ec64f\british lesbian beast licking boots (Sylvia).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_293ea1e3e6bc5364\african xxx [free] .mpg.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05\spanish cumshot [free] high heels (Samantha).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f25d066604c2ad34\hardcore lesbian mistress .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b4aea777fe683838\russian sperm porn hot (!) .mpg.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_16a2bb1dbab1c595\norwegian lesbian full movie circumcision .avi.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Windows\winsxs\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_6b16fa9f975e1109\spanish lesbian full movie vagina .avi.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_095efe9c8261401e\kicking sperm sleeping legs black hairunshaved (Janette).avi.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\Downloads\norwegian beastiality blowjob [free] .zip.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\malaysia cumshot gang bang sleeping wifey .zip.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_d8216ed3d8746200\asian beastiality [milf] ejaculation .mpg.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\african cumshot masturbation feet (Karin).avi.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_it-it_18a6fde3093acac7\brasilian horse kicking [bangbus] .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_60c2504d62fd4f0e\hardcore cumshot uncut .mpg.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_es-es_00bfb7e81e458178\trambling cumshot full movie titts (Sarah).avi.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_39c9d74ef2ad6c7b\blowjob girls traffic (Liz).avi.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_9498b282333b64ec\american fucking lesbian catfight traffic (Jenna).rar.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_ddab3bcb3a4ffb45\trambling hidden .zip.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ea4a469ab7713182\canadian bukkake bukkake voyeur (Samantha).zip.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8d9f242de8497d58\sperm sperm hidden (Samantha).rar.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e30b5ec05031d17d\asian kicking voyeur .rar.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8bc7919d3f36cee7\russian cumshot porn full movie stockings (Anniston,Jenna).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_1412267f4b3bb985\spanish porn voyeur high heels .rar.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_65b23d3c3a97bfaf\spanish sperm cum hidden .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0835101f2d90c7b6\fetish beastiality [milf] vagina circumcision (Kathrin,Britney).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_en-us_00f45b041e1e8fd3\spanish animal [free] fishy .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a3772de7111797da\malaysia horse public .rar.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_6.1.7600.16385_none_49dd84a06c7c8863\asian kicking cumshot [free] 50+ .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_a945e2c500c90142\norwegian lingerie cumshot [bangbus] .zip.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_3d98a610fed70b75\african handjob lesbian gorgeoushorny .rar.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\kicking lingerie [milf] .mpg.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-m..-temptable-provider_31bf3856ad364e35_6.1.7600.16385_none_1dd3ce8d1e7524cd\italian horse gang bang uncut feet (Karin,Sonja).avi.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_7bfdfb15e7184c41\gang bang girls bondage .mpg.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_657d9a203abeb154\cumshot bukkake masturbation (Melissa,Liz).mpg.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_f0ca3430257ea13f\american fetish horse sleeping vagina (Tatjana,Sonja).mpg.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_f27c4f066f5c6701\malaysia sperm handjob voyeur swallow .rar.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\gay bukkake [bangbus] hole latex .rar.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_963e6ae24c653bfe\cum lesbian .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe
"C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe"
C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe
"C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe"
C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe
"C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 214.205.3.17.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 188.44.139.177.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.243.168.181.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.84.72.78.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.13.121.242.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.244.140.90.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 87.81.239.252.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 115.76.223.111.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.183.63.123.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 201.184.11.212.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.118.77.85.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 165.254.178.47.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.70.101.21.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.240.227.242.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 126.84.207.116.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.208.89.55.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.187.250.229.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 128.201.83.134.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 142.70.220.133.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.103.60.249.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.190.53.182.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.142.69.83.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.154.31.115.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 96.162.115.78.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.45.252.212.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 182.56.47.181.in-addr.arpa | udp |
| US | 8.8.8.8:53 | udp |
Files
memory/1888-0-0x0000000000400000-0x000000000041C000-memory.dmp
C:\Program Files\Windows Sidebar\Shared Gadgets\xxx several models (Christine,Sonja).avi.exe
| MD5 | c78ea24a00186e052402b4339e2eae4d |
| SHA1 | 7505f99c0f96ebb73267220256db97317b9e2251 |
| SHA256 | 17918c22810ec7a3033027f8874db356d22e6f60f2581f94451596e91d9700c8 |
| SHA512 | d91d62559f406d338c9f7d84f544afe317ac1db6dff8e68ac86059cf8b10bce936f2586ab159aab715e56d4dfd0a7ad397600b424d29627089c6cf8f490383da |
memory/2564-65-0x0000000000400000-0x000000000041C000-memory.dmp
memory/2564-87-0x0000000004810000-0x000000000482C000-memory.dmp
memory/340-88-0x0000000000400000-0x000000000041C000-memory.dmp
memory/1888-92-0x0000000000400000-0x000000000041C000-memory.dmp
memory/2564-101-0x0000000000400000-0x000000000041C000-memory.dmp
memory/340-102-0x0000000000400000-0x000000000041C000-memory.dmp
memory/1888-103-0x0000000000400000-0x000000000041C000-memory.dmp
memory/1888-106-0x0000000000400000-0x000000000041C000-memory.dmp
memory/1888-109-0x0000000000400000-0x000000000041C000-memory.dmp
memory/1888-112-0x0000000000400000-0x000000000041C000-memory.dmp
memory/1888-117-0x0000000000400000-0x000000000041C000-memory.dmp
memory/1888-120-0x0000000000400000-0x000000000041C000-memory.dmp
memory/1888-123-0x0000000000400000-0x000000000041C000-memory.dmp
memory/1888-126-0x0000000000400000-0x000000000041C000-memory.dmp
memory/1888-129-0x0000000000400000-0x000000000041C000-memory.dmp
memory/1888-132-0x0000000000400000-0x000000000041C000-memory.dmp
memory/1888-135-0x0000000000400000-0x000000000041C000-memory.dmp
memory/1888-138-0x0000000000400000-0x000000000041C000-memory.dmp
memory/1888-141-0x0000000000400000-0x000000000041C000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-06 21:51
Reported
2024-04-06 21:53
Platform
win10v2004-20240226-en
Max time kernel
150s
Max time network
151s
Command Line
Signatures
Detects executables containing possible sandbox analysis VM usernames
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\IME\SHARED\norwegian beastiality gang bang [bangbus] vagina pregnant .mpg.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Windows\System32\LogFiles\Fax\Incoming\horse lesbian [milf] .mpg.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\action catfight (Melissa,Karin).mpg.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\german lingerie catfight beautyfull (Anniston,Anniston).rar.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\japanese lesbian handjob sleeping lady (Sarah,Sarah).zip.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\swedish lingerie nude uncut balls .avi.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\british cum public .mpg.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\british hardcore hot (!) .zip.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\nude [free] .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\SHARED\danish horse porn several models ash .avi.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\japanese cumshot [bangbus] sweet (Tatjana,Samantha).zip.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\cum uncut balls (Samantha,Jade).rar.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\Common Files\microsoft shared\brasilian handjob sperm voyeur high heels (Sandy).avi.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\tyrkish hardcore bukkake girls (Gina).zip.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\trambling full movie titts hairy (Karin).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Program Files\Microsoft Office\Updates\Download\french horse hot (!) girly (Janette).mpg.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\lingerie blowjob licking blondie .zip.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Microsoft Shared\hardcore lingerie catfight ash high heels .avi.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Shared Gadgets\russian horse cum catfight .mpg.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\brasilian cum voyeur hole Ôï .avi.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Program Files\dotnet\shared\russian gang bang lingerie catfight stockings (Gina).mpg.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Templates\indian horse [milf] .mpg.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\tyrkish kicking sperm big (Gina,Tatjana).rar.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\Download\japanese cum big penetration (Tatjana,Curtney).mpg.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\french blowjob animal hidden (Liz,Anniston).zip.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\xxx several models (Christine,Sonja).avi.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\italian horse full movie lady .avi.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\brasilian beastiality voyeur traffic .zip.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\cumshot uncut bondage (Sarah).zip.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\spanish lingerie lesbian nipples bondage .rar.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.746_none_aaeae146be52e178\animal fucking several models .mpg.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1288_none_56c05939711f0938\norwegian animal several models traffic .zip.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Windows\WinSxS\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_10.0.19041.1_none_15ba23b7f1e2b81b\kicking girls .mpg.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_fad1fa0072ef4a3a\xxx catfight .mpg.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Windows\WinSxS\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_10.0.19041.1_none_c049dbdb4e15bdd2\german nude big boobs granny .zip.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.964_none_1c1a193f5bfcf136\fetish hidden titts traffic (Karin,Sandy).zip.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx-aspnet-nonwow64-shared_b03f5f7f11d50a3a_4.0.19041.1_none_d66d07dacac85e2d\russian lesbian public stockings .avi.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.1_none_a80cea873b2a6772\canadian lesbian handjob licking titts leather .avi.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedrealitysvc_31bf3856ad364e35_10.0.19041.746_none_822bf1ada1526fa8\french cum nude catfight .rar.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_es-es_8da1621e0a800290\hardcore cumshot several models (Karin).zip.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_10.0.19041.1_none_0341fea186758116\lingerie licking (Karin).avi.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.1_none_4a03fd12cb3f16c2\german nude nude public .rar.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_adfc5e0bfca53431\asian gay beast sleeping upskirt .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedpc-sharedpccsp_31bf3856ad364e35_10.0.19041.1_none_24f622f1fc5a3f3c\black trambling big .mpg.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_10.0.19041.1_none_ee94ce5eb8e7e4c0\black animal girls boobs .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-update-upshared_31bf3856ad364e35_10.0.19041.1151_none_025296d718a7b3a8\asian gang bang animal voyeur 40+ (Sarah,Britney).avi.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_fe0807c37141be7a\chinese porn porn [free] .rar.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.1_none_d12f2a9a88909fc2\xxx trambling [bangbus] ash .avi.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_10.0.19041.207_none_e2f2dfeea7fa44fc\xxx porn [free] .mpg.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_14c898cc82025c76\american porn horse lesbian .mpg.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_en-us_64f5aaf4bb13ecef\tyrkish gay kicking hidden glans black hairunshaved .avi.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_10.0.19041.1_none_03040a328f65b761\gay sleeping hole .avi.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.746_none_de598551b74a3964\malaysia kicking bukkake girls hairy .mpg.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_f07d4fae3e8e883f\chinese lingerie full movie ash .mpg.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_es-es_30d7585a049f5b52\french hardcore full movie .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.867_none_c29826784f9429f8\italian horse catfight hole (Sarah).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Windows\WinSxS\Temp\chinese horse girls legs (Britney,Ashley).zip.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_a4f93129c473df49\italian horse public .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.546_none_cd016aa683e5a345\tyrkish trambling trambling hot (!) ash mistress .zip.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.84_none_cee95e04c201c860\german nude uncut Ôï (Curtney).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-composable-sharepicker_31bf3856ad364e35_10.0.19041.1_none_c87e96327faffd0e\porn animal full movie titts .avi.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_e79b400a6df5fd2c\bukkake hidden .avi.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_d58d4747b1d5988c\swedish animal [milf] hole .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_6242879b1c08046f\canadian gang bang cum public ash shower .zip.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\templates\indian action hidden beautyfull .rar.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1_none_97e9c0335b4cd39a\russian handjob hidden mistress (Sandy,Tatjana).avi.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1288_none_ca3007304990b2ea\american xxx hidden 50+ .mpg.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_it-it_72a319bf8ee74a9b\asian blowjob fucking masturbation .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-s..-kf-commondownloads_31bf3856ad364e35_10.0.19041.1_none_a914e3e3f19ceda1\canadian kicking nude uncut black hairunshaved (Gina,Sandy).mpg.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_7860bee9439c3ae7\gang bang hot (!) fishy .rar.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx-aspnet-sharedcomponents_b03f5f7f11d50a3a_4.0.19041.1_none_47ca94859da20b28\horse masturbation granny .rar.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_10.0.19041.1_none_c513167c1d0a90dd\animal hot (!) nipples upskirt (Liz,Karin).avi.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Windows\WinSxS\x86_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_10.0.19041.1_none_d980e9752d51efac\indian action hot (!) .mpg.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Windows\SoftwareDistribution\Download\SharedFileCache\norwegian fucking sleeping legs (Tatjana,Tatjana).mpg.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedpc-sharedpccsp_31bf3856ad364e35_10.0.19041.746_none_4cfe603abbcbfd86\lingerie public stockings .mpg.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_de-de_bc04d4fbcc35e12a\chinese cum uncut (Anniston,Jade).avi.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_it-it_4c5922428a6f2d08\beast licking legs .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-security-ntlmshared_31bf3856ad364e35_10.0.19041.1_none_7d9dab4e456449b1\hardcore horse voyeur .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\french gang bang xxx public fishy (Anniston,Sylvia).rar.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_1bbb9ab9fc52bac9\swedish gay voyeur titts (Janette,Kathrin).rar.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_bfae5918c0443f83\italian beast hot (!) .avi.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_fd7349c396c417ae\british action big (Tatjana,Gina).zip.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Windows\InputMethod\SHARED\handjob trambling sleeping high heels .mpg.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d38ece58f77171b4\african xxx handjob hot (!) glans .avi.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_57eddd48e7a74274\animal lesbian ash (Sandy).mpg.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_10.0.19041.1_none_bd731e5b85dd203e\danish kicking girls hairy .mpg.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.746_none_a06b29f6c4bab99e\chinese bukkake [free] .mpg.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Windows\assembly\tmp\african gang bang trambling sleeping nipples girly (Samantha).zip.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_10.0.19041.1_none_8c0b126c198fcf70\xxx kicking [bangbus] .rar.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Windows\WinSxS\x86_microsoft-windows-m..-temptable-provider_31bf3856ad364e35_10.0.19041.1_none_77cfea69a421a4a1\gay several models ash .avi.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Windows\WinSxS\x86_netfx4-uninstallsqlstatetemplate_sql_b03f5f7f11d50a3a_4.0.15805.0_none_231ddfc33015c6db\asian kicking big titts granny .rar.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_4c786ae2f508e6d5\fetish sleeping young .rar.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_9aa486d790131d4e\brasilian xxx public cock boots (Christine).mpg.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx4-uninstallsqlstatetemplate_sql_b03f5f7f11d50a3a_4.0.15805.0_none_db70a8ec1b999dd5\black fucking licking .zip.exe | C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe
"C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe"
C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe
"C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe"
C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe
"C:\Users\Admin\AppData\Local\Temp\6755f53c60c76e245f28993d0b653ba6dce4d8ef7c0eb8c3018a5ab2d20afe80.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 159.113.53.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.71.91.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.232.166.49.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 111.13.240.139.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.28.156.226.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.147.94.181.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 120.193.58.25.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.11.210.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.27.22.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 244.89.153.247.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.97.46.190.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.21.199.131.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.48.47.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.98.253.85.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.59.247.78.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.207.110.213.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.196.67.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.187.191.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.8.236.30.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.13.214.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.119.121.195.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 244.145.50.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.122.227.145.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.133.140.145.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 135.207.70.119.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 208.198.246.29.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.172.93.24.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.91.165.26.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.188.47.12.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.32.222.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 231.199.202.244.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.148.108.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 87.195.200.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.195.4.112.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.208.180.123.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 44.182.145.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 124.229.118.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 213.34.220.27.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 250.232.188.170.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.99.184.223.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.116.204.176.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 151.80.188.68.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 190.181.247.124.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 255.200.219.132.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.110.91.9.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 114.156.67.15.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.171.46.228.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.143.80.132.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.237.195.147.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.27.73.28.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 230.233.210.41.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.214.7.26.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.148.111.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 185.153.30.138.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.133.1.175.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 252.9.126.203.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.52.202.82.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 160.154.8.39.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.122.86.210.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.126.76.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.62.225.248.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.224.235.102.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.45.194.102.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 164.171.23.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.224.53.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 143.86.32.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 125.195.35.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 245.58.217.9.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 168.218.183.63.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.92.37.175.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.50.118.233.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 62.91.97.60.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.149.165.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 7.192.123.158.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.25.209.182.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 199.112.74.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 162.111.245.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.92.168.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.132.134.195.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.68.227.167.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.52.5.230.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 128.229.243.242.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.218.171.100.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.218.203.17.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.18.104.57.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.105.181.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.144.99.200.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 218.56.45.102.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 135.94.13.171.in-addr.arpa | udp |
Files
memory/3892-0-0x0000000000400000-0x000000000041C000-memory.dmp
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\xxx several models (Christine,Sonja).avi.exe
| MD5 | c78ea24a00186e052402b4339e2eae4d |
| SHA1 | 7505f99c0f96ebb73267220256db97317b9e2251 |
| SHA256 | 17918c22810ec7a3033027f8874db356d22e6f60f2581f94451596e91d9700c8 |
| SHA512 | d91d62559f406d338c9f7d84f544afe317ac1db6dff8e68ac86059cf8b10bce936f2586ab159aab715e56d4dfd0a7ad397600b424d29627089c6cf8f490383da |
memory/2404-111-0x0000000000400000-0x000000000041C000-memory.dmp
memory/3892-182-0x0000000000400000-0x000000000041C000-memory.dmp
memory/2404-183-0x0000000000400000-0x000000000041C000-memory.dmp
memory/5000-184-0x0000000000400000-0x000000000041C000-memory.dmp
memory/3892-186-0x0000000000400000-0x000000000041C000-memory.dmp
memory/3892-191-0x0000000000400000-0x000000000041C000-memory.dmp
memory/3892-201-0x0000000000400000-0x000000000041C000-memory.dmp
memory/3892-204-0x0000000000400000-0x000000000041C000-memory.dmp
memory/3892-208-0x0000000000400000-0x000000000041C000-memory.dmp
memory/3892-211-0x0000000000400000-0x000000000041C000-memory.dmp
memory/3892-214-0x0000000000400000-0x000000000041C000-memory.dmp
memory/3892-217-0x0000000000400000-0x000000000041C000-memory.dmp
memory/3892-220-0x0000000000400000-0x000000000041C000-memory.dmp
memory/3892-223-0x0000000000400000-0x000000000041C000-memory.dmp
memory/3892-226-0x0000000000400000-0x000000000041C000-memory.dmp
memory/3892-229-0x0000000000400000-0x000000000041C000-memory.dmp
memory/3892-232-0x0000000000400000-0x000000000041C000-memory.dmp