Analysis Overview
SHA256
76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733
Threat Level: Known bad
The file 76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733 was found to be: Known bad.
Malicious Activity Summary
UPX dump on OEP (original entry point)
Detects executables containing possible sandbox analysis VM usernames
UPX dump on OEP (original entry point)
UPX packed file
Reads user/profile data of web browsers
Checks computer location settings
Enumerates connected drives
Adds Run key to start application
Drops file in System32 directory
Drops file in Program Files directory
Drops file in Windows directory
Unsigned PE
Enumerates physical storage devices
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-06 22:26
Signatures
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-06 22:26
Reported
2024-04-06 22:29
Platform
win10v2004-20231215-en
Max time kernel
150s
Max time network
150s
Command Line
Signatures
Detects executables containing possible sandbox analysis VM usernames
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\IME\SHARED\brasilian horse horse girls (Tatjana).rar.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\russian porn fucking hot (!) titts castration (Sylvia).zip.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\brasilian handjob sperm public redhair .zip.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\SHARED\black action lesbian voyeur ash .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\danish cum gay licking shower .zip.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\hardcore hidden fishy .zip.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\indian nude lesbian [free] .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\russian action gay masturbation fishy .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Windows\System32\LogFiles\Fax\Incoming\japanese animal sperm uncut YEâPSè& .rar.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\tyrkish horse xxx [free] (Melissa).avi.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\blowjob sleeping balls .mpg.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\indian handjob hardcore hidden titts .mpg.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\Microsoft Office\root\Templates\danish action trambling [free] swallow .zip.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\black fetish blowjob full movie hole redhair (Janette).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\horse sleeping (Melissa).rar.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Program Files\dotnet\shared\lingerie uncut titts .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\black cumshot sperm masturbation .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Shared Gadgets\american handjob blowjob full movie latex .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\indian porn fucking big glans traffic (Liz).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\bukkake full movie feet ash (Melissa).avi.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Microsoft Shared\brasilian nude lingerie hot (!) cock .avi.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\american gang bang xxx catfight .zip.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\swedish beastiality beast sleeping feet latex .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\sperm full movie hole 40+ .avi.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\Download\fucking lesbian (Curtney).zip.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\trambling lesbian .avi.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Program Files\Microsoft Office\Updates\Download\gay licking titts 50+ (Janette).mpg.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\african bukkake hot (!) .mpg.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\swedish porn horse sleeping .rar.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\horse lesbian cock 50+ (Sylvia).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.964_none_1c1a193f5bfcf136\german lingerie catfight swallow .mpg.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_bca64d70c79f104b\japanese handjob blowjob voyeur feet .rar.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_833abdc06c68d338\norwegian beast hot (!) swallow .mpg.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_10.0.19041.207_none_e2f2dfeea7fa44fc\african gay big .avi.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedpc-sharedpccsp_31bf3856ad364e35_10.0.19041.1_none_24f622f1fc5a3f3c\african gay big titts lady .rar.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_fe0807c37141be7a\handjob horse girls .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\trambling hot (!) glans bedroom .rar.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-t..ervices-tsfairshare_31bf3856ad364e35_10.0.19041.1_none_e32b64807ab11fd2\lingerie girls gorgeoushorny .avi.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.1_none_b201c2e68d8dbc0d\sperm masturbation cock balls .avi.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1_none_a23e6a858fad9595\beast hot (!) .rar.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_de-de_881b257d159a5de8\bukkake voyeur hole mistress (Liz).zip.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.867_none_c29826784f9429f8\black beastiality beast masturbation granny .mpg.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-s..-kf-commondownloads_31bf3856ad364e35_10.0.19041.1_none_a914e3e3f19ceda1\african gay girls (Karin).mpg.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.84_none_c494b3b28da10665\italian porn hardcore hidden redhair .mpg.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_3a3c49005c947bac\american horse blowjob girls YEâPSè& .rar.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\italian kicking bukkake uncut hole .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Windows\CbsTemp\lesbian hidden .mpg.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Windows\Downloaded Program Files\xxx masturbation titts bedroom .rar.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_215194e2327a46ac\brasilian porn beast [milf] 50+ .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Windows\security\templates\tyrkish cum gay hot (!) blondie .avi.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.746_none_d404daff82e97769\black action blowjob hot (!) (Janette).mpg.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-t..ervices-tsfairshare_31bf3856ad364e35_10.0.19041.746_none_0b33a1c93a22de1c\japanese fetish bukkake [free] (Tatjana).zip.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_2610450c30b37cc4\spanish lesbian hot (!) glans penetration (Sarah).avi.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_de-de_e4e52f411b7b0526\canadian trambling big hole circumcision (Liz).mpg.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Windows\WinSxS\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_10.0.19041.1_none_15ba23b7f1e2b81b\sperm licking glans shoes (Karin).avi.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.572_none_cf90e12518baac85\japanese porn fucking [milf] .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.1_none_c6da8048542fddc7\swedish nude lesbian hidden young (Gina,Jade).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_14c898cc82025c76\indian cum hardcore [bangbus] cock balls .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-s..mon-sharedresources_31bf3856ad364e35_10.0.19041.1_none_5417ea1f38dbb76b\african beast [milf] cock .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_89c0bf1761110f07\french fucking sleeping .mpg.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_10.0.19041.1_none_91025638be651781\brasilian kicking bukkake [bangbus] titts lady (Jade).zip.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_it-it_bdb6c49fcea35732\xxx [free] hole Ôï .zip.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_621728fcd3c9d5f6\swedish action sperm sleeping glans wifey .rar.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.84_none_81616275259e37fe\fetish trambling several models swallow .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_de-de_16bd831fd16633be\bukkake uncut feet .mpg.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.1266_none_7916f7558927ae23\norwegian fucking catfight .avi.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_10.0.19041.746_none_292c449ed2edefa3\italian beastiality trambling uncut .zip.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-sx-shared_31bf3856ad364e35_10.0.19041.1_none_f8e978b0ed48a6bb\lesbian big boots .zip.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\templates\lesbian sleeping leather .avi.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1288_none_6115038ba57fcb33\italian fetish lingerie licking cock .rar.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_10.0.19041.1_none_359f84f8e5af60e2\canadian xxx big ash .avi.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx4-uninstallsqlstatetemplate_sql_b03f5f7f11d50a3a_4.0.15805.0_none_db70a8ec1b999dd5\indian handjob xxx full movie girly .avi.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_6242879b1c08046f\indian animal xxx several models (Karin).avi.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-m..ineshared.resources_31bf3856ad364e35_10.0.19041.1_en-us_a4327320c19e2fa7\nude horse big (Sarah).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\indian porn horse public feet .avi.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.153_none_e23c926e32d07dc1\action sperm public titts .avi.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1_none_3cfd44d351b1a8ab\canadian lingerie full movie titts fishy (Melissa).zip.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1_none_97e9c0335b4cd39a\chinese hardcore catfight .zip.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_10.0.19041.1_none_03040a328f65b761\french gay voyeur glans (Ashley,Sylvia).avi.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.746_none_b53f8b98f2b3a373\malaysia lesbian [free] leather .mpg.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Windows\WinSxS\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_10.0.19041.1_none_a723631dce180fe0\cumshot trambling masturbation swallow .mpg.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\american kicking gay girls glans fishy (Janette).avi.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.928_none_33e0d5558cdd7c61\trambling big .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_b1ffa0e7b4ed03e2\handjob xxx lesbian .mpg.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_fad1fa0072ef4a3a\french lesbian hidden boots .avi.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-update-upshared_31bf3856ad364e35_10.0.19041.84_none_85259eff919b7c9e\italian nude sperm catfight (Curtney).rar.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Windows\WinSxS\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_10.0.19041.1_none_c049dbdb4e15bdd2\russian cum hardcore [milf] .rar.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\templates\bukkake voyeur stockings .mpg.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-m..ineshared.resources_31bf3856ad364e35_10.0.19041.1_en-us_99ddc8ce8d3d6dac\beast hot (!) cock pregnant .zip.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_de-de_3d077a9cd5de5151\animal hardcore hot (!) feet bondage (Sylvia).mpg.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedrealitysvc_31bf3856ad364e35_10.0.19041.1_none_5a23b464e1e0b15e\brasilian porn trambling masturbation titts wifey (Sarah).rar.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.867_en-us_49453482f1fb5356\norwegian beast voyeur high heels .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1288_none_56c05939711f0938\black cumshot horse hidden hole boots (Sarah).mpg.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx4-_dataoraclec.._shared12_neutral_h_b03f5f7f11d50a3a_4.0.15805.0_none_3b8d4dacc2ea6b71\american animal horse uncut hole 40+ .rar.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe
"C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe"
C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe
"C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe"
C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe
"C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe"
C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe
"C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe"
Network
| Country | Destination | Domain | Proto |
| GB | 23.44.234.16:80 | tcp | |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.223.142.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 159.113.53.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.37.39.41.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.10.28.243.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 244.71.5.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.183.1.62.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 37.185.93.189.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.217.2.33.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 187.83.237.207.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.59.229.114.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.99.139.109.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 179.254.20.1.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.238.53.136.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 231.23.118.121.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.184.122.146.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.55.217.124.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.153.180.247.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 236.46.112.125.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.21.148.22.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 39.32.71.171.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.136.40.181.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 126.182.121.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.134.123.61.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 182.233.216.183.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 39.49.195.234.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.226.164.197.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.217.49.115.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.117.215.208.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.2.241.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.95.34.24.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 187.140.131.36.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.42.20.116.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 126.221.164.14.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.184.209.101.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.184.83.195.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 124.173.69.234.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 160.194.187.136.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.68.172.193.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.50.145.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.206.166.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.68.190.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.147.153.227.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 184.71.199.234.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.136.106.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.51.245.123.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.59.231.234.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.16.4.72.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 85.209.125.27.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.207.212.201.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.159.102.65.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.214.238.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 85.198.80.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.197.158.247.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.239.82.109.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.188.147.188.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.99.245.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.144.191.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.109.153.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.228.86.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.120.216.130.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.150.136.77.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.234.238.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.206.7.15.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.16.186.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.243.111.195.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.151.67.149.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 114.26.122.33.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.14.76.116.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 242.243.151.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.48.9.114.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.18.89.247.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.186.35.7.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.61.190.228.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.179.133.195.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.117.168.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.3.237.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.145.65.252.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.113.88.126.in-addr.arpa | udp |
Files
memory/872-0-0x0000000000400000-0x0000000000429000-memory.dmp
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\black cumshot sperm masturbation .mpeg.exe
| MD5 | 29566948ee742078cb92f1cf0fd9257e |
| SHA1 | b3aa3633744339a9a73d179c613802b17dd7f512 |
| SHA256 | d05696d962feeb0083b71b64d8e84bb50536ba57693d68d5de0cd5eccfb42dff |
| SHA512 | c953ad1ff51e6d6f83671f0063ee117e7d1853b616508e8c73549d218c3bc8fbf963730ffad0a1d8f1365f8468ff60240094f6c05a4977c49d3859f34f56ee5b |
memory/2872-57-0x0000000000400000-0x0000000000429000-memory.dmp
memory/4456-160-0x0000000000400000-0x0000000000429000-memory.dmp
memory/3520-162-0x0000000000400000-0x0000000000429000-memory.dmp
C:\debug.txt
| MD5 | ce7829619cff0a564e8381aff64b253f |
| SHA1 | 9c79fd3bd2e7181b81ba9f5194e537735410fc1b |
| SHA256 | a40388b90ea274b0f0a2a613733817ca54016aac344d68591eaf17fee78ae82b |
| SHA512 | 3902e2a300e94e62e9c408f57dfef0bdc2deee9e7c0dc1131d744eb7000cfbb2d3d32c178b8f1ab0936c469de1effc69050744b7df4804122c2f202221a64f49 |
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-06 22:26
Reported
2024-04-06 22:28
Platform
win7-20240215-en
Max time kernel
150s
Max time network
150s
Command Line
Signatures
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\asian cum public shower .rar.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\sperm girls girly .mpg.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\shared\asian nude cum several models titts .mpg.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\beast nude voyeur stockings (Janette).mpg.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\russian action hardcore masturbation pregnant (Janette).rar.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\shared\french gang bang gang bang [free] .mpg.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Windows\System32\LogFiles\Fax\Incoming\fetish voyeur shower (Britney,Britney).zip.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\trambling public nipples hairy .rar.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\danish fetish lesbian cock penetration .zip.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\german action action sleeping black hairunshaved .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\russian cumshot uncut latex .rar.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\british lesbian public mistress .avi.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\Download\indian gang bang porn catfight granny (Sylvia).avi.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\black trambling public shoes .zip.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\gay fetish voyeur cock beautyfull .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\russian animal full movie leather .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\russian porn licking black hairunshaved (Britney).avi.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\swedish cum cum full movie young .mpg.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Program Files\DVD Maker\Shared\lingerie trambling full movie .rar.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Program Files\Windows Journal\Templates\canadian gay horse uncut granny .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Shared Gadgets\animal action uncut bedroom .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\microsoft shared\french bukkake girls bedroom (Britney,Sonja).zip.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\bukkake hidden .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\beast fucking hot (!) cock penetration .rar.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\nude fetish public .mpg.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_7f84cd98a7a56fd8\fucking lesbian .rar.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\Downloads\brasilian bukkake beast hidden .avi.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_d81c96999f75bd77\american cumshot full movie upskirt .rar.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5d9f7d70ed4643fd\nude public .mpg.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0af98f1835676d1b\fucking several models .zip.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5d6ada54ed6d35a2\swedish horse catfight traffic .rar.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Windows\winsxs\Temp\cumshot gang bang big hotel .avi.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Windows\winsxs\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_79642285ffd2a388\nude porn several models 50+ (Liz).zip.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_387a16fe7addf3b6\norwegian trambling beast hidden glans (Gina).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_a945e2c500c90142\spanish gay fucking public ejaculation .rar.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_664dbffec8693dfe\french sperm [bangbus] hotel .avi.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\japanese nude voyeur latex .rar.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\black trambling masturbation glans .avi.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Windows\winsxs\InstallTemp\black action voyeur .avi.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ac16749b75335680\lesbian [free] ìï .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8d9f242de8497d58\british beastiality xxx big .rar.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_it-it_18a6fde3093acac7\malaysia kicking public .mpg.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_7bfdfb15e7184c41\animal girls upskirt .zip.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_ddab3bcb3a4ffb45\cum trambling [bangbus] .mpg.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_c26c5b8280c6af34\malaysia blowjob xxx uncut .avi.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_3863e9ef3f804dd9\british horse nude uncut boobs ìï .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_05ea1d9b8e2bf020\nude [bangbus] hotel .rar.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_515dc677700303ec\sperm [bangbus] black hairunshaved .rar.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Windows\assembly\temp\horse sperm [milf] leather .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Windows\security\templates\russian gay [milf] .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\norwegian beastiality blowjob public glans shoes .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_99b74194b7347cab\russian handjob horse licking sm .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_bcc167434bb9b3ea\bukkake sperm full movie boobs penetration (Janette).rar.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_657d9a203abeb154\norwegian kicking fetish hot (!) .zip.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_4d274741486b900c\horse [free] redhair .mpg.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0835101f2d90c7b6\canadian action uncut traffic .mpg.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b4aea777fe683838\spanish action uncut boobs pregnant (Janette,Jenna).rar.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_00225053e03f4c04\malaysia gay horse [milf] legs upskirt (Christine).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0993a1b8823a4e79\cumshot girls bedroom .rar.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_f3c374fc18118ca2\american sperm gang bang lesbian shower (Kathrin).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\asian nude full movie black hairunshaved .avi.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\action horse hot (!) leather (Liz).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8bfc34b93f0fdd42\french cumshot gang bang masturbation (Kathrin,Sandy).rar.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_97a45841ff925aa0\fucking nude [bangbus] stockings .zip.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\animal [bangbus] sm (Gina).avi.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\japanese beastiality cum [bangbus] bondage (Sandy).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_6.1.7600.16385_none_49dd84a06c7c8863\canadian kicking masturbation hole penetration .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\asian trambling [milf] .zip.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\gang bang several models (Liz,Gina).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\german bukkake action voyeur femdom (Sylvia,Sarah).avi.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_6f0f7833cb71e18d\indian porn licking ash upskirt .avi.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\hardcore voyeur legs blondie .zip.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\italian xxx beastiality full movie nipples .zip.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\danish trambling porn voyeur .rar.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Windows\SoftwareDistribution\Download\black sperm catfight .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0ac4ebfc358e5ec0\horse beast girls .avi.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_6.1.7600.16385_none_5499606faffb3f9f\tyrkish xxx handjob public vagina .mpg.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_3d98a610fed70b75\brasilian blowjob animal [bangbus] shower .mpg.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_94ab98ac6d213009\cum lesbian leather .avi.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\malaysia handjob horse [free] sweet .avi.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\cumshot horse masturbation legs traffic .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\horse catfight hotel .mpg.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_6.1.7600.16385_none_6377027f0030a06a\danish animal [bangbus] cock .avi.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a3772de7111797da\danish sperm blowjob hot (!) (Britney,Britney).avi.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e30b5ec05031d17d\chinese blowjob cumshot voyeur feet .zip.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_39374e2435a71b47\tyrkish porn [bangbus] (Kathrin).zip.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-m..-temptable-provider_31bf3856ad364e35_6.1.7600.16385_none_1dd3ce8d1e7524cd\indian gang bang porn several models legs gorgeoushorny (Sandy,Sonja).zip.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_f0ca3430257ea13f\japanese gay bukkake voyeur gorgeoushorny .avi.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_aedaf3947d09fbe5\japanese blowjob [bangbus] traffic .zip.exe | C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe
"C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe"
C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe
"C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe"
C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe
"C:\Users\Admin\AppData\Local\Temp\76f5c46c4e3a33fb81a3e21c7cf56800955fd5998f4f562a9e978aada6bda733.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 158.69.11.29.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.44.18.174.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.124.146.251.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 148.197.204.125.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.194.2.42.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.27.150.118.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 219.209.250.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.25.253.47.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.133.76.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 60.139.183.177.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.164.27.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.214.221.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.18.217.115.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 199.24.140.59.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 215.10.22.182.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.104.244.19.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 118.72.252.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.219.183.123.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.167.239.251.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.121.75.129.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.130.5.118.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 255.192.98.122.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.243.210.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.35.110.94.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.151.134.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.170.90.146.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.55.253.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.135.52.232.in-addr.arpa | udp |
Files
memory/2108-0-0x0000000000400000-0x0000000000429000-memory.dmp
C:\Program Files\Windows Sidebar\Shared Gadgets\animal action uncut bedroom .mpeg.exe
| MD5 | db44cfbdf7ba005614aa977f4ab1c6a3 |
| SHA1 | 060fc9b046f0960b1d9b0e5704d2771e44628c5e |
| SHA256 | f7bf17aa7db74e225fee2d62ca9cbc11ebaf23904927f0a7a927695b74c7cd34 |
| SHA512 | c7c1c1720306326e619524742c3630cc5635329dba33ffe0dbd17ff7a526ea1d6fe16d72ae2d55405ef46b224bc2a6535c5a558eb0b0eb3ed216dab519242fbd |
memory/2108-62-0x0000000005DD0000-0x0000000005DF9000-memory.dmp
memory/2460-63-0x0000000000400000-0x0000000000429000-memory.dmp