Analysis Overview
SHA256
93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c
Threat Level: Known bad
The file 93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c was found to be: Known bad.
Malicious Activity Summary
UPX dump on OEP (original entry point)
Detects executables containing possible sandbox analysis VM usernames
UPX dump on OEP (original entry point)
UPX packed file
Checks computer location settings
Reads user/profile data of web browsers
Enumerates connected drives
Adds Run key to start application
Drops file in System32 directory
Drops file in Windows directory
Drops file in Program Files directory
Enumerates physical storage devices
Unsigned PE
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-07 23:30
Signatures
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-07 23:30
Reported
2024-04-07 23:32
Platform
win7-20240221-en
Max time kernel
150s
Max time network
149s
Command Line
Signatures
Detects executables containing possible sandbox analysis VM usernames
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\FxsTmp\trambling full movie ejaculation (Kathrin,Samantha).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\sperm [free] 50+ .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\horse girls hole sm .avi.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\shared\swedish cum bukkake catfight Ôë .avi.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\indian animal horse licking 40+ .rar.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\shared\swedish action hardcore public (Curtney).avi.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\american action blowjob [bangbus] .mpg.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\brasilian handjob fucking uncut mature .mpg.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Windows\System32\LogFiles\Fax\Incoming\horse full movie .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\fucking [free] bondage .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Google\Temp\beast licking (Liz).mpg.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\sperm catfight titts .mpg.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\american horse hardcore girls .avi.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Program Files\DVD Maker\Shared\italian nude bukkake masturbation granny .avi.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Program Files\Windows Journal\Templates\japanese nude fucking masturbation titts granny (Melissa).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\fucking [milf] glans mature .zip.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Shared Gadgets\black porn trambling uncut hotel .zip.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\danish nude lesbian uncut mistress (Ashley,Curtney).zip.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\beast voyeur hole pregnant (Sarah).zip.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\tyrkish porn lingerie [bangbus] gorgeoushorny .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\indian porn lingerie [free] hole .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\xxx girls feet leather .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\indian animal beast masturbation castration .zip.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\microsoft shared\indian nude xxx full movie girly (Gina,Melissa).avi.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\Download\hardcore public cock upskirt .rar.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\lingerie hot (!) ¤ã (Sandy,Samantha).mpg.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05\hardcore [milf] (Curtney).avi.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_16a2bb1dbab1c595\swedish cum gay [milf] feet .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5d6ada54ed6d35a2\norwegian gay voyeur glans stockings .mpg.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_60a2cbbf935c42b4\lesbian several models YEâPSè& .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_dd18b2a07d49aa11\african trambling hot (!) titts 50+ .zip.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\tyrkish kicking sperm sleeping 40+ .mpg.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\indian animal trambling licking upskirt .mpg.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\lingerie [bangbus] cock .avi.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\black kicking sperm full movie boots .rar.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f25d066604c2ad34\porn beast uncut beautyfull .zip.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_7f84cd98a7a56fd8\norwegian xxx masturbation balls .rar.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8c6fc5a7aa8c435d\tyrkish gang bang horse hot (!) cock leather .rar.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\brasilian gang bang fucking sleeping titts sm (Tatjana).zip.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_293ea1e3e6bc5364\hardcore public cock 50+ .zip.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5d9f7d70ed4643fd\norwegian bukkake licking (Karin).mpg.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\swedish animal gay [bangbus] titts .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\gay several models cock .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_6.1.7600.16385_none_5499606faffb3f9f\american nude sperm girls .rar.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_9498b282333b64ec\hardcore [bangbus] titts stockings .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_a945e2c500c90142\danish cumshot hardcore licking glans ejaculation .zip.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Windows\winsxs\InstallTemp\african fucking big (Liz).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Windows\winsxs\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_6b16fa9f975e1109\cumshot xxx licking cock .avi.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\horse hot (!) .zip.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-m..-temptable-provider_31bf3856ad364e35_6.1.7600.16385_none_1dd3ce8d1e7524cd\asian fucking sleeping .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_664dbffec8693dfe\horse xxx [free] cock .zip.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_1412267f4b3bb985\kicking horse sleeping titts .rar.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_d8216ed3d8746200\kicking bukkake licking glans 40+ .avi.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_4d274741486b900c\blowjob several models .mpg.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\hardcore hot (!) ¼ç .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_d81c96999f75bd77\german lesbian hidden balls .zip.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_bcc167434bb9b3ea\black cum fucking hidden cock beautyfull .zip.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0835101f2d90c7b6\gay hidden .zip.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ad7c61fb28607522\action blowjob several models hole young (Samantha).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\hardcore public redhair .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8bfc34b93f0fdd42\norwegian trambling licking cock bondage .rar.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0993a1b8823a4e79\hardcore voyeur glans 40+ (Samantha).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_05ea1d9b8e2bf020\norwegian bukkake sleeping bedroom (Sonja,Sarah).avi.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_b7f38afb92de484f\malaysia lingerie masturbation ìï .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_387a16fe7addf3b6\american fetish lesbian uncut hole .zip.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_095efe9c8261401e\malaysia sperm catfight glans black hairunshaved (Jade).zip.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_97a45841ff925aa0\fetish blowjob [milf] bondage .zip.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_f0ca3430257ea13f\french lingerie uncut high heels .zip.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ac16749b75335680\chinese horse [milf] titts mature (Curtney).zip.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_515dc677700303ec\lingerie licking cock .zip.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Windows\assembly\tmp\tyrkish horse lingerie several models hole leather .zip.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\Downloads\tyrkish porn horse hidden feet (Sandy,Sarah).rar.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_de-de_5803850b2f40840e\bukkake full movie glans stockings (Melissa).avi.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_en-us_00f45b041e1e8fd3\african beast public upskirt .mpg.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_cd2006602e5ee22e\italian handjob trambling licking ejaculation .avi.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_3863e9ef3f804dd9\spanish horse lesbian .rar.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_aedaf3947d09fbe5\malaysia blowjob big .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_3b85bcbe4734e96a\brasilian nude gay sleeping .rar.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0ac4ebfc358e5ec0\japanese gang bang gay lesbian cock blondie .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_3d98a610fed70b75\japanese action lesbian hot (!) .rar.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_ddab3bcb3a4ffb45\chinese xxx public balls (Christine,Liz).zip.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Windows\mssrv.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_94828572f7ddbf0f\brasilian handjob beast [free] fishy .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_34400a5790d1d336\xxx big hole .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e30b5ec05031d17d\beastiality gay uncut mature (Kathrin,Curtney).rar.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_bacc7ceffc55dca2\swedish kicking trambling hot (!) shower .rar.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\danish fetish lesbian masturbation glans granny .avi.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_65b23d3c3a97bfaf\malaysia fucking lesbian sweet .zip.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_6.1.7600.16385_none_49dd84a06c7c8863\sperm masturbation cock sweet .zip.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe
"C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe"
C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe
"C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe"
C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe
"C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 242.250.102.220.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 207.169.10.133.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 243.89.108.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 39.31.224.55.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 162.143.161.79.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.170.108.165.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 132.85.90.249.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 39.51.240.207.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.197.172.180.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 47.83.247.174.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 174.253.231.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 153.220.73.28.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 38.145.88.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.201.101.5.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.175.27.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.113.78.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 190.187.252.171.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 220.175.212.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.87.171.118.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.186.142.9.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.39.148.200.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.196.196.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.107.218.116.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 87.245.230.119.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.183.48.59.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 115.200.77.144.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.237.122.89.in-addr.arpa | udp |
Files
memory/2972-0-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Program Files\Windows Sidebar\Shared Gadgets\black porn trambling uncut hotel .zip.exe
| MD5 | 2d228e9d29bde5630170aa7ab177637a |
| SHA1 | 10f16ae7a456608b0590bee86d68bdc2bd1a26dd |
| SHA256 | 625c2425f72a658716c69e621997dccc4419f0c1416ac84eb224fc601d5e15c8 |
| SHA512 | d8784ee3f667fa71ad98384b6bdbf45be7befc5993f579c0e3c50cc78dc676d10167f416f5faaa66e1392df8b40328f7a16ac48be32a45e7301a1771f249d0e5 |
memory/2972-64-0x00000000051B0000-0x00000000051CF000-memory.dmp
memory/2464-65-0x0000000000400000-0x000000000041F000-memory.dmp
memory/2464-86-0x0000000004CD0000-0x0000000004CEF000-memory.dmp
memory/1896-87-0x0000000000400000-0x000000000041F000-memory.dmp
memory/2972-104-0x0000000000400000-0x000000000041F000-memory.dmp
memory/2972-106-0x00000000051B0000-0x00000000051CF000-memory.dmp
memory/2464-107-0x0000000000400000-0x000000000041F000-memory.dmp
memory/2464-108-0x0000000004CD0000-0x0000000004CEF000-memory.dmp
memory/1896-109-0x0000000000400000-0x000000000041F000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-07 23:30
Reported
2024-04-07 23:32
Platform
win10v2004-20240226-en
Max time kernel
150s
Max time network
151s
Command Line
Signatures
Detects executables containing possible sandbox analysis VM usernames
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\tyrkish beast masturbation hole sweet (Sonja).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\german blowjob uncut ash 40+ .zip.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\brasilian handjob porn hot (!) gorgeoushorny .zip.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\black action bukkake lesbian .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\porn hardcore full movie .avi.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\SHARED\beast beast hidden .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\american sperm hardcore big sm (Janette).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\indian action [free] .rar.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\nude lesbian sleeping titts (Sarah,Gina).mpg.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\canadian animal gang bang girls titts (Christine).rar.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\SHARED\blowjob uncut wifey .zip.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Windows\System32\LogFiles\Fax\Incoming\blowjob hidden feet (Anniston,Sandy).zip.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Microsoft\Temp\hardcore nude [bangbus] latex .mpg.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\blowjob handjob public (Sonja).mpg.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Templates\brasilian cumshot action licking (Sonja).mpg.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\beastiality [milf] hairy (Ashley,Sonja).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Microsoft Shared\malaysia kicking [bangbus] ejaculation .rar.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\african fetish gang bang voyeur penetration (Karin,Sandy).avi.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Shared Gadgets\swedish action voyeur cock .mpg.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\xxx lingerie [bangbus] .mpg.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\Download\norwegian cum public leather .mpg.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Program Files\Microsoft Office\Updates\Download\norwegian bukkake lesbian [free] blondie .mpg.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\trambling lesbian YEâPSè& (Janette,Jenna).rar.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Program Files\dotnet\shared\fetish full movie gorgeoushorny .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\sperm masturbation .zip.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\horse [milf] pregnant (Gina,Britney).rar.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\spanish kicking big .avi.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\norwegian kicking fetish big nipples .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\beastiality voyeur .rar.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\EU8B19.tmp\danish handjob porn big .rar.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\asian kicking lesbian balls .rar.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\WinSxS\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_10.0.19041.1_none_15ba23b7f1e2b81b\trambling bukkake licking blondie .rar.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-composable-sharepicker_31bf3856ad364e35_10.0.19041.1_none_c87e96327faffd0e\norwegian cumshot fetish [bangbus] hole ejaculation .rar.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_9aa486d790131d4e\bukkake kicking [free] 50+ .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_de-de_16bd831fd16633be\british trambling hot (!) mature .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_b1ffa0e7b4ed03e2\american beast xxx voyeur (Jade).avi.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-update-upshared_31bf3856ad364e35_10.0.19041.1151_none_025296d718a7b3a8\handjob hardcore licking high heels .avi.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_215194e2327a46ac\japanese cum fetish [milf] boobs fishy .rar.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_10.0.19041.1_none_de1581e9a275faf8\tyrkish handjob sperm licking boobs high heels .avi.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-t..ervices-tsfairshare_31bf3856ad364e35_10.0.19041.746_none_0b33a1c93a22de1c\swedish beast porn several models traffic .rar.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-u..ell-sharedutilities_31bf3856ad364e35_10.0.19041.1_none_813610a8a9b59e0a\trambling sleeping hotel .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_en-us_310bfb76047869ad\swedish sperm horse several models castration (Sonja,Ashley).avi.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx-aspnet-sharedcomponents_b03f5f7f11d50a3a_4.0.19041.1_none_47ca94859da20b28\horse gay uncut nipples .mpg.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx-shared_registry_whidbey_31bf3856ad364e35_10.0.19041.1_none_1c68775f06732f08\chinese hardcore public ash .avi.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_it-it_56adcc94becfef03\gang bang cumshot licking legs circumcision .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1288_none_6115038ba57fcb33\japanese handjob horse hot (!) boobs .rar.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\danish fetish cumshot lesbian ash (Kathrin).mpg.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_cb389cf57d74d691\british horse fetish public girly .avi.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.1_none_4a03fd12cb3f16c2\spanish cum [free] boobs shower .mpg.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_855aff45853749ef\canadian trambling cum [free] glans granny .mpg.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..se-shared-datafiles_31bf3856ad364e35_10.0.19041.1_none_2f5f00d280dce9f6\tyrkish beastiality blowjob [free] leather .mpg.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-m..ineshared.resources_31bf3856ad364e35_10.0.19041.1_en-us_99ddc8ce8d3d6dac\handjob beastiality [bangbus] .zip.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\fetish sleeping upskirt .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_adfc5e0bfca53431\american trambling fetish hot (!) pregnant .rar.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_10.0.19041.1_none_ae957c4c35a7bf73\german lesbian masturbation high heels .mpg.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx4-installsqlstatetemplate_sql_b03f5f7f11d50a3a_4.0.15805.0_none_7636d1cd418015c8\german gang bang uncut .avi.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_de-de_21122d7205c6f5b9\french nude lesbian .zip.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_10.0.19041.1_none_965fbcbe4df0916b\malaysia horse lesbian hidden upskirt (Sonja).avi.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_7860bee9439c3ae7\african animal full movie .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Windows\WinSxS\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_10.0.19041.1_none_4ab14109a3e1e067\swedish action full movie feet young .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Windows\SystemResources\Windows.UI.ShellCommon\SharePickerUI\american lesbian licking 40+ .mpg.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-a..gement-uevtemplates_31bf3856ad364e35_10.0.19041.1_none_0d66b54875835a49\african beastiality [milf] (Karin).rar.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-s..mon-sharedresources_31bf3856ad364e35_10.0.19041.1_none_5417ea1f38dbb76b\asian handjob big ash mature .mpg.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_4c786ae2f508e6d5\handjob beast big wifey .rar.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_de-de_3d077a9cd5de5151\american gang bang lesbian licking bondage .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx4-_dataperfcou.._shared12_neutral_h_b03f5f7f11d50a3a_4.0.15805.0_none_24ed4511dcc3019e\british horse nude full movie .zip.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\Downloads\asian horse horse public titts femdom (Sonja).rar.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5021dd18efc0460c\fetish [bangbus] penetration (Ashley).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\asian trambling girls beautyfull .mpg.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_de-de_881b257d159a5de8\german action public .zip.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1151_none_fbdc4c5f677dc2ec\brasilian action action hidden beautyfull (Tatjana,Ashley).avi.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx-aspnet-nonwow64-shared_b03f5f7f11d50a3a_4.0.19041.1_none_d66d07dacac85e2d\cum hidden boobs bondage (Jade,Curtney).rar.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedrealitysvc_31bf3856ad364e35_10.0.19041.1_none_5a23b464e1e0b15e\beast bukkake catfight glans upskirt (Karin,Liz).avi.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_3a3c49005c947bac\black animal sperm [milf] .avi.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.1_none_b201c2e68d8dbc0d\italian action cum licking (Melissa).avi.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.84_none_81616275259e37fe\swedish horse blowjob big hotel (Sonja,Sarah).rar.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_de-de_bc04d4fbcc35e12a\brasilian blowjob trambling public nipples traffic (Karin,Kathrin).avi.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.1_none_c6da8048542fddc7\fetish girls .zip.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_it-it_72a319bf8ee74a9b\british nude beastiality [milf] .rar.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_10.0.19041.1_none_01240756137c3159\bukkake hot (!) circumcision .rar.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_10.0.19041.1_none_551afa5edf8be30e\horse big .avi.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Windows\InputMethod\SHARED\brasilian gang bang [bangbus] cock (Melissa,Tatjana).zip.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_887b2378b7b5651d\tyrkish sperm handjob hidden nipples .avi.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_fe0807c37141be7a\american xxx bukkake big .avi.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_f8d34ba1b1eb00de\fetish hot (!) pregnant (Tatjana,Christine).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.746_none_de598551b74a3964\nude beast [milf] .avi.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_56cd15352969a8d0\fucking [bangbus] legs (Britney).mpg.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_e79b400a6df5fd2c\cum girls sweet .mpg.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_10.0.19041.1_none_4ac6500cab2b2113\spanish handjob big .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_8d8f6812a0c99533\kicking horse public titts .mpg.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.746_none_d01527cffa9c25bc\italian beast full movie leather .zip.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-security-ntlmshared_31bf3856ad364e35_10.0.19041.1_none_734900fc110387b6\british porn xxx sleeping .zip.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_10.0.19041.746_none_292c449ed2edefa3\danish cum sperm [free] high heels (Liz,Kathrin).mpg.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.84_none_cee95e04c201c860\indian gay [bangbus] vagina YEâPSè& .avi.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1_none_97e9c0335b4cd39a\fucking kicking hot (!) lady .rar.exe | C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe
"C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe"
C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe
"C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe"
C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe
"C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe"
C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe
"C:\Users\Admin\AppData\Local\Temp\93b4fb0ee3e0891dd597d3836e0a9e6bd460fe9afaff442dfedcc6bd32a0e75c.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 159.113.53.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.255.68.176.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 165.6.200.164.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.149.69.136.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.190.164.219.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 218.170.15.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.221.170.183.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.239.159.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.227.156.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.121.231.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 51.202.161.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.111.161.135.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 166.167.11.77.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.20.72.221.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.111.30.144.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.72.204.153.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.210.174.206.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.210.188.113.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 184.173.45.61.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.178.61.189.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 118.143.65.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.195.171.130.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.171.24.116.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 187.199.120.136.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.65.89.63.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.183.161.188.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 185.33.80.187.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.173.73.251.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.232.69.196.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.73.101.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.7.244.132.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.137.254.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.49.250.102.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.254.48.28.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 182.82.199.129.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 60.139.72.147.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 147.74.196.233.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.42.102.28.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.148.35.65.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.193.225.161.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.14.55.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.12.116.132.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.102.253.196.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.80.24.197.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 142.4.72.135.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.213.185.251.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.145.182.195.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.235.181.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 144.141.13.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 107.96.91.174.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 189.238.182.205.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.14.237.241.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.43.129.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.103.216.99.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.75.63.62.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 179.142.90.6.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.42.179.65.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 213.96.189.249.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.164.56.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 164.178.204.238.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 12.104.118.203.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.173.189.20.in-addr.arpa | udp |
Files
memory/2556-0-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\african fetish gang bang voyeur penetration (Karin,Sandy).avi.exe
| MD5 | f9255a860fa14a9dd74fa4689472ce05 |
| SHA1 | 1c8ff1cb98f9b60382be6da2b1766bcb69498e08 |
| SHA256 | e4661f73ce3833a5d8334af3b228a104390c5700984fb054cfa740b2bec59e0e |
| SHA512 | eb8e11c400d43c5d814c3c00658138a09e52c43308f787882c599e78eddacba796224e813cfb9e8db70bd263ac41e1f0bc0308200fcec7c5ff55ecbf23a6dac5 |
memory/1572-30-0x0000000000400000-0x000000000041F000-memory.dmp
memory/3704-153-0x0000000000400000-0x000000000041F000-memory.dmp
memory/2932-155-0x0000000000400000-0x000000000041F000-memory.dmp
memory/2556-193-0x0000000000400000-0x000000000041F000-memory.dmp
memory/1572-199-0x0000000000400000-0x000000000041F000-memory.dmp
memory/3704-200-0x0000000000400000-0x000000000041F000-memory.dmp
memory/2932-201-0x0000000000400000-0x000000000041F000-memory.dmp