Analysis Overview
SHA256
883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1
Threat Level: Known bad
The file 883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1 was found to be: Known bad.
Malicious Activity Summary
UPX dump on OEP (original entry point)
Detects executables containing possible sandbox analysis VM usernames
UPX dump on OEP (original entry point)
UPX packed file
Checks computer location settings
Reads user/profile data of web browsers
Enumerates connected drives
Adds Run key to start application
Drops file in System32 directory
Drops file in Windows directory
Drops file in Program Files directory
Unsigned PE
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-07 23:03
Signatures
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-07 23:03
Reported
2024-04-07 23:05
Platform
win7-20240221-en
Max time kernel
154s
Max time network
155s
Command Line
Signatures
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\IME\shared\indian nude sperm full movie feet .avi.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Windows\System32\LogFiles\Fax\Incoming\russian kicking lesbian sleeping .avi.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\bukkake big .avi.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\american horse fucking [milf] hole .zip.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\shared\swedish horse blowjob [bangbus] hotel .mpg.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\american cumshot gay several models feet (Kathrin,Tatjana).rar.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\black fetish hardcore catfight (Melissa).mpg.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\chinese trambling big cock (Gina,Jade).mpg.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\italian cum beast several models latex .rar.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\fucking catfight .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\sperm [free] .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\japanese beastiality bukkake sleeping glans .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\sperm public hairy .mpg.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Shared Gadgets\tyrkish porn trambling licking (Melissa).mpg.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\Download\lesbian licking .rar.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\black cumshot bukkake voyeur .zip.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Program Files\DVD Maker\Shared\gay big wifey .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\microsoft shared\italian cumshot gay sleeping .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\japanese handjob horse masturbation .mpg.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\trambling hot (!) hole girly (Curtney).zip.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\american cum beast catfight titts latex .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Program Files\Windows Journal\Templates\beast hidden hole 50+ .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\american action lesbian full movie .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\sperm [bangbus] high heels .avi.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\indian beastiality trambling girls cock stockings .mpg.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\lingerie hidden Ôë .avi.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8c6fc5a7aa8c435d\lesbian big hole black hairunshaved .mpg.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_aea650787d30ed8a\fucking licking beautyfull .zip.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Windows\PLA\Templates\swedish horse fucking full movie 50+ .rar.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_657d9a203abeb154\gang bang blowjob public titts mature (Melissa).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_d8216ed3d8746200\gay voyeur swallow .zip.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\italian porn xxx public (Sarah).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0af98f1835676d1b\canadian lingerie [free] mistress .mpg.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_39374e2435a71b47\animal lingerie full movie (Karin).zip.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_3863e9ef3f804dd9\lingerie voyeur titts (Kathrin,Melissa).zip.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_b7f38afb92de484f\gay [bangbus] cock .mpg.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_94ab98ac6d213009\swedish handjob fucking lesbian glans .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\indian nude lingerie licking blondie .rar.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_f27c4f066f5c6701\tyrkish cum fucking several models cock castration (Curtney).avi.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_bcc167434bb9b3ea\cum sperm licking feet high heels (Samantha).rar.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a3772de7111797da\british hardcore catfight glans gorgeoushorny .avi.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_7f84cd98a7a56fd8\cumshot hardcore [milf] latex .avi.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\beast several models .zip.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\bukkake hot (!) fishy .zip.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Windows\security\templates\horse masturbation feet high heels (Jade).zip.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8bfc34b93f0fdd42\handjob lingerie uncut feet pregnant .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_c26c5b8280c6af34\british xxx several models glans penetration .avi.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Windows\winsxs\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_6b16fa9f975e1109\chinese horse voyeur glans .rar.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_5e4ff1f4cf2dee9b\german gay girls (Samantha).zip.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\xxx [free] cock gorgeoushorny (Liz).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Windows\Downloaded Program Files\indian handjob trambling uncut (Tatjana).avi.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\german xxx licking (Tatjana).avi.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_a945e2c500c90142\spanish lesbian full movie .zip.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\indian beastiality beast hidden (Sylvia).avi.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_d81c96999f75bd77\lesbian hot (!) .zip.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e30b5ec05031d17d\russian gang bang lesbian girls glans (Christine,Melissa).rar.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_bacc7ceffc55dca2\hardcore several models .rar.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_515dc677700303ec\swedish gang bang horse masturbation granny (Anniston,Liz).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\brasilian gang bang lingerie uncut gorgeoushorny .zip.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_6.1.7600.16385_none_49dd84a06c7c8863\beast catfight traffic .avi.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_it-it_18a6fde3093acac7\american cum sperm [bangbus] balls .zip.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_9498b282333b64ec\gang bang lingerie lesbian hole sweet (Janette).avi.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_f0ca3430257ea13f\action lingerie public girly .mpg.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_05ea1d9b8e2bf020\african xxx voyeur .mpg.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_99b74194b7347cab\gang bang gay sleeping glans .avi.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_65b23d3c3a97bfaf\porn xxx hot (!) feet balls (Liz).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f25d066604c2ad34\canadian bukkake hidden shower .zip.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5d6ada54ed6d35a2\tyrkish porn beast sleeping hole blondie .mpg.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_00225053e03f4c04\asian hardcore lesbian shoes .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_en-us_00f45b041e1e8fd3\danish porn hardcore lesbian leather .avi.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\Downloads\xxx voyeur stockings .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0ac4ebfc358e5ec0\bukkake [bangbus] .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_aedaf3947d09fbe5\chinese fucking lesbian wifey .zip.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_dd18b2a07d49aa11\blowjob public (Samantha).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_4d274741486b900c\lingerie sleeping (Samantha).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\black animal hardcore sleeping young .zip.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\indian gang bang lesbian catfight titts .avi.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_293ea1e3e6bc5364\gang bang hardcore masturbation hole gorgeoushorny .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8bc7919d3f36cee7\cum beast girls .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_39c9d74ef2ad6c7b\german fucking voyeur .avi.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_387a16fe7addf3b6\russian fetish bukkake big ìï .rar.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_4fe2107fd06efdd8\black animal beast several models (Janette).rar.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\brasilian kicking hardcore [bangbus] granny .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\italian fetish gay licking .rar.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Windows\assembly\temp\lingerie voyeur 40+ .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b4aea777fe683838\canadian xxx masturbation cock pregnant .zip.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_6208b91f46896156\danish fetish sperm girls .rar.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_dba3691c6002e10e\french bukkake big titts shoes .avi.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_3c93ac15fd731acf\german trambling [milf] upskirt .rar.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe
"C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe"
C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe
"C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe"
C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe
"C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 167.231.249.126.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.74.243.41.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.160.208.117.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.195.247.237.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.117.149.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.250.44.211.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 87.188.53.28.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.134.229.198.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.170.21.243.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.57.92.213.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.220.218.193.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.135.57.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.19.60.30.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.48.59.137.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 213.96.192.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 236.7.118.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 94.101.249.180.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.112.48.188.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 250.192.166.5.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.164.66.70.in-addr.arpa | udp |
Files
memory/2976-0-0x0000000000400000-0x0000000000429000-memory.dmp
memory/2976-3-0x0000000004750000-0x0000000004779000-memory.dmp
memory/2640-4-0x0000000000400000-0x0000000000429000-memory.dmp
C:\Program Files\Windows Sidebar\Shared Gadgets\tyrkish porn trambling licking (Melissa).mpg.exe
| MD5 | c93cf4afaa3329e7cda4765538d2c5fa |
| SHA1 | 53e7f106131b348e54e9544438e71be824ef1b51 |
| SHA256 | c78b5d8ea1561bf1b5c313e34284e7b4dcfcb61e6251d719b1c93f60ad74f3ef |
| SHA512 | 4ba5f468be6212f059a6866ceb49a379b4e9d36cbd6c261ad89511b390de41a40aadd346483ef4ecc33b844178edea7703e1a746e4e262dfc4a620bb203e1ed9 |
memory/2640-30-0x0000000004920000-0x0000000004949000-memory.dmp
memory/2612-35-0x0000000000400000-0x0000000000429000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-07 23:03
Reported
2024-04-07 23:05
Platform
win10v2004-20240226-en
Max time kernel
150s
Max time network
151s
Command Line
Signatures
Detects executables containing possible sandbox analysis VM usernames
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\System32\DriverStore\Temp\japanese fetish hardcore public cock femdom .rar.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\malaysia horse [free] .rar.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\lingerie [bangbus] .rar.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\american beastiality bukkake big swallow .mpg.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\american animal lesbian [bangbus] hotel .mpg.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\brasilian cum trambling voyeur mistress .mpg.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\tyrkish animal beast uncut 40+ .mpg.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\fucking hidden hole pregnant .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\SHARED\danish beastiality hardcore girls ¼ë .mpg.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Windows\System32\LogFiles\Fax\Incoming\swedish cum beast uncut cock femdom .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\sperm licking feet shower .mpg.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\SHARED\japanese animal gay sleeping titts pregnant (Janette).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\Windows Sidebar\Shared Gadgets\sperm sleeping wifey .mpg.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\swedish kicking gay [bangbus] glans balls .zip.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Microsoft Shared\horse licking (Curtney).mpg.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\lesbian sleeping feet (Gina,Curtney).rar.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\fucking several models .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\sperm full movie .avi.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\hardcore full movie feet high heels .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\italian horse gay several models hole bedroom .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\Download\lingerie licking bondage (Kathrin,Samantha).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Program Files\dotnet\shared\japanese porn fucking hidden 50+ .zip.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Program Files\Microsoft Office\Updates\Download\beast catfight 50+ .rar.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\lesbian uncut 40+ .zip.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\gay big shoes (Kathrin,Curtney).rar.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Templates\lingerie sleeping (Jade).mpg.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\italian handjob horse full movie latex .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\brasilian fetish beast [bangbus] .avi.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\trambling sleeping granny .rar.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\hardcore public feet (Kathrin,Samantha).mpg.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.1_none_0bc0f3d4cd7dc8fd\norwegian trambling licking feet .avi.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_887b2378b7b5651d\gay [milf] glans black hairunshaved .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_es-es_30d7585a049f5b52\african xxx hidden femdom .zip.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d38ece58f77171b4\hardcore [milf] .avi.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_f07d4fae3e8e883f\american horse lingerie [milf] stockings .zip.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_es-es_64c107d8bb3ade94\fucking big .rar.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_10.0.19041.1_none_01240756137c3159\italian porn lesbian [milf] .rar.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_fe0807c37141be7a\spanish fucking [bangbus] glans .rar.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Windows\WinSxS\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_10.0.19041.1_none_15ba23b7f1e2b81b\asian hardcore [milf] 40+ .avi.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_es-es_bf79b5fcc06b3128\brasilian handjob beast public (Tatjana).mpg.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_5af076e0a3cb0fa7\french lesbian voyeur YEâPSè& (Sonja,Curtney).avi.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedpc-sharedpccsp_31bf3856ad364e35_10.0.19041.746_none_4cfe603abbcbfd86\chinese lingerie hot (!) YEâPSè& (Sonja,Sylvia).avi.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_b597a55b603b537d\bukkake uncut hotel .rar.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5fdc43acc1be690d\indian horse lingerie [free] titts (Sonja,Janette).avi.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.789_en-us_58ebf9ecc407e3c0\beastiality gay masturbation (Sarah).zip.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.1_none_fa09f84703cb02c5\brasilian gang bang fucking lesbian bedroom .avi.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedpc-sharedpccsp_31bf3856ad364e35_10.0.19041.1_none_24f622f1fc5a3f3c\lesbian hidden latex (Kathrin,Tatjana).mpg.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-t..ervices-tsfairshare_31bf3856ad364e35_10.0.19041.1_none_e32b64807ab11fd2\cumshot beast [bangbus] cock .zip.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_10.0.19041.1_none_359f84f8e5af60e2\canadian lingerie [free] feet .avi.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx4-installsqlstatetemplate_sql_b03f5f7f11d50a3a_4.0.15805.0_none_7636d1cd418015c8\gay sleeping granny .zip.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_211cf1c632a13851\swedish horse fucking masturbation glans .avi.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_en-us_e5f85095c4bc5d16\porn fucking [free] hole .avi.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.746_none_d01527cffa9c25bc\black kicking fucking several models shower .zip.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_57eddd48e7a74274\swedish nude trambling hot (!) circumcision .mpg.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_fd7349c396c417ae\german fucking hot (!) (Tatjana).mpg.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_07787dd7ae0cf4f6\asian bukkake licking young .rar.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-security-ntlmshared_31bf3856ad364e35_10.0.19041.1_none_7d9dab4e456449b1\lingerie [free] feet stockings .mpg.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_10.0.19041.1_none_8c0b126c198fcf70\blowjob [bangbus] titts latex .rar.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-m..ineshared.resources_31bf3856ad364e35_10.0.19041.1_en-us_99ddc8ce8d3d6dac\norwegian gay catfight stockings .rar.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_es-es_8da1621e0a800290\handjob blowjob hidden titts .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_6242879b1c08046f\spanish hardcore public (Karin).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_f8d34ba1b1eb00de\tyrkish animal beast full movie glans wifey .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_de-de_881b257d159a5de8\horse [free] (Melissa).avi.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..ces-ime-eashared-lm_31bf3856ad364e35_10.0.19041.1_none_3d0229d17c310f10\horse lesbian girls cock wifey (Sarah).mpg.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_bfae5918c0443f83\asian hardcore uncut circumcision .zip.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.1_none_6e0e425bd0e83959\norwegian gay several models glans sweet .rar.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\templates\hardcore [free] titts sm .zip.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1288_none_56c05939711f0938\beastiality trambling [bangbus] .mpg.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.746_none_96167fa49059f7a3\cum blowjob hidden upskirt .zip.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_6c6bd34f082a97f1\fetish fucking [milf] circumcision .mpg.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Windows\WinSxS\x86_microsoft-windows-m..-temptable-provider_31bf3856ad364e35_10.0.19041.1_none_77cfea69a421a4a1\porn sperm girls titts beautyfull .zip.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.928_none_33e0d5558cdd7c61\indian fetish blowjob catfight glans .rar.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.906_none_ef0e010d1381269b\spanish hardcore public feet .avi.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Windows\WinSxS\x86_netfx4-installsqlstatetemplate_sql_b03f5f7f11d50a3a_4.0.15805.0_none_bde408a455fc3ece\blowjob girls bedroom .zip.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\american gang bang gay hot (!) hole young .mpg.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_10.0.19041.746_none_e2c6a972a81b8d2c\tyrkish handjob beast public gorgeoushorny .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\american cumshot hardcore hot (!) cock swallow (Liz).mpg.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_it-it_bdb6c49fcea35732\malaysia trambling uncut 40+ .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Windows\SystemResources\Windows.UI.ShellCommon\SharePickerUI\russian horse lingerie licking feet young .zip.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_it-it_72a319bf8ee74a9b\cumshot lesbian catfight balls (Kathrin,Liz).mpg.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c3d467c525734eb3\horse full movie beautyfull .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5021dd18efc0460c\french bukkake hidden glans castration .avi.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_89c0bf1761110f07\russian cum sperm [milf] titts .avi.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_10.0.19041.746_none_292c449ed2edefa3\british fucking several models .mpg.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Windows\InputMethod\SHARED\swedish gang bang bukkake sleeping hole lady (Sylvia).zip.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Windows\SoftwareDistribution\Download\russian beastiality horse full movie YEâPSè& .rar.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..se-shared-datafiles_31bf3856ad364e35_10.0.19041.1_none_2f5f00d280dce9f6\asian beast uncut cock .rar.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_3058d81cfd5218f2\russian gang bang hardcore public wifey .avi.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_it-it_56adcc94becfef03\tyrkish animal bukkake public femdom .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\japanese cumshot fucking [milf] .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.867_en-us_49453482f1fb5356\asian lesbian licking beautyfull (Ashley,Melissa).mpg.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_4c786ae2f508e6d5\lesbian full movie castration (Jenna,Janette).avi.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_62312bfbb33d478a\spanish bukkake sleeping castration .zip.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-m..ineshared.resources_31bf3856ad364e35_10.0.19041.1_en-us_a4327320c19e2fa7\british trambling catfight wifey .avi.exe | C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe
"C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe"
C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe
"C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe"
C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe
"C:\Users\Admin\AppData\Local\Temp\883e8f6240cdf56c46098676bcd9a5f7b319b54477c740f02059f1f89a2ec1b1.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 159.113.53.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.166.61.253.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.118.77.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 94.51.68.205.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 143.155.57.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 204.190.232.170.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 141.66.216.236.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.26.204.202.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 54.31.159.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 63.118.66.254.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.102.51.80.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.59.141.77.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.102.22.191.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 170.139.185.224.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.185.176.112.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 141.146.223.125.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 224.223.6.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.239.169.187.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.216.212.94.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 126.238.207.110.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 222.36.217.76.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.30.9.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.179.42.65.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.54.143.231.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 204.100.85.132.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 144.248.117.239.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 114.95.122.193.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.138.180.57.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 185.157.93.232.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 223.255.133.19.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 128.173.12.72.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.176.32.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.100.92.24.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.65.99.120.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.82.184.49.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 231.137.252.228.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 139.170.147.38.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.229.79.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.6.127.223.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.167.187.139.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.35.228.183.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.125.236.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.79.52.131.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.122.33.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.176.69.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.239.76.86.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 62.65.98.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.176.117.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.248.154.198.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 220.110.52.166.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.91.182.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 184.140.31.81.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.152.239.12.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.182.90.226.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.55.173.78.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.39.168.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.168.218.60.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 219.157.207.135.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 213.224.106.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.217.242.26.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 166.15.226.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.21.3.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 239.145.59.16.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 176.7.154.229.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.208.191.17.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 243.16.49.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.29.91.125.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 123.176.169.190.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.104.141.99.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 112.34.85.65.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.7.173.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 211.222.166.214.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 177.84.166.179.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.239.69.13.in-addr.arpa | udp |
Files
memory/1336-0-0x0000000000400000-0x0000000000429000-memory.dmp
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\italian handjob horse full movie latex .mpeg.exe
| MD5 | d1e12c6134952efb5cb0382cc0cde7a6 |
| SHA1 | 009ce6d4b49f6efc3137179bff10c7db9970db49 |
| SHA256 | 6befc9b157f101a07f6d655418b373d38b2970337c880ff2d0229334eccbb28f |
| SHA512 | 13f5c4e086361784b41e2e301aba85007da824a19aeec7764751aa20c95e4b65b4ab526bb1f87ea1add966719af9a992941217653b77d3e96022679c67c95c1e |
memory/460-53-0x0000000000400000-0x0000000000429000-memory.dmp
memory/2252-165-0x0000000000400000-0x0000000000429000-memory.dmp