Analysis Overview
SHA256
9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c
Threat Level: Known bad
The file 9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c was found to be: Known bad.
Malicious Activity Summary
Detects executables containing possible sandbox analysis VM usernames
Detects executables containing possible sandbox analysis VM usernames
Reads user/profile data of web browsers
Checks computer location settings
Enumerates connected drives
Adds Run key to start application
Drops file in System32 directory
Drops file in Program Files directory
Drops file in Windows directory
Enumerates physical storage devices
Program crash
Unsigned PE
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-07 23:44
Signatures
Detects executables containing possible sandbox analysis VM usernames
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-07 23:44
Reported
2024-04-07 23:47
Platform
win7-20240220-en
Max time kernel
150s
Max time network
121s
Command Line
Signatures
Detects executables containing possible sandbox analysis VM usernames
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\System32\LogFiles\Fax\Incoming\japanese hardcore lesbian vagina YEâPSè& (Anniston).avi.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\gang bang handjob sleeping .zip.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\sperm licking ash .avi.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\japanese lesbian hot (!) ash redhair .zip.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\blowjob animal hidden glans .avi.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\gay public circumcision .rar.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\tyrkish porn big .avi.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\shared\chinese hardcore gang bang hot (!) shower .zip.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\handjob voyeur hole leather (Sandy).zip.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\shared\beastiality blowjob several models black hairunshaved .zip.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Common Files\microsoft shared\lesbian sleeping traffic .zip.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\Download\indian gay action [free] vagina shoes .zip.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\italian gang bang horse [milf] titts girly .rar.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\hardcore lesbian hidden castration (Sandy).zip.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Program Files\DVD Maker\Shared\canadian lesbian beast hot (!) nipples pregnant (Sonja,Karin).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Shared Gadgets\chinese horse gang bang girls (Melissa,Jenna).avi.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\lesbian uncut vagina mature .zip.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Program Files\Windows Journal\Templates\black sperm sleeping legs .rar.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\bukkake nude [milf] .zip.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\malaysia xxx action masturbation .mpg.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\german handjob sleeping (Janette,Britney).mpg.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\fetish handjob full movie hole .avi.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\spanish cumshot nude [bangbus] feet .zip.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\kicking licking circumcision .mpg.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\gay bukkake licking young .rar.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\horse full movie .rar.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-m..-temptable-provider_31bf3856ad364e35_6.1.7600.16385_none_1dd3ce8d1e7524cd\black sperm public hole upskirt .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_6.1.7600.16385_none_a727eb798dcfb185\malaysia cum hardcore several models cock stockings (Samantha,Melissa).avi.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_39374e2435a71b47\african horse public hole .zip.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Windows\winsxs\InstallTemp\kicking sperm [bangbus] titts castration .rar.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_095efe9c8261401e\spanish action [bangbus] latex .mpg.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\porn sleeping high heels (Samantha).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\animal lingerie [free] (Christine,Curtney).mpg.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_bcc167434bb9b3ea\brasilian horse fetish [free] cock redhair (Samantha).zip.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_d8216ed3d8746200\russian blowjob cum public .mpg.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a3772de7111797da\beastiality gay voyeur boobs shower .zip.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e30b5ec05031d17d\brasilian blowjob girls feet YEâPSè& (Jenna,Sonja).mpg.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_f0ca3430257ea13f\xxx [bangbus] pregnant (Liz,Christine).rar.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_cd2006602e5ee22e\handjob gang bang [bangbus] ash .rar.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Windows\SoftwareDistribution\Download\tyrkish kicking gay sleeping .avi.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05\chinese gang bang big 40+ .mpg.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_34400a5790d1d336\handjob horse licking hotel .mpg.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_c26c5b8280c6af34\sperm hidden .avi.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Windows\winsxs\Temp\tyrkish fetish handjob [free] (Curtney).avi.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\beastiality bukkake [milf] .mpg.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_6.1.7600.16385_none_49dd84a06c7c8863\black gang bang horse masturbation gorgeoushorny (Britney).zip.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_963e6ae24c653bfe\french sperm beast [milf] feet 40+ (Samantha).rar.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ea4a469ab7713182\black action horse uncut vagina .avi.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_6.1.7600.16385_none_6377027f0030a06a\bukkake lesbian hot (!) mature .zip.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_2e7f079c3208e549\danish xxx [free] .rar.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_dba3691c6002e10e\indian beast several models nipples .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0993a1b8823a4e79\swedish handjob [bangbus] 50+ .avi.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\cumshot horse lesbian .mpg.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_60a2cbbf935c42b4\american fetish trambling [free] titts bondage (Anniston,Janette).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_aedaf3947d09fbe5\gay blowjob voyeur ìï .avi.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_65b23d3c3a97bfaf\japanese kicking [bangbus] hotel .mpg.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5d6ada54ed6d35a2\russian cumshot masturbation young .avi.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_515dc677700303ec\japanese blowjob hidden circumcision .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\italian lesbian sleeping nipples 40+ .mpg.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\beast hidden hairy (Sandy,Jade).mpg.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_6208b91f46896156\kicking gang bang [milf] (Sarah).rar.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_97a45841ff925aa0\swedish nude horse big (Tatjana,Jade).avi.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\african lingerie licking vagina 40+ (Anniston).avi.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\italian lingerie trambling [milf] .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\russian trambling kicking lesbian ash .zip.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_6f0f7833cb71e18d\malaysia trambling cum [bangbus] circumcision .zip.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0af98f1835676d1b\canadian gang bang gay several models 40+ (Curtney).avi.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\black trambling bukkake public (Janette,Sylvia).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\Downloads\japanese beastiality cumshot masturbation lady .zip.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_94828572f7ddbf0f\british lesbian hardcore licking ash ejaculation .avi.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2fc4a33adb648f33\british lingerie licking stockings (Samantha).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Windows\mssrv.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\cum sperm [bangbus] .zip.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8bc7919d3f36cee7\trambling lesbian .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_a945e2c500c90142\british sperm public vagina black hairunshaved (Tatjana,Tatjana).mpg.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\brasilian fetish girls .avi.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\german porn public .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8d9f242de8497d58\fucking public titts .mpg.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_6.1.7600.16385_none_af6f98ff87b0e3cc\chinese action fucking licking (Melissa).avi.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0835101f2d90c7b6\animal full movie boots (Karin).mpg.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_00225053e03f4c04\indian sperm hardcore public shower .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Windows\security\templates\chinese action catfight ash penetration .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\danish blowjob xxx catfight glans (Melissa).avi.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_f27c4f066f5c6701\asian sperm horse [milf] (Sonja,Sylvia).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_4fe2107fd06efdd8\brasilian hardcore [free] YEâPSè& .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_dd18b2a07d49aa11\gay hot (!) gorgeoushorny .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\fetish girls boobs hairy .zip.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_1412267f4b3bb985\handjob horse lesbian balls .zip.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_9498b282333b64ec\tyrkish action hot (!) .mpg.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
Enumerates physical storage devices
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe |
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe
"C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe"
C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe
"C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe"
C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe
"C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2552 -s 600
Network
Files
C:\Program Files\Windows Sidebar\Shared Gadgets\chinese horse gang bang girls (Melissa,Jenna).avi.exe
| MD5 | 70744fe97e63c94d8a75a27fdcb1456b |
| SHA1 | ec274d9a2707e1bcdf7f8cb978fd8946c3bd890a |
| SHA256 | 591b08af06e66b38f393a89ce2de1484a95ad3cd8c32ed73a62808fea4c4b2f4 |
| SHA512 | 70c3e96872e381e3b1802637e542b502f1b59a25b0492fdf860835cfa70398c2cb7ea4c4f8eea8e621f79ef888638d424908858f90345c797564e8fe99bd7165 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-07 23:44
Reported
2024-04-07 23:47
Platform
win10v2004-20240226-en
Max time kernel
150s
Max time network
152s
Command Line
Signatures
Detects executables containing possible sandbox analysis VM usernames
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\config\systemprofile\brasilian animal gay girls YEâPSè& .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\british hardcore uncut penetration .avi.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Windows\System32\LogFiles\Fax\Incoming\american action xxx big hole ash .rar.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\bukkake sleeping sm .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\SHARED\brasilian nude hardcore [milf] feet (Sonja,Liz).zip.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\italian animal fucking voyeur hairy (Jenna,Curtney).zip.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\horse hot (!) titts girly (Liz).rar.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\SHARED\indian cumshot beast full movie swallow .rar.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\xxx big .rar.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\swedish handjob sperm licking penetration .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\italian gang bang sperm hidden (Karin).mpg.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\hardcore big (Liz).mpg.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\Common Files\microsoft shared\brasilian cumshot bukkake girls cock YEâPSè& .zip.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Program Files\Microsoft Office\Updates\Download\lingerie full movie feet redhair .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\canadian lingerie [bangbus] young .avi.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Microsoft Shared\gay public hole (Sonja,Janette).mpg.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Templates\lesbian uncut gorgeoushorny (Britney,Karin).mpg.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\blowjob big feet bedroom .mpg.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\blowjob hot (!) hole (Gina,Sarah).rar.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\tyrkish beastiality horse masturbation stockings (Britney,Tatjana).avi.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\american handjob fucking uncut beautyfull .avi.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\blowjob [milf] (Karin).avi.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\black cumshot horse public latex .avi.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\fucking sleeping feet .mpg.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\brasilian gang bang xxx hot (!) .zip.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Program Files\dotnet\shared\malaysia hardcore sleeping .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Shared Gadgets\american gang bang hardcore big cock .avi.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\japanese action blowjob public feet .zip.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\Download\lingerie [free] .zip.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\italian horse fucking full movie ash (Anniston,Sarah).rar.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\WinSxS\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_10.0.19041.1_none_15ba23b7f1e2b81b\danish nude fucking catfight cock shower .rar.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\Downloads\fucking masturbation (Sarah).avi.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_10.0.19041.746_none_e2c6a972a81b8d2c\italian fetish blowjob [free] .mpg.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.746_none_b53f8b98f2b3a373\nude lesbian hidden hole wifey .zip.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Windows\SoftwareDistribution\Download\danish fetish lesbian [bangbus] hole pregnant .mpg.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_es-es_bf79b5fcc06b3128\asian trambling licking ejaculation .zip.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_10.0.19041.1_none_8c0b126c198fcf70\brasilian cumshot bukkake public cock .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-t..ervices-tsfairshare_31bf3856ad364e35_10.0.19041.1_none_e32b64807ab11fd2\russian animal fucking public ejaculation .avi.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-t..ervices-tsfairshare_31bf3856ad364e35_10.0.19041.746_none_0b33a1c93a22de1c\hardcore [milf] feet hotel .mpg.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_ee7ea14f7d8a3ee3\british horse hot (!) (Curtney).rar.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.1_none_d12f2a9a88909fc2\fetish blowjob big (Sarah).mpg.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_10.0.19041.1_none_de1581e9a275faf8\cumshot beast public glans .zip.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.906_none_f962ab5f47e1e896\german blowjob catfight hole hotel (Janette).zip.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1_none_a23e6a858fad9595\lingerie uncut pregnant (Sandy,Tatjana).mpg.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Windows\InputMethod\SHARED\bukkake sleeping sm (Sonja,Tatjana).mpg.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\black gang bang beast public .mpg.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\horse several models hotel .mpg.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_de-de_16bd831fd16633be\african beast [milf] black hairunshaved (Britney,Sarah).zip.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_de-de_e4e52f411b7b0526\malaysia xxx lesbian glans .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_67a96afcfa248327\canadian lingerie catfight glans shoes .rar.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\lesbian licking titts penetration .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\japanese action fucking big beautyfull .avi.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d38ece58f77171b4\lingerie licking .avi.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..se-shared-datafiles_31bf3856ad364e35_10.0.19041.1_none_2f5f00d280dce9f6\norwegian fucking catfight redhair (Jenna,Sarah).zip.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_bfae5918c0443f83\chinese fucking voyeur .rar.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedpc-sharedpccsp_31bf3856ad364e35_10.0.19041.746_none_4cfe603abbcbfd86\fucking girls cock .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.867_en-us_49453482f1fb5356\german hardcore voyeur glans hairy (Samantha).avi.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_5b152a8d329397ec\nude gay masturbation femdom .avi.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.746_none_d01527cffa9c25bc\spanish lingerie hidden stockings .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1202_none_d8a1416ab7cccdcf\handjob horse full movie glans gorgeoushorny (Janette).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.746_none_d404daff82e97769\beastiality lingerie sleeping .mpg.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1288_none_ca3007304990b2ea\trambling sleeping (Melissa).zip.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_10.0.19041.746_none_292c449ed2edefa3\asian fucking [bangbus] .avi.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_10.0.19041.1_none_03040a328f65b761\tyrkish horse horse masturbation .avi.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Windows\PLA\Templates\danish nude beast full movie YEâPSè& .zip.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_cb389cf57d74d691\horse bukkake big titts .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.572_none_cf90e12518baac85\handjob gay sleeping (Liz).avi.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_5abbd3c4a3f2014c\swedish beastiality horse hidden hairy .rar.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_07787dd7ae0cf4f6\japanese nude gay voyeur ejaculation .mpg.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Windows\WinSxS\msil_microsoft.powershel..filedownloadmanager_31bf3856ad364e35_10.0.19041.1_none_cb69bad627df9263\danish kicking blowjob girls hole (Ashley,Samantha).rar.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_215194e2327a46ac\german beast girls titts black hairunshaved (Liz).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.1_none_fa09f84703cb02c5\danish gang bang trambling catfight hole .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_fd7349c396c417ae\black nude sperm sleeping beautyfull .rar.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-security-ntlmshared_31bf3856ad364e35_10.0.19041.1_none_734900fc110387b6\malaysia xxx lesbian hole beautyfull .mpg.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx4-installsqlstatetemplate_sql_b03f5f7f11d50a3a_4.0.15805.0_none_7636d1cd418015c8\beastiality sperm sleeping .zip.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_7860bee9439c3ae7\lingerie lesbian feet bondage (Karin).zip.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_5d54c0aac5c3c12c\brasilian action trambling uncut hole hairy (Sarah).avi.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_855aff45853749ef\handjob blowjob voyeur glans .mpg.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_57eddd48e7a74274\french lesbian [bangbus] swallow .avi.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_e79b400a6df5fd2c\russian horse beast [milf] .zip.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_10.0.19041.1_none_bd731e5b85dd203e\russian action xxx girls feet .rar.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_en-us_8dd6053a0a5910eb\american cumshot gay hot (!) hole pregnant .rar.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-update-upshared_31bf3856ad364e35_10.0.19041.84_none_85259eff919b7c9e\swedish animal lingerie voyeur glans .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1202_none_e2f5ebbcec2d8fca\canadian hardcore girls hairy (Britney,Jade).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_adfc5e0bfca53431\beast sleeping shoes .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_en-us_e5f85095c4bc5d16\indian fetish sperm lesbian glans blondie (Sylvia).rar.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_es-es_64c107d8bb3ade94\bukkake big redhair .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-u..tyvm-sysprep-shared_31bf3856ad364e35_10.0.19041.1_none_3ba048793ab5eb3f\african hardcore masturbation cock penetration .mpg.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_f8d34ba1b1eb00de\french horse uncut cock (Ashley,Jade).mpg.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\danish fetish lingerie public titts upskirt .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.1_none_4a03fd12cb3f16c2\malaysia bukkake uncut hole .avi.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Windows\mssrv.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5fdc43acc1be690d\cumshot trambling [free] hole (Christine,Samantha).rar.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.1266_none_7916f7558927ae23\norwegian horse hot (!) titts .rar.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe | N/A |
Enumerates physical storage devices
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe |
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe
"C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe"
C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe
"C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe"
C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe
"C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe"
C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe
"C:\Users\Admin\AppData\Local\Temp\9a40c875ce86b71433b8f0db8b80447cd4077513a17f936d2d2290cd3bdf068c.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 2008 -ip 2008
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2008 -s 1192
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 178.223.142.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.118.77.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.179.89.13.in-addr.arpa | udp |
Files
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\blowjob [milf] (Karin).avi.exe
| MD5 | d718057c0b53f398b56fe0c7aa81e365 |
| SHA1 | c3a5ef31f69f91ccd700779d781e9a5177570a50 |
| SHA256 | 5d1ce9ae0b2727ce91008d24a98ad3e2642998f316e24792cda52767ac21b989 |
| SHA512 | c7e68d2ec8d345faedd85c40f3e4d97dc5ff75d77d23fbdd6c56553a707bbd04b68ded5f2ed7d9ee4ff4679fadbee6424bfa63d0deb2b3f5f6ba2285dacaf0a6 |