Analysis Overview
SHA256
69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456
Threat Level: Known bad
The file 69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456 was found to be: Known bad.
Malicious Activity Summary
Detects executables containing possible sandbox analysis VM usernames
Detects executables containing possible sandbox analysis VM usernames
Reads user/profile data of web browsers
Checks computer location settings
Adds Run key to start application
Enumerates connected drives
Drops file in System32 directory
Drops file in Program Files directory
Drops file in Windows directory
Enumerates physical storage devices
Unsigned PE
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-06 21:55
Signatures
Detects executables containing possible sandbox analysis VM usernames
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-06 21:55
Reported
2024-04-06 21:58
Platform
win10v2004-20240319-en
Max time kernel
150s
Max time network
156s
Command Line
Signatures
Detects executables containing possible sandbox analysis VM usernames
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\IME\SHARED\french fetish several models stockings .zip.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\canadian fetish sleeping blondie .rar.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\indian lesbian hardcore [bangbus] nipples (Jenna,Sarah).zip.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\porn catfight nipples 40+ (Britney).avi.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\gay horse big boots .zip.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\handjob horse several models (Samantha,Sandy).avi.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\chinese kicking masturbation bondage .zip.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\american animal hot (!) .avi.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\SHARED\porn catfight nipples gorgeoushorny .avi.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\canadian fetish cumshot masturbation .rar.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\russian hardcore kicking sleeping high heels (Anniston,Jenna).avi.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Windows\System32\LogFiles\Fax\Incoming\italian porn full movie .rar.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\dotnet\shared\horse fetish [bangbus] bondage (Anniston,Christine).mpg.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\xxx animal uncut bedroom .mpg.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\sperm lingerie lesbian .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Shared Gadgets\fetish nude [milf] ash .avi.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\italian cumshot big glans (Tatjana,Sarah).rar.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\sperm big granny .rar.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Install\{D3EA2F86-0081-495C-8439-1E64CA71F999}\EDGEMITMP_57EE5.tmp\fetish big (Sarah,Gina).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\horse lingerie several models 50+ .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\german bukkake masturbation .zip.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Templates\nude horse masturbation stockings (Sonja,Karin).avi.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\british bukkake cum full movie bondage .avi.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\danish action girls lady .avi.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Microsoft Shared\american handjob beastiality big vagina girly (Kathrin,Jade).avi.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\Download\american lesbian horse masturbation sweet .avi.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Program Files\Microsoft Office\Updates\Download\tyrkish gang bang [free] (Karin).rar.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\horse girls mature .rar.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\black lingerie big cock .mpg.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\brasilian kicking big circumcision (Jenna,Sonja).zip.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\animal voyeur (Jenna).avi.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d38ece58f77171b4\brasilian trambling horse girls feet leather .mpg.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_ab42fb092bda9182\brasilian beast masturbation nipples ejaculation .mpg.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_ca03036af4a5017e\lesbian gay full movie swallow (Anniston).avi.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-m..ineshared.resources_31bf3856ad364e35_10.0.19041.1_en-us_99ddc8ce8d3d6dac\black horse voyeur glans .zip.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_2fe79eae2833b9b1\african animal [free] .rar.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-u..ell-sharedutilities_31bf3856ad364e35_10.0.19041.1_none_813610a8a9b59e0a\asian action lesbian traffic (Sonja,Samantha).avi.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_10.0.19041.1_none_01240756137c3159\fetish sleeping wifey .zip.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_it-it_1a80ce63d483fe70\cumshot animal masturbation titts wifey .avi.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_es-es_c9ce604ef4cbf323\hardcore xxx uncut feet .mpg.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_6c85d64de79e0985\kicking masturbation wifey .rar.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_621728fcd3c9d5f6\malaysia xxx nude sleeping .zip.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_10.0.19041.1_none_965fbcbe4df0916b\xxx kicking hot (!) glans boots .rar.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.1_none_7862ecae0548fb54\indian animal action hot (!) .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\kicking public (Sylvia).zip.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\Downloads\sperm animal lesbian .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_it-it_bdb6c49fcea35732\swedish nude fucking big .mpg.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.153_none_e23c926e32d07dc1\cum fetish several models .mpg.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Windows\CbsTemp\norwegian animal gang bang full movie hotel .rar.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\black cumshot several models black hairunshaved .zip.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.746_none_d01527cffa9c25bc\brasilian fucking hidden .zip.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_es-es_bf79b5fcc06b3128\porn lesbian uncut (Gina).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.1266_none_7916f7558927ae23\asian xxx [milf] Ôï (Liz).avi.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.1_none_abfc9db6c377b91f\trambling voyeur .rar.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1288_none_56c05939711f0938\chinese bukkake hot (!) titts bedroom (Gina).zip.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedrealitysvc_31bf3856ad364e35_10.0.19041.1_none_5a23b464e1e0b15e\brasilian porn cum masturbation gorgeoushorny .avi.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_10.0.19041.1_none_4ac6500cab2b2113\beast sleeping .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-w..acejoin-gptemplates_31bf3856ad364e35_10.0.19041.1_none_609f27436445f4da\spanish beast blowjob licking .avi.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx-aspnet-sharedcomponents_b03f5f7f11d50a3a_4.0.19041.1_none_47ca94859da20b28\lesbian horse lesbian YEâPSè& (Jade).avi.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\japanese fetish big .zip.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_f3b35d713ce0fc7f\nude [milf] .rar.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_10.0.19041.207_none_e2f2dfeea7fa44fc\malaysia hardcore girls vagina 50+ .avi.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_f8d34ba1b1eb00de\malaysia lesbian [free] .avi.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_f07d4fae3e8e883f\fucking masturbation castration (Jenna).mpg.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_e79b400a6df5fd2c\italian action [milf] glans beautyfull (Britney).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\trambling several models femdom .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.867_en-us_49453482f1fb5356\porn lingerie [free] granny .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1_none_97e9c0335b4cd39a\blowjob lingerie uncut stockings .avi.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1_none_a23e6a858fad9595\action public hole wifey .mpg.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-a..gement-uevtemplates_31bf3856ad364e35_10.0.19041.1_none_0d66b54875835a49\indian nude public circumcision .rar.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.844_none_67b5915b5651dd8a\american sperm fetish hot (!) YEâPSè& .avi.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_19d22204a1f3fcaf\norwegian lingerie beastiality [bangbus] .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_en-us_64f5aaf4bb13ecef\british handjob cum several models vagina (Kathrin).avi.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-u..tyvm-sysprep-shared_31bf3856ad364e35_10.0.19041.1_none_3ba048793ab5eb3f\beastiality full movie .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-security-ntlmshared_31bf3856ad364e35_10.0.19041.1_none_7d9dab4e456449b1\french gang bang [bangbus] hotel .zip.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Windows\WinSxS\x86_microsoft-windows-m..-temptable-provider_31bf3856ad364e35_10.0.19041.1_none_77cfea69a421a4a1\spanish action licking boobs Ôï .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Windows\Downloaded Program Files\chinese kicking uncut ìó .zip.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1151_none_fbdc4c5f677dc2ec\canadian beast [milf] .zip.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\british bukkake porn girls hole .mpg.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.1_none_4a03fd12cb3f16c2\indian trambling cumshot voyeur .mpg.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_2610450c30b37cc4\lesbian sleeping ash (Sarah,Samantha).rar.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Windows\SystemResources\Windows.ShellCommon.SharedResources\cumshot voyeur .zip.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_it-it_72a319bf8ee74a9b\german horse big nipples stockings .mpg.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx4-installsqlstatetemplate_sql_b03f5f7f11d50a3a_4.0.15805.0_none_7636d1cd418015c8\horse nude hidden bondage .rar.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\chinese beast public granny .mpg.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..ces-ime-eashared-lm_31bf3856ad364e35_10.0.19041.1_none_3d0229d17c310f10\trambling sleeping pregnant .avi.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Windows\WinSxS\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_10.0.19041.1_none_a723631dce180fe0\gang bang voyeur .rar.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\canadian beastiality catfight .rar.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_10.0.19041.1_none_359f84f8e5af60e2\chinese fucking lesbian stockings (Liz,Ashley).zip.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.1_none_d12f2a9a88909fc2\kicking hidden boobs (Curtney).mpg.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Windows\WinSxS\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_10.0.19041.1_none_4ab14109a3e1e067\french xxx voyeur ash mistress .rar.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c3d467c525734eb3\indian cum gang bang public .avi.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\beastiality catfight .zip.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_es-es_8da1621e0a800290\italian horse uncut .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.789_en-us_58ebf9ecc407e3c0\lesbian handjob licking (Sandy,Curtney).mpg.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe
"C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe"
C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe
"C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe"
C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe
"C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe"
C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe
"C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4480 --field-trial-handle=2292,i,2927097380497635931,2014459809064723663,262144 --variations-seed-version /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 26.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.154.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.2.37.23.in-addr.arpa | udp |
| NL | 142.250.179.138:443 | tcp | |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| GB | 172.165.61.93:443 | tcp | |
| IE | 94.245.104.56:443 | tcp | |
| GB | 51.140.244.186:443 | tcp | |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.71.91.104.in-addr.arpa | udp |
| US | 13.107.246.64:443 | tcp | |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 251.33.61.39.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.150.18.220.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 201.57.32.158.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.22.27.224.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.27.251.107.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.41.133.33.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.185.173.122.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 213.250.15.117.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 60.85.65.239.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 243.50.73.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.189.149.106.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.238.110.82.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 159.214.173.247.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.252.198.86.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.15.196.156.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 207.182.46.106.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 102.24.177.60.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.45.140.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.20.145.148.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.55.221.165.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 177.33.189.61.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.131.42.5.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 128.42.183.137.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.182.64.238.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 235.83.40.86.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 190.189.28.110.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 160.13.111.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.56.71.11.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.138.45.218.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 128.91.106.161.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.251.188.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.177.94.145.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.155.73.1.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.246.108.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.197.112.76.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 244.106.18.129.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.73.42.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 148.33.131.186.in-addr.arpa | udp |
Files
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\xxx animal uncut bedroom .mpg.exe
| MD5 | 90154a61293c1a3eb14e25937c895f22 |
| SHA1 | 35c125877617a14b628a24697e96a68bf4716249 |
| SHA256 | 5ec28da1367154e6a4dd63ddb3bb0a1a5a80d682984a6ebbb4d3bed8e3e7f65d |
| SHA512 | 83c54b1619299fa134e9927c12d41b5654b96af88885b8109765b2531791de6491bc408a3cfd050db2223d692791d10ccf8315175b85c85830b873d3b3319642 |
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-06 21:55
Reported
2024-04-06 21:58
Platform
win7-20240221-en
Max time kernel
150s
Max time network
146s
Command Line
Signatures
Detects executables containing possible sandbox analysis VM usernames
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\FxsTmp\italian fetish xxx public .avi.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\black action bukkake voyeur cock .avi.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\indian porn lingerie [bangbus] bondage .mpg.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\italian cumshot lingerie masturbation glans femdom (Sarah).zip.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\beast voyeur granny .avi.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\japanese cum sperm full movie glans castration .avi.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\swedish animal gay voyeur swallow .rar.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\shared\trambling masturbation feet leather .zip.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Windows\System32\LogFiles\Fax\Incoming\hardcore masturbation .avi.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\shared\tyrkish porn fucking several models hairy .zip.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\DVD Maker\Shared\lingerie hidden .zip.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\Download\lesbian big .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\american horse blowjob [milf] .avi.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\tyrkish porn fucking hot (!) glans redhair (Janette).avi.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Program Files\Windows Journal\Templates\black cum sperm full movie cock .rar.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\indian fetish hardcore hidden hole bedroom (Sarah).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\hardcore big circumcision .zip.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\blowjob masturbation traffic (Kathrin,Curtney).zip.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\bukkake [bangbus] feet .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Shared Gadgets\fucking uncut hole .avi.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\trambling several models .rar.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\lingerie several models (Sylvia).mpg.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\japanese nude lesbian uncut femdom .avi.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\black action horse [milf] sm .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\microsoft shared\swedish porn gay licking cock mature .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_aea650787d30ed8a\asian horse lesbian glans sweet (Sarah).rar.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\hardcore public hole high heels .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_657d9a203abeb154\african lingerie hot (!) .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8bfc34b93f0fdd42\nude bukkake public girly (Sandy,Melissa).mpg.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ad7c61fb28607522\american action blowjob catfight titts .zip.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\indian porn beast [bangbus] circumcision (Christine,Sylvia).zip.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\russian porn hardcore masturbation mistress .avi.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_d81c96999f75bd77\cumshot sperm lesbian cock hotel (Sarah).avi.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_it-it_18a6fde3093acac7\african blowjob girls glans pregnant (Tatjana).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_60c2504d62fd4f0e\norwegian fucking big (Sarah).rar.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_a945e2c500c90142\beastiality horse masturbation balls .rar.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\beast sleeping titts (Kathrin,Jade).mpg.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\brasilian animal lingerie catfight pregnant .avi.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5d9f7d70ed4643fd\chinese fucking full movie mature .zip.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_ddab3bcb3a4ffb45\lesbian [bangbus] hole fishy .zip.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Windows\PLA\Templates\tyrkish animal lingerie public ejaculation .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_6f0f7833cb71e18d\gang bang gay masturbation (Jade).avi.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Windows\winsxs\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_6b16fa9f975e1109\brasilian cum blowjob girls granny .rar.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_cd2006602e5ee22e\horse hardcore hot (!) glans traffic .zip.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ac16749b75335680\beastiality lesbian hot (!) granny (Anniston,Curtney).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Windows\mssrv.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Windows\security\templates\fucking hot (!) (Samantha).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\indian handjob gay lesbian hole sweet .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_39c9d74ef2ad6c7b\beastiality fucking big feet traffic .avi.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\italian handjob fucking licking fishy .avi.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_6.1.7600.16385_none_6377027f0030a06a\lingerie [bangbus] cock (Anniston,Sarah).rar.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_6.1.7600.16385_none_49dd84a06c7c8863\animal sperm several models cock .rar.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_6.1.7600.16385_none_a727eb798dcfb185\fetish bukkake full movie hole castration (Sarah).mpg.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_60a2cbbf935c42b4\kicking bukkake catfight .rar.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_5e4ff1f4cf2dee9b\kicking horse several models hole ìï .rar.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e30b5ec05031d17d\indian handjob fucking full movie (Melissa).zip.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_6.1.7600.16385_none_5499606faffb3f9f\asian hardcore [milf] hole femdom .mpg.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_6208b91f46896156\british xxx uncut feet latex .rar.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_97a45841ff925aa0\xxx public hole (Sonja,Melissa).avi.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_d8216ed3d8746200\handjob blowjob girls hole penetration .rar.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\lesbian big .avi.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\russian nude blowjob big hairy .rar.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Windows\assembly\temp\trambling sleeping bedroom .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_6.1.7600.16385_none_2958d4a31d2ec64f\asian fucking girls feet (Sandy,Samantha).mpg.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\russian cum sperm full movie hole 50+ .rar.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\beast uncut glans young .rar.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_293ea1e3e6bc5364\cum lingerie full movie stockings .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_94828572f7ddbf0f\tyrkish fetish bukkake big glans shower (Samantha).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Windows\winsxs\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_79642285ffd2a388\american beastiality gay several models sm .zip.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\russian gang bang xxx lesbian titts boots .mpg.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_f27c4f066f5c6701\fetish fucking public hairy (Jenna,Liz).zip.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f25d066604c2ad34\spanish bukkake full movie cock .rar.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_515dc677700303ec\handjob fucking hot (!) fishy .avi.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_4d274741486b900c\porn lingerie hot (!) .avi.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\bukkake uncut circumcision (Christine,Liz).mpg.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_39374e2435a71b47\german blowjob uncut (Curtney).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Windows\winsxs\InstallTemp\chinese blowjob [bangbus] sweet .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_f3c374fc18118ca2\nude blowjob hot (!) (Samantha).mpg.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_7bfdfb15e7184c41\asian xxx [free] glans young (Sylvia).zip.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_aedaf3947d09fbe5\malaysia horse hot (!) feet ash .rar.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\bukkake [milf] .mpg.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_dba3691c6002e10e\tyrkish gang bang bukkake hot (!) fishy (Kathrin,Samantha).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_963e6ae24c653bfe\animal fucking [milf] cock black hairunshaved .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_387a16fe7addf3b6\asian fucking [milf] blondie .zip.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_94ab98ac6d213009\blowjob catfight bedroom (Anniston,Tatjana).avi.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\xxx [free] hotel .rar.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\russian action bukkake voyeur .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a3772de7111797da\brasilian gang bang beast [milf] feet shower (Jade).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_6.1.7600.16385_none_af6f98ff87b0e3cc\norwegian beast [milf] black hairunshaved .mpg.exe | C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe
"C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe"
C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe
"C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe"
C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe
"C:\Users\Admin\AppData\Local\Temp\69b5b243de762aa8f31b3a5de880576143985eb0c69e10b63e0c2d8cbf139456.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 254.28.125.237.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 244.134.41.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.33.135.155.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.79.134.50.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.21.254.32.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.70.235.80.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.223.211.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 120.248.13.127.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.234.238.105.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 243.11.183.237.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.141.81.135.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 215.91.122.153.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.238.90.237.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.64.137.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.42.114.251.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.125.118.121.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.126.114.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 151.214.98.169.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.227.193.30.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.196.89.53.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 170.205.184.123.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.52.210.247.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 250.230.215.14.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.9.143.86.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 159.37.219.90.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.53.185.241.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.176.181.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 186.252.14.188.in-addr.arpa | udp |
Files
C:\Program Files\Windows Sidebar\Shared Gadgets\fucking uncut hole .avi.exe
| MD5 | 7d5e4fc57582d3a61f14c4d6445c27b6 |
| SHA1 | bd2d06972dc95aa0d39e0dea8b5d27f4bbbb27a0 |
| SHA256 | 576e74fb4b303ec80ac1f9008edd08ad340b7374cee1746377a97dddc754ec93 |
| SHA512 | c12246f18698c1f67d39a5720108ed0fa0bb66c8d2265866b983eb090d40a388ff325ca225ddcb60de1efbd3ced279282764b782a57bacfda24465983ecc63c5 |
C:\debug.txt
| MD5 | d2733faed99a00ac4ab804f97eaa728c |
| SHA1 | 494d6ff3faddc515c72660a641a2b8d2e33f87c4 |
| SHA256 | f22456c001d754b925cec4f7d329d108dc3bcbd2535900f7ab130d727e9d19ce |
| SHA512 | efa53d1e33090e6bb7fe4b1732be4d1b240f7d1193a045ab3c84030ccd7d129af317b6388b9bd2201b2f9dde91afdcc65502e22793d8bd04ea2c51696c524daf |