Analysis Overview
SHA256
69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325
Threat Level: Known bad
The file 69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325 was found to be: Known bad.
Malicious Activity Summary
UPX dump on OEP (original entry point)
UPX dump on OEP (original entry point)
Detects executables containing possible sandbox analysis VM usernames
UPX packed file
Reads user/profile data of web browsers
Checks computer location settings
Enumerates connected drives
Adds Run key to start application
Drops file in System32 directory
Drops file in Windows directory
Drops file in Program Files directory
Unsigned PE
Enumerates physical storage devices
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-06 21:55
Signatures
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-06 21:55
Reported
2024-04-06 21:58
Platform
win7-20240215-en
Max time kernel
150s
Max time network
149s
Command Line
Signatures
Detects executables containing possible sandbox analysis VM usernames
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\config\systemprofile\action girls stockings .mpg.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\french animal [milf] latex .rar.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\nude fetish voyeur .zip.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\african handjob trambling sleeping feet pregnant .rar.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\british gang bang big mature .rar.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\shared\beast lingerie masturbation mature (Kathrin).avi.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Windows\System32\LogFiles\Fax\Incoming\xxx action full movie lady .rar.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\spanish animal fetish licking mature .zip.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\swedish kicking beastiality several models hole shoes .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\shared\german lingerie lesbian hole boots .zip.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\french kicking fetish big shoes .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\action several models femdom .mpg.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\italian action beast sleeping .avi.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\cumshot public shower .zip.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\microsoft shared\danish cum gang bang uncut sm .mpg.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Program Files\DVD Maker\Shared\cum horse [bangbus] bondage .zip.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\german horse hot (!) boobs high heels .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\french fucking full movie balls .zip.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\Download\cumshot big swallow (Britney).mpg.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\indian cumshot bukkake [bangbus] shower .mpg.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\russian nude hidden femdom (Ashley,Kathrin).rar.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\chinese lingerie licking young (Curtney,Sonja).avi.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Program Files\Windows Journal\Templates\american horse [bangbus] YEâPSè& .mpg.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Shared Gadgets\swedish kicking hot (!) pregnant .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\xxx nude hidden traffic (Liz).zip.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\ServiceProfiles\LocalService\Downloads\horse kicking uncut .mpg.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_515dc677700303ec\japanese porn public balls .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\indian fucking hot (!) titts hotel .avi.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0ac4ebfc358e5ec0\french bukkake several models hairy (Anniston).rar.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ad7c61fb28607522\action public high heels (Melissa).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_f0ca3430257ea13f\spanish gang bang full movie leather .mpg.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\norwegian nude lesbian blondie .zip.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Windows\winsxs\Temp\gang bang sleeping shoes .zip.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_6208b91f46896156\gay handjob full movie vagina .zip.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\Downloads\canadian gang bang action several models ash .avi.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0993a1b8823a4e79\action lesbian ejaculation .mpg.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_387a16fe7addf3b6\african trambling public boots .rar.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\black cum fetish girls vagina mature (Karin,Jenna).zip.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8bc7919d3f36cee7\chinese cumshot hot (!) stockings .rar.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_6.1.7600.16385_none_af6f98ff87b0e3cc\malaysia sperm catfight shower .rar.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_39374e2435a71b47\handjob cumshot several models glans 40+ .rar.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_963e6ae24c653bfe\beast gay girls legs lady (Kathrin).zip.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_dd18b2a07d49aa11\brasilian gay hardcore several models hole girly (Liz,Sonja).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\swedish handjob bukkake [free] pregnant .rar.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\fucking girls .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_60a2cbbf935c42b4\indian handjob voyeur (Liz,Sylvia).mpg.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-m..-temptable-provider_31bf3856ad364e35_6.1.7600.16385_none_1dd3ce8d1e7524cd\trambling hot (!) .avi.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\asian trambling uncut (Kathrin,Melissa).zip.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8d9f242de8497d58\spanish beastiality lingerie [milf] wifey .zip.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_bacc7ceffc55dca2\brasilian horse voyeur .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ac16749b75335680\norwegian gay uncut nipples shower .rar.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8c6fc5a7aa8c435d\french animal cum hot (!) hole redhair .rar.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_94ab98ac6d213009\spanish cum girls mature (Britney).zip.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_6f0f7833cb71e18d\canadian handjob cumshot lesbian legs (Sylvia).mpg.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_3d98a610fed70b75\spanish cum catfight ash (Sylvia).zip.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_97a45841ff925aa0\french lingerie bukkake girls sweet (Janette).mpg.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_b7f38afb92de484f\american fetish catfight penetration .avi.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_4fe2107fd06efdd8\asian nude kicking licking traffic .mpg.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_6.1.7600.16385_none_6377027f0030a06a\kicking gay catfight cock .avi.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Windows\PLA\Templates\asian hardcore xxx catfight hole beautyfull (Tatjana,Tatjana).rar.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\tyrkish lesbian big (Sonja,Curtney).rar.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\tyrkish cum gang bang girls hole .zip.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_d81c96999f75bd77\brasilian trambling cumshot girls boots .zip.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_00225053e03f4c04\norwegian cum blowjob uncut granny .mpg.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Windows\winsxs\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_6b16fa9f975e1109\hardcore trambling public hairy .rar.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_f3c374fc18118ca2\german beast beastiality public legs bedroom .rar.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\danish porn cumshot sleeping cock .zip.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\german lesbian fucking licking .mpg.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\chinese xxx [bangbus] leather .zip.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\french handjob nude sleeping ash .avi.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Windows\Downloaded Program Files\german lingerie several models titts sweet (Anniston,Jenna).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_bcc167434bb9b3ea\porn horse [milf] nipples ejaculation (Anniston).avi.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8bfc34b93f0fdd42\french lingerie public (Anniston).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_39c9d74ef2ad6c7b\animal kicking big (Tatjana,Anniston).mpg.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\african horse horse masturbation .rar.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_7f84cd98a7a56fd8\chinese fucking animal full movie ìï .zip.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5d9f7d70ed4643fd\indian horse handjob sleeping ash shower .mpg.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e30b5ec05031d17d\black action hot (!) .mpg.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_16a2bb1dbab1c595\animal hot (!) .mpg.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_657d9a203abeb154\brasilian beastiality nude full movie .mpg.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_aedaf3947d09fbe5\horse animal licking girly .rar.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_6.1.7600.16385_none_2958d4a31d2ec64f\norwegian porn beast catfight .rar.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_cd2006602e5ee22e\american bukkake catfight hole shoes .avi.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Windows\assembly\tmp\fetish [bangbus] .zip.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_94828572f7ddbf0f\french horse catfight (Sonja,Sandy).mpg.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ea4a469ab7713182\black blowjob fetish [free] feet balls .zip.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Windows\winsxs\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_79642285ffd2a388\black hardcore licking nipples sweet .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_aea650787d30ed8a\japanese fucking licking ash .rar.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_4d274741486b900c\malaysia cumshot big hole .mpg.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe
"C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe"
C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe
"C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe"
C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe
"C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 30.229.166.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.46.250.70.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.218.115.232.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.180.100.166.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 7.195.116.116.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 102.136.248.180.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.238.203.68.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 128.148.137.208.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 253.17.160.251.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.199.60.214.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.247.124.47.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 246.106.179.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.46.42.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.204.168.120.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.194.177.32.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.250.188.161.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.9.206.107.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.26.23.205.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.90.152.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 60.28.7.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.248.214.207.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.136.237.28.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.96.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.144.68.130.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 207.197.197.5.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.202.50.71.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.71.77.61.in-addr.arpa | udp |
Files
memory/2824-0-0x0000000000400000-0x000000000041E000-memory.dmp
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\xxx nude hidden traffic (Liz).zip.exe
| MD5 | a91b962a08ba061f0e58821780a6e872 |
| SHA1 | 4f09afeaf42f53005cd8bad08217d5dea5eba83a |
| SHA256 | 5af5d0e87d8a5c0fe64b1684440a1b8b93421b532ab05bb15b0aa77954b64d14 |
| SHA512 | 7659e51f031ebc3fd1228686fa9481c6969ee9fee8dd717e5debb1e9e46bcdb0f261a8c8cdafb31892c02d3efdf23a4a07304f95a19c78255de460f582acc9b2 |
memory/2824-54-0x0000000004A80000-0x0000000004A9E000-memory.dmp
memory/2720-55-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2720-90-0x0000000004CD0000-0x0000000004CEE000-memory.dmp
memory/2796-91-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2824-93-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2720-96-0x0000000000400000-0x000000000041E000-memory.dmp
C:\debug.txt
| MD5 | cb89894aef935149396880e4bb0c257f |
| SHA1 | 29beda90452a867122654b09d0e00f35504575f5 |
| SHA256 | eeda800099b87f04a262602d615fa49516515b1697405982c8cc3f6130df7d85 |
| SHA512 | a750e423892536b9ad5f698f05caffd01c28f285fbb71fa86af290f529838e4a90ff964e6a6a858ef879c75e42cfe753c1471d91c59f011d1228ac59e2e64e3c |
memory/2796-105-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2824-106-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2824-107-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2824-109-0x0000000004A80000-0x0000000004A9E000-memory.dmp
memory/2720-110-0x0000000004CD0000-0x0000000004CEE000-memory.dmp
memory/2824-112-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2824-115-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2824-118-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2824-123-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2824-126-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2824-129-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2824-132-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2824-135-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2824-138-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2824-141-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2824-144-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2824-147-0x0000000000400000-0x000000000041E000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-06 21:55
Reported
2024-04-06 21:59
Platform
win10v2004-20240226-en
Max time kernel
164s
Max time network
158s
Command Line
Signatures
Detects executables containing possible sandbox analysis VM usernames
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\lingerie [bangbus] .rar.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\trambling girls .rar.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\xxx full movie traffic .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\american porn xxx licking hotel (Anniston,Tatjana).avi.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\american beastiality sperm catfight glans castration (Liz).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\SHARED\russian porn xxx hidden YEâPSè& .rar.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\danish kicking gay [milf] .avi.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\SHARED\tyrkish handjob sperm [free] 40+ .avi.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Windows\System32\LogFiles\Fax\Incoming\horse lesbian .avi.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\tyrkish beastiality fucking masturbation femdom .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\indian horse trambling hot (!) .mpg.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\american horse trambling girls (Melissa).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\Common Files\microsoft shared\lingerie public .avi.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Templates\bukkake [milf] swallow .avi.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\japanese nude blowjob licking .avi.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\russian handjob bukkake hot (!) cock wifey (Jade).rar.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Program Files\Microsoft Office\Updates\Download\trambling hot (!) titts .mpg.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Shared Gadgets\swedish kicking lingerie uncut .mpg.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\russian fetish blowjob full movie .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\lesbian public titts .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\fucking licking (Curtney).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\japanese horse blowjob [free] feet .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Program Files\dotnet\shared\brasilian beastiality beast sleeping titts femdom (Sarah).zip.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\cum trambling licking cock gorgeoushorny .mpg.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Microsoft Shared\american fetish bukkake hidden penetration .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\american horse hardcore several models glans bedroom .zip.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\hardcore lesbian balls .zip.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\russian beastiality sperm licking cock wifey .mpg.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\Download\gay licking feet granny (Tatjana).zip.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\indian porn xxx [free] femdom .zip.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.1_none_a80cea873b2a6772\indian action horse several models gorgeoushorny .zip.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..se-shared-datafiles_31bf3856ad364e35_10.0.19041.1_none_2f5f00d280dce9f6\japanese porn sperm public glans traffic (Melissa).mpg.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\russian handjob xxx hot (!) (Curtney).avi.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\horse girls mature .zip.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Windows\Downloaded Program Files\indian cumshot horse masturbation latex .mpg.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\sperm hidden feet ¤ç (Melissa).mpg.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\russian animal hardcore uncut feet ΋ (Sylvia).avi.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_1bbb9ab9fc52bac9\british sperm sleeping titts .rar.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_it-it_4c5922428a6f2d08\spanish hardcore big cock (Ashley,Janette).rar.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1288_none_ca3007304990b2ea\tyrkish action fucking lesbian shoes .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_5d54c0aac5c3c12c\german horse [milf] glans .mpg.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..s-ime-eashared-ihds_31bf3856ad364e35_10.0.19041.1_none_e8996b7d3512363f\asian blowjob girls feet .rar.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Windows\security\templates\danish porn hardcore [bangbus] ejaculation .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\indian cumshot beast full movie sm .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Windows\SoftwareDistribution\Download\lingerie masturbation hotel .avi.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\templates\american kicking beast public feet redhair (Janette).avi.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.928_none_33e0d5558cdd7c61\black horse hardcore sleeping cock (Ashley,Tatjana).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_cb389cf57d74d691\brasilian animal xxx several models bedroom .mpg.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_62312bfbb33d478a\german lingerie full movie .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Windows\PLA\Templates\gay uncut feet beautyfull .rar.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\norwegian lingerie [milf] (Liz).zip.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-a..gement-uevtemplates_31bf3856ad364e35_10.0.19041.1_none_0d66b54875835a49\danish action gay public traffic .rar.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..ces-ime-eashared-lm_31bf3856ad364e35_10.0.19041.1_none_3d0229d17c310f10\japanese porn horse voyeur titts .avi.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_57eddd48e7a74274\brasilian cum gay hidden blondie .rar.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_ee7ea14f7d8a3ee3\chinese blowjob hot (!) redhair .mpg.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_f3b35d713ce0fc7f\lesbian sleeping feet traffic (Jade).rar.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.572_none_cf90e12518baac85\canadian beast [free] fishy .rar.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\asian gay full movie feet sm (Janette).zip.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Windows\SystemResources\Windows.UI.ShellCommon\SharePickerUI\horse masturbation blondie .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_215194e2327a46ac\malaysia trambling [bangbus] .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5021dd18efc0460c\nude lingerie big glans femdom .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_de-de_881b257d159a5de8\beastiality beast [free] circumcision .rar.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_10.0.19041.1_none_de1581e9a275faf8\trambling [milf] titts .rar.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.964_none_1c1a193f5bfcf136\kicking lingerie girls gorgeoushorny .mpg.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\Downloads\indian handjob beast [bangbus] glans .mpg.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_it-it_bdb6c49fcea35732\american animal xxx girls latex .avi.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_4c786ae2f508e6d5\french fucking lesbian .mpg.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.746_none_d01527cffa9c25bc\gay big circumcision .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1202_none_d8a1416ab7cccdcf\italian cumshot blowjob [free] (Sylvia).zip.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Windows\assembly\tmp\trambling several models cock (Sonja,Tatjana).rar.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Windows\CbsTemp\tyrkish kicking sperm several models .rar.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\black beastiality horse public feet young (Sylvia).mpg.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Windows\SystemResources\Windows.ShellCommon.SharedResources\swedish nude trambling catfight (Jade).mpg.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.867_en-us_49453482f1fb5356\chinese bukkake catfight hole .mpg.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.746_none_2212358fc33cc10f\cum xxx [milf] (Jade).mpg.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_19d22204a1f3fcaf\animal gay sleeping glans Ôï .mpg.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Windows\mssrv.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\tyrkish action horse [milf] titts fishy .avi.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\templates\lingerie girls glans .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_es-es_30d7585a049f5b52\xxx big glans redhair .mpg.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.789_en-us_58ebf9ecc407e3c0\german blowjob full movie (Jade).avi.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_bfae5918c0443f83\british horse [milf] .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_211cf1c632a13851\gang bang xxx catfight hole gorgeoushorny .avi.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.844_none_67b5915b5651dd8a\brasilian gang bang lingerie full movie titts pregnant .avi.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_855aff45853749ef\fucking full movie leather .rar.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.867_none_c29826784f9429f8\italian beastiality blowjob hot (!) .mpg.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.1_none_a7ad1894592cfa12\lesbian girls hotel (Sonja,Liz).avi.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_f07d4fae3e8e883f\blowjob catfight .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1_none_3cfd44d351b1a8ab\horse fucking voyeur shoes .mpg.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Windows\assembly\temp\japanese cumshot xxx public boots .avi.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\russian cumshot horse catfight (Karin).mpg.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_adfc5e0bfca53431\beastiality sperm several models (Jade).zip.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_en-us_310bfb76047869ad\italian cumshot bukkake [free] bondage .avi.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_621728fcd3c9d5f6\canadian lingerie public mistress .avi.exe | C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe
"C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe"
C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe
"C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe"
C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe
"C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe"
C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe
"C:\Users\Admin\AppData\Local\Temp\69a01a503edbf8c251c09e0ee928547aff40eb6751ef0fea3c69b88d2bbda325.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.71.91.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.24.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.73.42.20.in-addr.arpa | udp |
Files
memory/3204-0-0x0000000000400000-0x000000000041E000-memory.dmp
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\japanese nude blowjob licking .avi.exe
| MD5 | a0b1a631f61fa240432fc51d95b23bda |
| SHA1 | 55b79d42584b3e1ff7ddbd33787a6e33196b5a03 |
| SHA256 | b78c59846c041aa8776a000d83eb79841e1bab4d918a12206e82dab6ebd45ad6 |
| SHA512 | f0d96cf265a6c4b8fcb6db14faab29388c47b8fe968b27d1e605481f9bbd65b4d83e0b9b4d8c14dd5b8d52530de54b1ef85643342b7e272972d0c71dbe9ddc07 |
memory/2488-11-0x0000000000400000-0x000000000041E000-memory.dmp
memory/3016-17-0x0000000000400000-0x000000000041E000-memory.dmp
memory/3204-18-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2488-34-0x0000000000400000-0x000000000041E000-memory.dmp
memory/3016-70-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2940-71-0x0000000000400000-0x000000000041E000-memory.dmp
memory/3204-75-0x0000000000400000-0x000000000041E000-memory.dmp
memory/3204-76-0x0000000000400000-0x000000000041E000-memory.dmp
memory/3204-159-0x0000000000400000-0x000000000041E000-memory.dmp
memory/3204-164-0x0000000000400000-0x000000000041E000-memory.dmp
memory/3204-168-0x0000000000400000-0x000000000041E000-memory.dmp
memory/3204-188-0x0000000000400000-0x000000000041E000-memory.dmp
memory/3204-209-0x0000000000400000-0x000000000041E000-memory.dmp
memory/3204-213-0x0000000000400000-0x000000000041E000-memory.dmp
memory/3204-217-0x0000000000400000-0x000000000041E000-memory.dmp