Analysis Overview
SHA256
9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c
Threat Level: Known bad
The file 9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c was found to be: Known bad.
Malicious Activity Summary
UPX dump on OEP (original entry point)
UPX dump on OEP (original entry point)
Reads user/profile data of web browsers
UPX packed file
Checks computer location settings
Adds Run key to start application
Enumerates connected drives
Drops file in System32 directory
Drops file in Program Files directory
Drops file in Windows directory
Unsigned PE
Enumerates physical storage devices
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-07 23:24
Signatures
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-07 23:24
Reported
2024-04-07 23:27
Platform
win7-20240221-en
Max time kernel
162s
Max time network
173s
Command Line
Signatures
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\config\systemprofile\tyrkish handjob blowjob several models feet .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\asian blowjob [bangbus] 40+ .avi.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\black gang bang lesbian big femdom .mpg.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\american horse sperm hot (!) .avi.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\brasilian cum lesbian licking glans traffic (Melissa).mpg.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\italian animal beast lesbian .avi.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\hardcore [free] .rar.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\shared\danish action lesbian several models hole balls (Sarah).rar.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Windows\System32\LogFiles\Fax\Incoming\sperm masturbation pregnant .mpg.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\shared\black porn hardcore [bangbus] beautyfull .rar.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\Common Files\Microsoft Shared\indian horse gay hot (!) (Samantha).zip.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\Download\black porn gay girls balls .rar.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\american porn gay full movie .avi.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Program Files\DVD Maker\Shared\russian nude lingerie catfight hole mistress .zip.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\microsoft shared\hardcore lesbian hole beautyfull (Jade).zip.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\russian handjob gay catfight sm .avi.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\beast hidden young .mpg.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\norwegian fucking [free] (Curtney).zip.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\hardcore [milf] .zip.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Program Files\Windows Journal\Templates\tyrkish gang bang blowjob girls (Samantha).mpg.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\tyrkish gang bang xxx sleeping (Melissa).rar.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\xxx licking cock hotel .zip.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\hardcore masturbation YEâPSè& (Ashley,Jade).avi.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Shared Gadgets\trambling sleeping girly .mpg.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\fucking public lady .avi.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\russian animal trambling [free] sm .zip.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_b7f38afb92de484f\blowjob big ejaculation .avi.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\japanese gang bang lesbian masturbation glans .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_97a45841ff925aa0\canadian blowjob lesbian .avi.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_095efe9c8261401e\canadian hardcore full movie leather (Gina,Melissa).zip.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_94ab98ac6d213009\black beastiality horse [milf] shoes .avi.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\fucking hidden titts ejaculation (Curtney).zip.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_de-de_5803850b2f40840e\fetish trambling sleeping hole bedroom (Sylvia).avi.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_7f84cd98a7a56fd8\fucking [bangbus] feet .rar.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\xxx full movie latex .mpg.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_bcc167434bb9b3ea\indian gang bang sperm licking cock ìï .avi.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5d9f7d70ed4643fd\danish nude xxx [free] .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_6.1.7600.16385_none_af6f98ff87b0e3cc\hardcore licking .zip.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5d6ada54ed6d35a2\canadian lesbian catfight .mpg.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\fucking voyeur titts stockings (Samantha).avi.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_6.1.7600.16385_none_6377027f0030a06a\blowjob voyeur hole castration (Curtney).rar.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_39c9d74ef2ad6c7b\animal horse sleeping upskirt .zip.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-m..-temptable-provider_31bf3856ad364e35_6.1.7600.16385_none_1dd3ce8d1e7524cd\tyrkish gang bang lingerie uncut YEâPSè& .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Windows\assembly\tmp\brasilian porn gay full movie glans .zip.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_94828572f7ddbf0f\canadian horse lesbian feet (Britney,Sylvia).rar.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Windows\winsxs\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_6b16fa9f975e1109\american gang bang lingerie uncut cock leather .avi.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_965db382b6fef5cb\nude fucking catfight .avi.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ac16749b75335680\gang bang sperm [milf] feet latex .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0ac4ebfc358e5ec0\horse blowjob sleeping hairy (Anniston,Sylvia).zip.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_dba3691c6002e10e\animal bukkake licking feet (Sandy,Tatjana).mpg.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_cd2006602e5ee22e\spanish sperm [free] .zip.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_en-us_00f45b041e1e8fd3\action lingerie [bangbus] (Tatjana).rar.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ad7c61fb28607522\african horse [bangbus] .rar.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_f0ca3430257ea13f\brasilian animal sperm sleeping .zip.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_6208b91f46896156\cum gay big fishy .avi.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\danish beastiality blowjob voyeur high heels .rar.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f25d066604c2ad34\danish beastiality lesbian public sm (Kathrin,Curtney).avi.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a3772de7111797da\german trambling lesbian .mpg.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_dd18b2a07d49aa11\swedish kicking beast lesbian young .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_4fe2107fd06efdd8\gang bang fucking voyeur feet hotel .mpg.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_2e7f079c3208e549\chinese trambling full movie (Jade).avi.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Windows\PLA\Templates\bukkake catfight traffic .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0835101f2d90c7b6\lingerie public mature .rar.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_4d274741486b900c\bukkake [free] glans swallow .rar.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\black animal blowjob masturbation glans .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\tyrkish cumshot lesbian hidden feet bedroom .zip.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_es-es_00bfb7e81e458178\kicking gay several models feet bedroom .mpg.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_c26c5b8280c6af34\french blowjob full movie balls .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Windows\winsxs\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_79642285ffd2a388\african bukkake sleeping cock .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_293ea1e3e6bc5364\chinese horse sleeping (Tatjana).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_515dc677700303ec\blowjob girls .zip.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_5e4ff1f4cf2dee9b\japanese porn trambling several models (Melissa).zip.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\Downloads\xxx [free] .rar.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\swedish nude bukkake public .zip.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b4aea777fe683838\animal lesbian [bangbus] young .avi.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_16a2bb1dbab1c595\danish kicking blowjob masturbation cock upskirt .mpg.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_963e6ae24c653bfe\beastiality beast lesbian glans penetration .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_3863e9ef3f804dd9\nude beast public glans circumcision (Tatjana).mpg.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_387a16fe7addf3b6\tyrkish horse gay hot (!) young .rar.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e30b5ec05031d17d\action horse hidden fishy .mpg.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_3c93ac15fd731acf\indian cumshot beast licking (Sarah).zip.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_00225053e03f4c04\spanish bukkake hidden .mpg.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8c6fc5a7aa8c435d\action beast [milf] 40+ .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_34400a5790d1d336\african trambling [bangbus] .zip.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_bacc7ceffc55dca2\beastiality lesbian full movie (Liz).avi.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\american kicking horse licking cock .mpg.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Windows\SoftwareDistribution\Download\black horse fucking [bangbus] feet .mpg.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05\german xxx girls (Jade).zip.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_60a2cbbf935c42b4\spanish beast sleeping castration .rar.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe
"C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe"
C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe
"C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe"
C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe
"C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 181.219.9.61.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.166.174.6.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.130.198.39.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 120.97.207.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.135.13.11.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.128.163.122.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 62.33.97.55.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.216.3.237.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.4.231.12.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.119.58.145.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 143.225.90.174.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.194.185.215.in-addr.arpa | udp |
Files
memory/3000-0-0x0000000000400000-0x000000000041C000-memory.dmp
C:\Program Files\Windows Sidebar\Shared Gadgets\trambling sleeping girly .mpg.exe
| MD5 | ccfe1717230efe8e01f11ee39b17fb66 |
| SHA1 | 795d285dccd08a8cd4c2e727eb78c2f92fbb3f98 |
| SHA256 | c0970ddc2f004924e2d8a2d16cfc076360630c9ec6583abb0911f2b5d76ae5ec |
| SHA512 | b9b93753ce2b23885b46453a19f422280db930540a996a4c6cea6fd98f0fe1611b344cbd322db0af73b3005725440d72c0e0b6d47f7dd1f762392939e0796b55 |
memory/2608-12-0x0000000000400000-0x000000000041C000-memory.dmp
memory/2608-59-0x0000000000820000-0x000000000083C000-memory.dmp
memory/2836-60-0x0000000000400000-0x000000000041C000-memory.dmp
memory/3000-69-0x0000000000400000-0x000000000041C000-memory.dmp
memory/3000-83-0x0000000004A40000-0x0000000004A5C000-memory.dmp
memory/2608-96-0x0000000000400000-0x000000000041C000-memory.dmp
memory/2608-97-0x0000000000820000-0x000000000083C000-memory.dmp
C:\debug.txt
| MD5 | 0d5358c24127a105580397dbc3b3b96e |
| SHA1 | c26ca5615bb4c0e2ff5e31bee83a9641e0c505b5 |
| SHA256 | 3dc6bc7eea117f50b889bb71832f2fdb58be6ce2d522e860ba10be209c3b14d9 |
| SHA512 | 74318be32e4298edacb6e82b53c967ea66a03c7213a08a7189147dac7ae99ddb98876d0f3f4746065520b9fb8624d8601d83af9ec229bc99a9568e918e09982c |
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-07 23:24
Reported
2024-04-07 23:27
Platform
win10v2004-20240319-en
Max time kernel
150s
Max time network
153s
Command Line
Signatures
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\sperm girls glans beautyfull (Karin).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\sperm hot (!) lady .zip.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\american cum blowjob catfight glans stockings .rar.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\fetish hardcore licking YEâPSè& .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Windows\System32\LogFiles\Fax\Incoming\russian nude gay full movie (Samantha).rar.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\brasilian cum trambling public .rar.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\SHARED\brasilian cum fucking [bangbus] feet leather .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\swedish animal blowjob uncut 50+ .mpg.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\SHARED\black nude horse voyeur .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\indian action xxx licking cock .zip.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\bukkake hot (!) (Curtney).rar.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\trambling hidden .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\spanish lingerie hidden feet .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Program Files\dotnet\shared\hardcore masturbation (Liz).avi.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\swedish handjob xxx uncut .mpg.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Microsoft Shared\russian animal bukkake voyeur sweet .mpg.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\gay sleeping femdom .avi.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Program Files\Microsoft Office\Updates\Download\german sperm masturbation .rar.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\indian cum blowjob full movie (Samantha).avi.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\danish handjob bukkake licking hole .mpg.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\danish nude gay hot (!) (Jade).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Shared Gadgets\indian nude beast girls hole .mpg.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\brasilian kicking fucking big .mpg.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\brasilian action sperm hot (!) (Jade).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\Download\swedish nude xxx girls (Curtney).mpg.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\trambling full movie titts girly .zip.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Templates\swedish handjob gay hidden (Liz).avi.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\gay girls glans circumcision (Karin).rar.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\italian nude beast catfight .mpg.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\lingerie big cock YEâPSè& .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Install\{D3EA2F86-0081-495C-8439-1E64CA71F999}\EDGEMITMP_57EE5.tmp\trambling girls cock swallow .zip.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\WinSxS\amd64_netfx4-uninstallsqlstatetemplate_sql_b03f5f7f11d50a3a_4.0.15805.0_none_db70a8ec1b999dd5\cumshot gay voyeur .zip.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_6242879b1c08046f\african lingerie public circumcision .mpg.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.928_none_33e0d5558cdd7c61\cum bukkake hot (!) .zip.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_en-us_8dd6053a0a5910eb\xxx uncut circumcision .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\black cum lesbian [milf] (Sarah).zip.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedrealitysvc_31bf3856ad364e35_10.0.19041.746_none_822bf1ada1526fa8\horse [free] black hairunshaved .avi.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-sx-shared_31bf3856ad364e35_10.0.19041.1_none_f8e978b0ed48a6bb\horse horse licking .avi.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_62312bfbb33d478a\french trambling [milf] (Samantha).zip.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_fe0807c37141be7a\horse trambling masturbation titts high heels (Karin).avi.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-security-ntlmshared_31bf3856ad364e35_10.0.19041.1_none_7d9dab4e456449b1\french sperm several models feet hairy .rar.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..s-ime-eashared-ihds_31bf3856ad364e35_10.0.19041.1_none_e8996b7d3512363f\cumshot sperm girls hole .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.867_none_c29826784f9429f8\british lesbian [bangbus] titts lady .avi.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-security-ntlmshared_31bf3856ad364e35_10.0.19041.1_none_734900fc110387b6\italian action sperm [free] (Sylvia).zip.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.1_none_b201c2e68d8dbc0d\asian bukkake licking (Curtney).zip.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Windows\WinSxS\x86_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_10.0.19041.1_none_34e3bab50607a64b\malaysia lesbian catfight circumcision .zip.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Windows\WinSxS\x86_netfx4-uninstallsqlstatetemplate_sql_b03f5f7f11d50a3a_4.0.15805.0_none_231ddfc33015c6db\malaysia gay catfight .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_855aff45853749ef\porn horse masturbation cock .zip.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_es-es_bf79b5fcc06b3128\british hardcore uncut feet 40+ .rar.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1288_none_56c05939711f0938\danish cumshot bukkake catfight ejaculation .avi.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_10.0.19041.746_none_e2c6a972a81b8d2c\french blowjob girls circumcision .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.1266_none_7916f7558927ae23\trambling [bangbus] .mpg.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1151_none_fbdc4c5f677dc2ec\beast sleeping (Janette).zip.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx4-_dataperfcou.._shared12_neutral_h_b03f5f7f11d50a3a_4.0.15805.0_none_24ed4511dcc3019e\asian lingerie lesbian feet .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.906_none_f962ab5f47e1e896\beast full movie ash .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_5b152a8d329397ec\danish animal beast licking hole .mpg.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_es-es_e5c3ad79c4e34ebb\animal sperm lesbian fishy .mpg.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_57eddd48e7a74274\beast public circumcision (Sonja,Karin).mpg.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_de-de_16bd831fd16633be\chinese horse full movie gorgeoushorny .mpg.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.746_none_aaeae146be52e178\bukkake masturbation titts swallow (Janette).zip.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_es-es_8da1621e0a800290\horse public .avi.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Windows\PLA\Templates\blowjob full movie hole pregnant .zip.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_211cf1c632a13851\chinese lingerie big black hairunshaved .zip.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_en-us_e5f85095c4bc5d16\malaysia hardcore public glans gorgeoushorny .mpg.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_10.0.19041.1_none_ae957c4c35a7bf73\italian cumshot gay public titts mistress .rar.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Windows\security\templates\indian action trambling hidden feet latex (Janette).avi.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_10.0.19041.1_none_de1581e9a275faf8\porn blowjob uncut cock YEâPSè& .zip.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5021dd18efc0460c\action hardcore [free] (Curtney).mpg.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx-shared_registry_whidbey_31bf3856ad364e35_10.0.19041.1_none_1c68775f06732f08\french beast [milf] hole .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.746_none_de598551b74a3964\handjob xxx [bangbus] shower (Sonja,Curtney).zip.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_887b2378b7b5651d\beast several models penetration .avi.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.1_none_6e0e425bd0e83959\beastiality sperm uncut feet .mpg.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_f3b35d713ce0fc7f\animal horse girls .avi.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_1bbb9ab9fc52bac9\french sperm lesbian .zip.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_9aa486d790131d4e\horse beast sleeping titts bondage .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_10.0.19041.207_none_e2f2dfeea7fa44fc\lesbian full movie feet hairy (Sarah).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_8d8f6812a0c99533\handjob beast licking (Sarah).zip.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Windows\WinSxS\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_10.0.19041.1_none_a723631dce180fe0\italian gang bang xxx [free] glans .zip.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Windows\SoftwareDistribution\Download\SharedFileCache\xxx full movie cock .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\templates\russian cum lesbian sleeping young .rar.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.84_none_c494b3b28da10665\chinese sperm [milf] feet (Sonja,Melissa).zip.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Windows\InputMethod\SHARED\swedish kicking beast big YEâPSè& .zip.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.746_none_96167fa49059f7a3\indian kicking fucking public hole black hairunshaved .zip.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_67a96afcfa248327\malaysia lingerie several models bondage .mpg.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.844_none_67b5915b5651dd8a\british bukkake masturbation .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_es-es_64c107d8bb3ade94\american beastiality lesbian big titts stockings .avi.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_en-us_64f5aaf4bb13ecef\fucking hidden high heels .avi.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_adfc5e0bfca53431\handjob lesbian [milf] (Sylvia).zip.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_ee7ea14f7d8a3ee3\american cumshot lesbian hot (!) feet .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.746_none_b53f8b98f2b3a373\asian xxx full movie (Jade).avi.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Windows\WinSxS\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_10.0.19041.1_none_15ba23b7f1e2b81b\swedish animal bukkake several models titts .avi.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Windows\SystemResources\Windows.ShellCommon.SharedResources\xxx licking glans .zip.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.84_none_81616275259e37fe\chinese trambling lesbian cock shoes .avi.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_2610450c30b37cc4\chinese blowjob big titts .mpg.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1288_none_6115038ba57fcb33\action lingerie full movie YEâPSè& .zip.exe | C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe
"C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe"
C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe
"C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe"
C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe
"C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe"
C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe
"C:\Users\Admin\AppData\Local\Temp\9137159160a9f84a6983dd05668cfc3100003d55301ad184b1313127b06a2c0c.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1012 --field-trial-handle=2228,i,8155065313278028490,17854605419281052753,262144 --variations-seed-version /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.154.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.114.53.23.in-addr.arpa | udp |
| NL | 142.250.179.202:443 | tcp | |
| IE | 94.245.104.56:443 | tcp | |
| GB | 51.140.242.104:443 | tcp | |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| GB | 51.140.244.186:443 | tcp | |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.118.77.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.12.38.122.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.208.177.111.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.79.106.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 236.222.156.230.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 166.182.25.233.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 251.250.104.243.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 181.153.223.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.58.18.47.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.144.154.72.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.175.35.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.79.172.155.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 102.57.27.182.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.249.26.247.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.120.142.198.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 21.19.128.50.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.77.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.165.247.201.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.245.251.228.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.174.71.50.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.202.53.196.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.46.169.208.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.29.141.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 94.193.252.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.186.75.241.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 231.163.59.129.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.175.86.131.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.246.109.81.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 181.197.116.63.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.85.29.220.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.49.222.250.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.188.218.156.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.242.22.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.102.227.147.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 191.180.174.126.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 174.117.168.52.in-addr.arpa | udp |
Files
memory/2952-0-0x0000000000400000-0x000000000041C000-memory.dmp
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\swedish handjob xxx uncut .mpg.exe
| MD5 | 709bf9ce42aeac154ca59ac264a0ec8a |
| SHA1 | 4fd0984de65abf036f71b388c2a1ecd8f3a75bb6 |
| SHA256 | 1c9525a11401103038d90ffafe9a930210d74e0e6ecee0a815e52addd4034023 |
| SHA512 | f19b3d7e755a3f9cece2aa4feb236735dd4980f5e58b24ddc3d70469c3a768dcedf3bf812146f2f37c8aff1fbf4dd452ad0e1c1f3caa60282fb66e0718528bde |
memory/1336-10-0x0000000000400000-0x000000000041C000-memory.dmp
memory/4568-39-0x0000000000400000-0x000000000041C000-memory.dmp
memory/3140-40-0x0000000000400000-0x000000000041C000-memory.dmp
memory/2952-180-0x0000000000400000-0x000000000041C000-memory.dmp
memory/1336-193-0x0000000000400000-0x000000000041C000-memory.dmp
memory/4568-196-0x0000000000400000-0x000000000041C000-memory.dmp
memory/3140-197-0x0000000000400000-0x000000000041C000-memory.dmp