Analysis Overview
SHA256
91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f
Threat Level: Known bad
The file 91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f was found to be: Known bad.
Malicious Activity Summary
UPX dump on OEP (original entry point)
Detects executables containing possible sandbox analysis VM usernames
UPX dump on OEP (original entry point)
Reads user/profile data of web browsers
Checks computer location settings
UPX packed file
Enumerates connected drives
Adds Run key to start application
Drops file in System32 directory
Drops file in Windows directory
Drops file in Program Files directory
Unsigned PE
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-07 23:25
Signatures
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-07 23:25
Reported
2024-04-07 23:27
Platform
win7-20240221-en
Max time kernel
150s
Max time network
153s
Command Line
Signatures
Detects executables containing possible sandbox analysis VM usernames
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\brasilian horse lingerie [bangbus] hairy .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Windows\System32\LogFiles\Fax\Incoming\brasilian beastiality fucking sleeping 50+ (Gina,Janette).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\trambling big glans (Sonja,Sarah).mpg.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\shared\swedish cumshot sperm [milf] upskirt .avi.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\danish animal lesbian public .rar.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\japanese gang bang sperm licking cock (Sandy,Tatjana).zip.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\french trambling several models .mpg.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\shared\sperm [milf] fishy .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\gay sleeping young .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\swedish animal bukkake several models upskirt .avi.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\bukkake several models .rar.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\beast masturbation cock beautyfull .zip.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Program Files\Windows Journal\Templates\norwegian gay [bangbus] feet (Gina,Jade).zip.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\brasilian cum blowjob girls mature (Christine,Sarah).mpg.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\brasilian cum blowjob full movie lady .mpg.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Shared Gadgets\sperm big glans ash .rar.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\italian action beast girls leather .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\brasilian beastiality bukkake [free] glans .avi.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\indian kicking lesbian public (Sylvia).mpg.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Program Files\DVD Maker\Shared\danish cumshot lesbian girls hole ìï (Janette).avi.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\microsoft shared\horse big (Tatjana).mpg.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\Download\black porn blowjob several models .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\swedish porn trambling big shoes (Sandy,Curtney).zip.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\lingerie [milf] bedroom .avi.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\brasilian porn bukkake lesbian feet .mpg.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\italian gang bang blowjob masturbation feet ash .zip.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\brasilian gang bang fucking several models cock bondage .rar.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\american cumshot lesbian masturbation hole mistress .zip.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8d9f242de8497d58\norwegian beast girls hole mistress .avi.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_6.1.7600.16385_none_49dd84a06c7c8863\black action beast uncut hole bedroom (Karin).avi.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_2e7f079c3208e549\canadian lingerie licking boots .rar.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_515dc677700303ec\beast girls feet sm (Tatjana).zip.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_5e4ff1f4cf2dee9b\kicking bukkake sleeping .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\lesbian voyeur cock .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\brasilian animal gay big .zip.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_94ab98ac6d213009\fetish hardcore lesbian feet mistress (Samantha).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0835101f2d90c7b6\asian gay full movie feet .mpg.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_34400a5790d1d336\hardcore licking .rar.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a3772de7111797da\italian porn xxx voyeur glans girly (Liz).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ac16749b75335680\fetish sperm licking .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_4d274741486b900c\trambling big bondage (Ashley,Karin).zip.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\xxx several models Ôë (Sonja,Jade).rar.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Windows\security\templates\lesbian catfight .zip.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f25d066604c2ad34\danish beastiality beast catfight cock young (Jade).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_6.1.7600.16385_none_5499606faffb3f9f\german bukkake voyeur 40+ .rar.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0af98f1835676d1b\african sperm catfight cock high heels (Samantha).zip.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_a945e2c500c90142\german bukkake girls hole young (Curtney).rar.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ad7c61fb28607522\danish action lingerie several models circumcision .avi.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_39374e2435a71b47\malaysia trambling [bangbus] titts young (Janette).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Windows\winsxs\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_6b16fa9f975e1109\cumshot bukkake full movie .mpg.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_f3c374fc18118ca2\russian horse horse girls cock young (Tatjana).avi.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\bukkake uncut pregnant .mpg.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Windows\winsxs\InstallTemp\lesbian big bedroom .zip.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_7bfdfb15e7184c41\african bukkake uncut young .rar.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_963e6ae24c653bfe\spanish gay girls latex (Sonja,Sarah).rar.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Windows\mssrv.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\Downloads\italian animal lesbian full movie cock 50+ (Janette).avi.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_9498b282333b64ec\malaysia trambling lesbian traffic (Gina,Tatjana).zip.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_aea650787d30ed8a\norwegian fucking licking sweet .avi.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\horse sleeping .avi.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\indian beastiality blowjob lesbian sm .zip.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8bfc34b93f0fdd42\brasilian fetish bukkake masturbation hole girly .avi.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_6.1.7600.16385_none_af6f98ff87b0e3cc\russian fetish hardcore hidden (Sarah).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_387a16fe7addf3b6\black cumshot lesbian masturbation glans (Sonja,Janette).rar.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\Downloads\tyrkish handjob bukkake [bangbus] boots .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_39c9d74ef2ad6c7b\kicking horse hidden cock .avi.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b4aea777fe683838\tyrkish gang bang hardcore big .zip.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_bacc7ceffc55dca2\kicking fucking voyeur (Sarah).rar.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_en-us_00f45b041e1e8fd3\nude horse licking redhair .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_60a2cbbf935c42b4\horse hidden .mpg.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e30b5ec05031d17d\french sperm several models high heels .mpg.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_095efe9c8261401e\canadian trambling [bangbus] titts ìï .rar.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_7f84cd98a7a56fd8\italian action blowjob sleeping boots .avi.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\sperm sleeping feet swallow .avi.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_6208b91f46896156\lingerie voyeur hole beautyfull .mpg.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_60c2504d62fd4f0e\sperm girls penetration .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-m..-temptable-provider_31bf3856ad364e35_6.1.7600.16385_none_1dd3ce8d1e7524cd\indian cum gay masturbation cock gorgeoushorny .zip.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_b7f38afb92de484f\italian cum trambling girls blondie .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\indian fetish lingerie full movie .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_6f0f7833cb71e18d\african lingerie full movie boots .mpg.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_es-es_00bfb7e81e458178\xxx lesbian titts .avi.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8bc7919d3f36cee7\handjob horse uncut .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Windows\PLA\Templates\black animal trambling licking cock fishy (Samantha).zip.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_293ea1e3e6bc5364\asian bukkake big titts 40+ .zip.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_dba3691c6002e10e\spanish beast big (Karin).mpg.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_16a2bb1dbab1c595\cumshot fucking public .mpg.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_65b23d3c3a97bfaf\british fucking masturbation cock hotel (Jade).zip.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2fc4a33adb648f33\horse lesbian lesbian mature .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Windows\winsxs\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_79642285ffd2a388\cum hardcore [bangbus] .rar.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe
"C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe"
C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe
"C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe"
C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe
"C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe"
C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe
"C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 177.48.220.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.51.127.76.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 51.184.93.50.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.47.176.169.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 94.84.100.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 245.169.207.164.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.240.31.131.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.119.174.161.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.161.217.195.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.33.215.215.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.73.156.68.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 224.150.252.80.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 184.226.208.120.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.39.5.121.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.121.175.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.169.75.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.249.158.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 62.154.243.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 126.102.50.63.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.125.11.51.in-addr.arpa | udp |
Files
memory/3052-0-0x0000000000400000-0x0000000000429000-memory.dmp
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\brasilian porn bukkake lesbian feet .mpg.exe
| MD5 | 78ce9c7e427268067f0a45554adf8f52 |
| SHA1 | b3a75275135af03b91ba3e4d892c4eead5f480aa |
| SHA256 | 33ad8cf3cfce46ebaf8f218bf21ea78eccd583075213915feffd3ecb92c162d7 |
| SHA512 | 62ec4ca9b9b076e9792ea611d42cf501ca726291187acc694a3d157deccd72b263be1cb0e9fde01c9deac2bb1f0248bda2196197416d6631b7adcceadf761358 |
memory/3052-12-0x0000000004AF0000-0x0000000004B19000-memory.dmp
memory/2088-13-0x0000000000400000-0x0000000000429000-memory.dmp
memory/2088-61-0x00000000047D0000-0x00000000047F9000-memory.dmp
memory/3052-62-0x0000000005660000-0x0000000005689000-memory.dmp
memory/2408-63-0x0000000000400000-0x0000000000429000-memory.dmp
memory/2420-64-0x0000000000400000-0x0000000000429000-memory.dmp
C:\debug.txt
| MD5 | d9994679c2b9e032eceb8c952e58b17d |
| SHA1 | df10091aa11c890e3f88523bdf4d6d61ebbc405c |
| SHA256 | 78e86c1ab043beb4567db219583cfb6067910ad6a0deb572c10a49445619a882 |
| SHA512 | 5759207bde8e95658f399df2581853d3a676933b70c735212212cfe239bf415707d407744fe11c42b137e2e9a1342d3f9c9fd0d918c7971a4d5a32252448c398 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-07 23:25
Reported
2024-04-07 23:27
Platform
win10v2004-20240226-en
Max time kernel
150s
Max time network
150s
Command Line
Signatures
Detects executables containing possible sandbox analysis VM usernames
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\config\systemprofile\horse girls .rar.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\lingerie sleeping feet castration .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\SHARED\lesbian lesbian (Jade).rar.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\sperm lesbian granny (Sonja,Sylvia).rar.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\tyrkish beastiality lesbian girls feet hotel .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\sperm girls hole shower (Curtney).avi.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\SHARED\japanese kicking hardcore [bangbus] cock .rar.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\sperm hot (!) balls .mpg.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\fucking big feet .avi.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\cum lingerie hot (!) titts fishy (Sylvia).mpg.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Windows\System32\LogFiles\Fax\Incoming\gay hot (!) (Karin).avi.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\japanese fetish lesbian [bangbus] lady .zip.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\fucking lesbian titts sweet .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\gay hidden .zip.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\Download\black fetish lingerie full movie .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Program Files\dotnet\shared\japanese porn blowjob catfight boots (Sonja,Janette).zip.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Templates\swedish porn horse sleeping (Liz).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\lingerie voyeur feet sweet .mpg.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\american porn blowjob lesbian .rar.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\japanese nude fucking sleeping shower .avi.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Program Files\Microsoft Office\Updates\Download\trambling public shower .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Shared Gadgets\american fetish hardcore hot (!) hole 50+ .mpg.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Microsoft Shared\horse [free] cock .rar.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\bukkake hot (!) (Janette).zip.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\black beastiality blowjob hidden gorgeoushorny .avi.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\blowjob [bangbus] feet hairy .mpg.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\tyrkish animal beast [milf] feet .mpg.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\danish cum trambling sleeping titts hairy .avi.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\cumshot xxx catfight 40+ .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\horse hidden sweet .zip.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.1_none_b201c2e68d8dbc0d\german fucking girls penetration .avi.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Windows\PLA\Templates\tyrkish animal lingerie [bangbus] cock redhair .avi.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_215194e2327a46ac\bukkake lesbian cock wifey .avi.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-a..gement-uevtemplates_31bf3856ad364e35_10.0.19041.1_none_0d66b54875835a49\indian beastiality bukkake big .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1151_none_fbdc4c5f677dc2ec\horse bukkake hot (!) titts hotel .zip.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_855aff45853749ef\norwegian horse masturbation circumcision .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-s..-kf-commondownloads_31bf3856ad364e35_10.0.19041.1_none_a914e3e3f19ceda1\animal hardcore licking hole .zip.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_10.0.19041.1_none_965fbcbe4df0916b\african trambling [free] titts hotel .zip.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1_none_3cfd44d351b1a8ab\cumshot gay licking girly (Ashley,Samantha).rar.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-m..ineshared.resources_31bf3856ad364e35_10.0.19041.1_en-us_99ddc8ce8d3d6dac\asian gay public 40+ .avi.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.746_none_d404daff82e97769\swedish beastiality fucking hidden leather .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_10.0.19041.1_none_359f84f8e5af60e2\chinese trambling [bangbus] girly .zip.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\templates\american animal lesbian several models high heels .mpg.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_it-it_4c5922428a6f2d08\cum hardcore sleeping feet bondage .mpg.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_10.0.19041.746_none_e2c6a972a81b8d2c\tyrkish porn gay lesbian glans fishy (Sarah).rar.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.572_none_d9e58b774d1b6e80\russian nude xxx public (Liz).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_f07d4fae3e8e883f\american cumshot horse masturbation leather (Ashley,Liz).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_de-de_e4e52f411b7b0526\sperm [bangbus] .mpg.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Windows\security\templates\danish action sperm several models .avi.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1_none_0b596e2a33be7d4c\handjob beast hidden (Sarah).zip.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_b1ffa0e7b4ed03e2\indian handjob hardcore sleeping ejaculation (Christine,Tatjana).avi.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_10.0.19041.1_none_bd731e5b85dd203e\indian beastiality trambling full movie (Sylvia).mpg.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_bca64d70c79f104b\beastiality xxx hidden (Tatjana).avi.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\russian nude blowjob lesbian glans sweet .avi.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_1bbb9ab9fc52bac9\nude beast big swallow (Ashley,Melissa).avi.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.746_none_2212358fc33cc10f\danish action bukkake [bangbus] feet .rar.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_10.0.19041.1_none_ae957c4c35a7bf73\cum xxx hidden (Karin).rar.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-composable-sharepicker_31bf3856ad364e35_10.0.19041.1_none_c87e96327faffd0e\animal beast hidden girly (Sandy,Curtney).zip.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_de-de_881b257d159a5de8\african xxx hot (!) leather .zip.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_10.0.19041.1_none_8c0b126c198fcf70\handjob blowjob voyeur .avi.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_3a3c49005c947bac\nude bukkake public hole granny (Samantha).zip.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-w..acejoin-gptemplates_31bf3856ad364e35_10.0.19041.1_none_609f27436445f4da\african horse licking high heels .zip.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Windows\WinSxS\Temp\malaysia hardcore big (Samantha).rar.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_8d8f6812a0c99533\italian nude lesbian public hole .avi.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.1_none_a7ad1894592cfa12\russian porn lingerie girls glans bedroom (Jade).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-t..ervices-tsfairshare_31bf3856ad364e35_10.0.19041.1_none_e32b64807ab11fd2\black animal beast several models feet .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_ca03036af4a5017e\nude trambling full movie stockings (Jenna,Sarah).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\swedish handjob hardcore voyeur .avi.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_it-it_bdb6c49fcea35732\black cumshot fucking big titts bedroom .rar.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_bfae5918c0443f83\black handjob sperm licking hairy .zip.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.1266_none_7916f7558927ae23\tyrkish beastiality hardcore lesbian leather .mpg.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_5d54c0aac5c3c12c\beastiality lesbian [free] feet young (Melissa).mpg.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_10.0.19041.1_none_096bb4dc0d5d63a0\beastiality trambling catfight .rar.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.746_none_96167fa49059f7a3\gang bang lesbian [free] glans (Sonja,Sarah).rar.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedrealitysvc_31bf3856ad364e35_10.0.19041.746_none_822bf1ada1526fa8\tyrkish nude beast licking .zip.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-update-upshared_31bf3856ad364e35_10.0.19041.1151_none_025296d718a7b3a8\spanish hardcore lesbian cock (Kathrin,Liz).zip.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.867_en-us_49453482f1fb5356\french beast [milf] feet redhair .avi.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_5b152a8d329397ec\bukkake full movie glans redhair .avi.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_19d22204a1f3fcaf\gang bang bukkake catfight hairy .avi.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_de-de_bc04d4fbcc35e12a\asian lesbian girls (Jade).mpg.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-update-upshared_31bf3856ad364e35_10.0.19041.84_none_85259eff919b7c9e\malaysia gay several models beautyfull .mpg.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx4-uninstallsqlstatetemplate_sql_b03f5f7f11d50a3a_4.0.15805.0_none_db70a8ec1b999dd5\tyrkish horse beast catfight bondage .rar.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_621728fcd3c9d5f6\fucking sleeping (Sylvia).zip.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_14c898cc82025c76\tyrkish horse fucking girls 50+ (Sonja,Tatjana).mpg.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedrealitysvc_31bf3856ad364e35_10.0.19041.1_none_5a23b464e1e0b15e\animal trambling catfight feet .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx-shared_registry_whidbey_31bf3856ad364e35_10.0.19041.1_none_1c68775f06732f08\porn hardcore hidden (Melissa).avi.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1202_none_e2f5ebbcec2d8fca\canadian blowjob uncut .zip.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx4-_dataoraclec.._shared12_neutral_h_b03f5f7f11d50a3a_4.0.15805.0_none_3b8d4dacc2ea6b71\lingerie full movie wifey (Sonja,Melissa).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Windows\WinSxS\x86_netfx4-installsqlstatetemplate_sql_b03f5f7f11d50a3a_4.0.15805.0_none_bde408a455fc3ece\french lesbian full movie cock beautyfull (Jade).zip.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_fad1fa0072ef4a3a\action lingerie [milf] (Tatjana).rar.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\beast [free] titts femdom .mpg.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Windows\Downloaded Program Files\indian nude gay public titts YEâPSè& .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_adfc5e0bfca53431\american nude sperm girls cock granny (Tatjana).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_10.0.19041.1_none_a3d9a07cf2290837\german trambling hidden fishy (Sonja,Curtney).rar.exe | C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe
"C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe"
C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe
"C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe"
C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe
"C:\Users\Admin\AppData\Local\Temp\91a5dcbe155ba98a4921d00b5011ef53a303fde1a4d4033deef897788596074f.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 239.81.30.58.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 221.250.26.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.163.125.246.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.67.134.125.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.173.199.213.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.27.101.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.67.193.202.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.55.117.71.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 247.96.65.158.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.122.138.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.236.117.80.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.57.137.21.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.125.62.181.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.167.152.193.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.20.62.114.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.215.126.7.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 204.220.157.187.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.36.233.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 248.79.233.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.14.38.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.102.233.126.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 94.156.170.98.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.242.195.243.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.192.25.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.198.20.224.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 61.228.162.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 253.88.9.100.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 148.111.167.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 141.69.89.221.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 60.141.66.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.42.123.107.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 60.42.41.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.130.93.33.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.162.106.168.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 213.221.129.58.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.42.79.218.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 159.122.97.171.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.212.203.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 85.16.135.191.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.197.242.79.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 93.84.5.60.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.6.241.58.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.141.41.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.193.50.175.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 246.139.245.81.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.2.116.182.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 250.242.99.223.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 201.217.226.155.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.59.23.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 185.130.221.39.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 215.192.56.24.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 147.191.128.30.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.78.195.50.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 63.198.75.247.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 215.105.213.221.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.107.102.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.238.106.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 245.173.219.29.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.228.132.14.in-addr.arpa | udp |
| US | 8.8.8.8:53 | udp |
Files
memory/4880-0-0x0000000000400000-0x0000000000429000-memory.dmp
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\lingerie voyeur feet sweet .mpg.exe
| MD5 | ccac77b13a185b338482ffe4ebcf0ab3 |
| SHA1 | c0403ebaf4fb452d2f7e27b78613dbf2aa81d1af |
| SHA256 | 2276bbb86b773e3a0b8348f41d437feadb993aeb12e8d1627f8f991d28564da1 |
| SHA512 | 1a6aa80f846512a5f209d7a79d427fc4759d7e593464432f63d6a5b2fe4a47ffc4fb779a7cc22c9346d5aa2a2082ad9e46520d5d9579b4e2c73db30f7c7234ca |
memory/1784-72-0x0000000000400000-0x0000000000429000-memory.dmp
memory/3536-166-0x0000000000400000-0x0000000000429000-memory.dmp