Analysis Overview
SHA256
929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc
Threat Level: Known bad
The file 929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc was found to be: Known bad.
Malicious Activity Summary
UPX dump on OEP (original entry point)
UPX dump on OEP (original entry point)
Detects executables containing possible sandbox analysis VM usernames
UPX packed file
Checks computer location settings
Reads user/profile data of web browsers
Enumerates connected drives
Adds Run key to start application
Drops file in System32 directory
Drops file in Program Files directory
Drops file in Windows directory
Unsigned PE
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-07 23:27
Signatures
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-07 23:27
Reported
2024-04-07 23:30
Platform
win10v2004-20240319-en
Max time kernel
150s
Max time network
157s
Command Line
Signatures
Detects executables containing possible sandbox analysis VM usernames
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\FxsTmp\horse [milf] hairy .avi.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\fucking lesbian (Jade).avi.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\brasilian porn hardcore hot (!) girly .rar.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\russian handjob trambling masturbation feet ash (Sarah).zip.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\lesbian full movie glans .zip.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\beast sleeping (Jade).zip.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\indian porn beast public feet pregnant (Jade).mpg.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\SHARED\bukkake big titts ash .mpg.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\gay [bangbus] feet .rar.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\hardcore catfight swallow .mpg.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\SHARED\brasilian beastiality lesbian masturbation granny .mpg.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Windows\System32\LogFiles\Fax\Incoming\hardcore hidden cock redhair .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\brasilian gang bang xxx sleeping high heels .mpg.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Program Files\Microsoft Office\Updates\Download\japanese kicking fucking voyeur (Curtney).rar.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Shared Gadgets\fucking several models hole ash (Sarah).mpg.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\fucking lesbian cock .mpg.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Install\{D3EA2F86-0081-495C-8439-1E64CA71F999}\EDGEMITMP_57EE5.tmp\brasilian cumshot lesbian uncut mature .mpg.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\lingerie full movie (Curtney).mpg.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\danish handjob lingerie lesbian feet beautyfull (Sarah).avi.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\italian cumshot beast [milf] titts .zip.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\japanese cumshot lesbian licking bedroom .zip.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\sperm several models mature .zip.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\Download\japanese handjob sperm sleeping .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\fucking voyeur bondage .zip.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\tyrkish animal gay girls cock penetration .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Program Files\dotnet\shared\black porn fucking voyeur penetration .zip.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\bukkake public titts beautyfull (Sarah).rar.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\italian kicking lesbian [bangbus] (Melissa).avi.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Microsoft Shared\swedish handjob beast hot (!) (Melissa).mpg.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\black action lesbian voyeur .mpg.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Templates\japanese fetish horse sleeping cock .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_it-it_1a80ce63d483fe70\bukkake girls YEâPSè& .zip.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_3a3c49005c947bac\african lingerie lesbian .zip.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Windows\WinSxS\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_10.0.19041.1_none_15ba23b7f1e2b81b\british xxx hidden feet Ôï (Karin).mpg.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_f3b35d713ce0fc7f\japanese beastiality trambling several models feet femdom .avi.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_10.0.19041.1_none_a3d9a07cf2290837\beastiality horse hot (!) titts .mpg.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-m..ineshared.resources_31bf3856ad364e35_10.0.19041.1_en-us_99ddc8ce8d3d6dac\african lesbian girls boots .mpg.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..ces-ime-eashared-lm_31bf3856ad364e35_10.0.19041.1_none_4756d423b091d10b\russian handjob horse [bangbus] glans .mpg.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.746_none_96167fa49059f7a3\handjob xxx voyeur cock .zip.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.746_none_aaeae146be52e178\beastiality hardcore [milf] cock upskirt .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_10.0.19041.746_none_292c449ed2edefa3\french lingerie sleeping swallow .mpg.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_de-de_881b257d159a5de8\black cumshot blowjob big .avi.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.906_none_ef0e010d1381269b\cumshot horse full movie .avi.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_10.0.19041.1_none_8c0b126c198fcf70\canadian bukkake big .avi.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_it-it_72a319bf8ee74a9b\cumshot beast girls (Curtney).zip.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_07787dd7ae0cf4f6\swedish action blowjob [milf] .avi.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Windows\SoftwareDistribution\Download\trambling several models .mpg.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_19d22204a1f3fcaf\trambling voyeur 40+ (Kathrin,Samantha).zip.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx-aspnet-sharedcomponents_b03f5f7f11d50a3a_4.0.19041.1_none_47ca94859da20b28\african bukkake catfight hole .mpg.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_en-us_310bfb76047869ad\nude trambling several models glans boots (Janette).mpg.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.1_none_f42978969c79336a\black horse blowjob catfight (Samantha).zip.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_10.0.19041.1_none_0341fea186758116\fetish lingerie voyeur cock fishy (Curtney).avi.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_67a96afcfa248327\lingerie [free] .zip.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_6242879b1c08046f\norwegian lesbian public hotel .avi.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Windows\SystemResources\Windows.ShellCommon.SharedResources\beast catfight feet lady .rar.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_it-it_4c5922428a6f2d08\gang bang lingerie lesbian castration .zip.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c3d467c525734eb3\animal horse licking (Sarah).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_b1ffa0e7b4ed03e2\horse gay licking boots .zip.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Windows\mssrv.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Windows\InputMethod\SHARED\japanese handjob fucking public young (Christine,Karin).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_6c6bd34f082a97f1\beastiality hardcore hot (!) cock .avi.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.746_none_a06b29f6c4bab99e\bukkake [free] penetration (Jenna,Jade).mpg.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_62312bfbb33d478a\tyrkish animal xxx [free] cock young (Janette).avi.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1288_none_ca3007304990b2ea\sperm big sm (Sonja,Tatjana).mpg.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_89c0bf1761110f07\norwegian blowjob lesbian hole high heels .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-t..ervices-tsfairshare_31bf3856ad364e35_10.0.19041.746_none_0b33a1c93a22de1c\trambling lesbian .rar.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_10.0.19041.1_none_de1581e9a275faf8\tyrkish animal gay public feet gorgeoushorny .mpg.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_de-de_16bd831fd16633be\canadian blowjob licking feet .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_10.0.19041.1_none_91025638be651781\porn lingerie sleeping hotel (Anniston,Sylvia).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_de-de_3d077a9cd5de5151\hardcore masturbation .avi.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_3058d81cfd5218f2\malaysia hardcore several models hotel .avi.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1_none_a23e6a858fad9595\blowjob voyeur ejaculation .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1_none_0b596e2a33be7d4c\kicking sperm full movie 40+ .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_14c898cc82025c76\african xxx girls 40+ .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\indian beastiality lesbian catfight titts .mpg.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.1_none_a80cea873b2a6772\french trambling girls titts .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_56cd15352969a8d0\porn gay public cock .rar.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_10.0.19041.1_none_ae957c4c35a7bf73\brasilian kicking fucking big girly .mpg.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_1bbb9ab9fc52bac9\asian fucking public hole leather (Melissa).rar.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_es-es_e5c3ad79c4e34ebb\nude sperm sleeping mature .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Windows\WinSxS\Temp\asian blowjob big glans hairy .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Windows\assembly\temp\bukkake sleeping bedroom .zip.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-a..gement-uevtemplates_31bf3856ad364e35_10.0.19041.1_none_0d66b54875835a49\russian handjob hardcore [milf] shower .avi.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedpc-sharedpccsp_31bf3856ad364e35_10.0.19041.746_none_4cfe603abbcbfd86\tyrkish nude hardcore hot (!) cock granny .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-m..ineshared.resources_31bf3856ad364e35_10.0.19041.1_en-us_a4327320c19e2fa7\french beast several models .mpg.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-security-ntlmshared_31bf3856ad364e35_10.0.19041.1_none_7d9dab4e456449b1\sperm catfight penetration (Gina,Tatjana).rar.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\templates\japanese beastiality hardcore several models redhair .rar.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_211cf1c632a13851\porn sperm [free] cock stockings (Curtney).zip.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Windows\PLA\Templates\fucking lesbian feet pregnant (Karin).zip.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-update-upshared_31bf3856ad364e35_10.0.19041.84_none_85259eff919b7c9e\spanish blowjob sleeping hotel .rar.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_10.0.19041.1_none_c513167c1d0a90dd\action xxx [bangbus] shoes .zip.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\indian animal fucking girls feet hotel .zip.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Windows\Downloaded Program Files\trambling [bangbus] .avi.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx4-uninstallsqlstatetemplate_sql_b03f5f7f11d50a3a_4.0.15805.0_none_db70a8ec1b999dd5\german gay full movie latex (Ashley,Melissa).avi.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_8d8f6812a0c99533\black animal bukkake several models balls .mpg.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe
"C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe"
C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe
"C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe"
C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe
"C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe"
C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe
"C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3232 --field-trial-handle=3408,i,16599691418790971742,134777455365707676,262144 --variations-seed-version /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 4.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.228.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.114.53.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| GB | 13.105.221.15:443 | tcp | |
| NL | 142.251.36.42:443 | tcp | |
| US | 8.8.8.8:53 | 130.118.77.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.152.99.180.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.136.91.237.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.26.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.106.89.90.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.99.100.30.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.69.77.149.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 190.122.243.234.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 85.73.109.144.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 166.143.47.31.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 177.255.139.153.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 199.166.219.61.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 63.205.10.215.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.216.192.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 128.237.197.248.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.10.131.238.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 61.171.56.30.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.3.203.80.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 151.127.134.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.39.220.81.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 38.69.242.241.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 251.244.232.188.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.235.48.252.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 179.183.65.33.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.62.127.146.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 114.214.56.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 218.230.26.211.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 253.81.110.187.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 112.114.90.143.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.246.195.36.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.156.61.137.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 60.110.59.61.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 159.102.77.79.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.183.44.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.200.231.131.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.239.69.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 170.71.121.221.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.33.8.179.in-addr.arpa | udp |
Files
memory/1188-0-0x0000000000400000-0x0000000000420000-memory.dmp
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\bukkake public titts beautyfull (Sarah).rar.exe
| MD5 | cb18280ae41b6a774bb2c2b54420869c |
| SHA1 | c83a716ff0fb8c9b9b872c0422687de9b6532fbe |
| SHA256 | 22b77104367e6a18a1a50d8bbcf6125ec9999dd3f098361de3f1705aa6feb878 |
| SHA512 | fef2911630b6073d553b25901effb7f7779733a2635215854f9f036a311bfebe2a2bd7273bef9b20652e1c2e0695ef84614713ee146a3c2ee2c50f75b6916366 |
memory/2244-16-0x0000000000400000-0x0000000000420000-memory.dmp
memory/928-120-0x0000000000400000-0x0000000000420000-memory.dmp
memory/1260-126-0x0000000000400000-0x0000000000420000-memory.dmp
memory/1188-186-0x0000000000400000-0x0000000000420000-memory.dmp
memory/2244-191-0x0000000000400000-0x0000000000420000-memory.dmp
memory/928-195-0x0000000000400000-0x0000000000420000-memory.dmp
memory/1260-197-0x0000000000400000-0x0000000000420000-memory.dmp
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-07 23:27
Reported
2024-04-07 23:30
Platform
win7-20240221-en
Max time kernel
154s
Max time network
159s
Command Line
Signatures
Detects executables containing possible sandbox analysis VM usernames
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\japanese animal xxx [milf] (Sylvia).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\black cumshot lesbian girls mature .avi.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Windows\System32\LogFiles\Fax\Incoming\italian cum gay full movie feet .zip.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\hardcore full movie latex .rar.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\shared\xxx [free] titts mature .mpg.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\american action hardcore [free] mistress .avi.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\russian cum lingerie hidden (Tatjana).avi.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\shared\lesbian [bangbus] titts fishy .mpg.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\russian horse fucking [bangbus] bedroom .avi.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\russian cum sperm big glans .zip.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\DVD Maker\Shared\gay several models titts .rar.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Shared Gadgets\italian beastiality lesbian licking young (Sandy,Jade).mpg.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\gay hidden feet circumcision .zip.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\horse [milf] hole (Jenna,Sylvia).rar.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\trambling masturbation blondie (Jenna,Sarah).avi.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\japanese handjob beast [bangbus] hole .rar.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\danish beastiality horse full movie hole castration (Jade).rar.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\Download\black gang bang gay [bangbus] glans .mpg.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\brasilian horse trambling licking circumcision .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\gay hidden .rar.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\russian handjob beast hot (!) glans sm (Janette).zip.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\american cumshot trambling several models feet mistress .avi.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Program Files\Windows Journal\Templates\swedish beastiality lingerie several models titts .rar.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\microsoft shared\russian nude sperm several models (Tatjana).mpg.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\american cum horse catfight hole .avi.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\sperm big leather (Jenna,Sarah).avi.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_94828572f7ddbf0f\animal blowjob full movie hole swallow .zip.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_6208b91f46896156\norwegian trambling hot (!) YEâPSè& (Sonja,Sarah).avi.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_97a45841ff925aa0\indian action gay uncut titts .rar.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Windows\SoftwareDistribution\Download\lingerie lesbian balls .rar.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_es-es_00bfb7e81e458178\horse gay girls (Sylvia).avi.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8bfc34b93f0fdd42\lingerie voyeur hole ejaculation .rar.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\hardcore masturbation hole swallow .mpg.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Windows\winsxs\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_6b16fa9f975e1109\nude horse full movie granny (Sandy,Liz).rar.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_3d98a610fed70b75\nude lingerie full movie lady .avi.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0835101f2d90c7b6\gang bang hardcore masturbation sweet (Ashley,Karin).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_6.1.7600.16385_none_5499606faffb3f9f\lingerie lesbian high heels (Sonja,Melissa).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_60a2cbbf935c42b4\swedish nude lingerie masturbation (Melissa).zip.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_3863e9ef3f804dd9\canadian gay licking granny .zip.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_dd18b2a07d49aa11\kicking sperm hidden hole .zip.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Windows\security\templates\fucking several models blondie .avi.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_293ea1e3e6bc5364\canadian bukkake full movie (Curtney).mpg.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2fc4a33adb648f33\chinese sperm hidden balls (Sonja,Janette).zip.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_cd2006602e5ee22e\canadian xxx [milf] .rar.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_aea650787d30ed8a\beastiality horse licking (Sylvia).zip.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_60c2504d62fd4f0e\spanish blowjob [free] (Jade).zip.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_963e6ae24c653bfe\bukkake voyeur sm (Sandy,Curtney).rar.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_en-us_00f45b041e1e8fd3\american cum hardcore [bangbus] (Melissa).avi.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8d9f242de8497d58\swedish animal fucking uncut cock penetration (Janette).mpg.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_39c9d74ef2ad6c7b\lesbian catfight glans (Kathrin,Sylvia).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_f0ca3430257ea13f\asian xxx sleeping feet high heels (Samantha).avi.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_f3c374fc18118ca2\gay big boots (Kathrin,Tatjana).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0af98f1835676d1b\norwegian trambling lesbian titts ejaculation (Sylvia).mpg.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_6.1.7600.16385_none_2958d4a31d2ec64f\malaysia gay public cock .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Windows\mssrv.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\swedish animal blowjob catfight (Liz).mpg.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\beast [bangbus] feet .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\swedish cum horse uncut YEâPSè& .zip.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_965db382b6fef5cb\french blowjob lesbian glans upskirt (Curtney).mpg.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_515dc677700303ec\spanish gay [milf] cock femdom .avi.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\bukkake [free] titts high heels (Melissa).rar.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_39374e2435a71b47\beastiality hardcore big .rar.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ac16749b75335680\african lingerie [milf] balls .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\gay sleeping .avi.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\Downloads\brasilian fetish gay uncut (Sarah).zip.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_657d9a203abeb154\norwegian blowjob hot (!) titts pregnant .zip.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_00225053e03f4c04\porn trambling [bangbus] feet latex (Janette).mpg.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8c6fc5a7aa8c435d\sperm several models ìï .mpg.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Windows\winsxs\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_79642285ffd2a388\beastiality sperm hot (!) swallow (Sonja,Karin).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_7f84cd98a7a56fd8\lingerie [bangbus] feet YEâPSè& .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\italian cum blowjob several models sm .avi.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\horse licking (Jade).rar.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f25d066604c2ad34\asian xxx masturbation 50+ (Christine,Jade).avi.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_34400a5790d1d336\animal xxx [milf] cock fishy .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_6.1.7600.16385_none_6377027f0030a06a\kicking fucking full movie (Sylvia).mpg.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_9498b282333b64ec\lesbian [bangbus] (Samantha).zip.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_c26c5b8280c6af34\french trambling masturbation ejaculation .mpg.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Windows\winsxs\InstallTemp\russian action bukkake masturbation beautyfull .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_095efe9c8261401e\chinese trambling uncut hole 40+ .zip.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\bukkake masturbation latex (Christine,Jade).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\japanese gang bang fucking public .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a3772de7111797da\french blowjob [bangbus] ash .avi.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_5e4ff1f4cf2dee9b\danish nude bukkake public (Liz).zip.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\swedish cumshot sperm masturbation .zip.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_4d274741486b900c\canadian beast hot (!) feet penetration (Sylvia).mpg.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Windows\PLA\Templates\beast [bangbus] cock ash (Samantha).zip.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_664dbffec8693dfe\gang bang lesbian lesbian titts .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_3b85bcbe4734e96a\spanish hardcore several models .avi.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_387a16fe7addf3b6\horse [free] YEâPSè& (Christine,Sylvia).zip.exe | C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe
"C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe"
C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe
"C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe"
C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe
"C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe"
C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe
"C:\Users\Admin\AppData\Local\Temp\929d198f356efa5b08054d4d0008845c6cf03bda5cd1fad151c5fefc1e6841dc.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 255.84.129.158.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 182.76.55.65.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.192.235.175.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.183.157.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.39.133.16.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 142.128.106.171.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.207.211.30.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.91.195.50.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.161.27.179.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.137.10.60.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 51.252.220.233.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.90.234.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.243.126.132.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.128.146.251.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 191.91.76.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 107.129.253.81.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.246.214.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 208.194.249.65.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 222.165.16.124.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.226.41.205.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.200.135.243.in-addr.arpa | udp |
| US | 8.8.8.8:53 | udp |
Files
memory/2156-0-0x0000000000400000-0x0000000000420000-memory.dmp
C:\Program Files\Windows Sidebar\Shared Gadgets\italian beastiality lesbian licking young (Sandy,Jade).mpg.exe
| MD5 | cefcb100eae12e0e431a254d24e8b71f |
| SHA1 | e66184c07f45fc4a63b206282c10c1f777b9041f |
| SHA256 | 2034ea248f4e593161a25695d20b780eff0200b30e92e147c4792d5b2c77a85a |
| SHA512 | ed24a9d4feda405dce2f1cf741de791bf4da2379d4cf9d7ce2a6f9d4c4a232e78ec5b0bae80fecdcaca63f5c23d23d0c5627c70586bd0390f2e0795cb79b3aae |
memory/2156-8-0x0000000004870000-0x0000000004890000-memory.dmp
memory/3004-9-0x0000000000400000-0x0000000000420000-memory.dmp
memory/3004-56-0x0000000002090000-0x00000000020B0000-memory.dmp
memory/2440-57-0x0000000000400000-0x0000000000420000-memory.dmp
memory/2408-58-0x0000000000400000-0x0000000000420000-memory.dmp
memory/2156-96-0x0000000000400000-0x0000000000420000-memory.dmp
memory/2156-97-0x0000000004870000-0x0000000004890000-memory.dmp
memory/3004-100-0x0000000000400000-0x0000000000420000-memory.dmp
memory/2440-104-0x0000000000400000-0x0000000000420000-memory.dmp
C:\debug.txt
| MD5 | 7e01dc3087852f152b614d51c75a90ec |
| SHA1 | bde6a5a2d6479d5805c168baaf5903488e165d7b |
| SHA256 | fbbcfda62edc9276a5f221a00dabc87fec936ae1b27bea9cb4f7043aba988bc8 |
| SHA512 | 60014cb79fb8d2ff31fc859fded51cacac113fd441144fb51a505d5a4d02998b7677b7fc42abf38e5376d12033318789627149e4529d746366e147baebed8adc |