Analysis Overview
SHA256
0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9
Threat Level: Known bad
The file 0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9 was found to be: Known bad.
Malicious Activity Summary
UPX dump on OEP (original entry point)
Detects executables containing possible sandbox analysis VM usernames
UPX dump on OEP (original entry point)
UPX packed file
Reads user/profile data of web browsers
Checks computer location settings
Enumerates connected drives
Adds Run key to start application
Drops file in System32 directory
Drops file in Windows directory
Drops file in Program Files directory
Unsigned PE
Enumerates physical storage devices
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-07 18:20
Signatures
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-07 18:20
Reported
2024-04-07 18:23
Platform
win7-20240221-en
Max time kernel
150s
Max time network
154s
Command Line
Signatures
Detects executables containing possible sandbox analysis VM usernames
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\System32\DriverStore\Temp\sperm several models bedroom .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\italian action trambling voyeur (Tatjana).mpg.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\russian action blowjob uncut (Samantha).avi.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\swedish cum gay [free] ìï .avi.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\shared\swedish horse blowjob catfight titts .rar.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\russian handjob gay catfight gorgeoushorny .rar.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\brasilian beastiality bukkake uncut .zip.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\bukkake big .rar.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\shared\hardcore full movie glans bedroom (Karin).avi.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Windows\System32\LogFiles\Fax\Incoming\hardcore public cock castration (Samantha).rar.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\horse [bangbus] (Sylvia).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\tyrkish horse lesbian [bangbus] ìï .rar.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Program Files\DVD Maker\Shared\bukkake catfight glans hairy (Janette).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\brasilian gang bang fucking hot (!) glans YEâPSè& .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Shared Gadgets\lesbian public hairy (Britney,Karin).mpg.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\microsoft shared\swedish kicking trambling uncut hole femdom (Curtney).avi.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\sperm sleeping feet .mpg.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\Download\gay [free] young .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\beast hot (!) feet .rar.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\fucking several models (Jade).zip.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\danish fetish lingerie uncut cock traffic .mpg.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Program Files\Windows Journal\Templates\bukkake licking boots .zip.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\indian cum gay public castration (Sonja,Melissa).rar.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\lesbian full movie 40+ (Kathrin,Curtney).rar.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\gang bang lingerie catfight granny .avi.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_aea650787d30ed8a\animal lesbian public beautyfull .zip.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\lingerie uncut feet girly .avi.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_99b74194b7347cab\handjob trambling licking (Jade).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_3d98a610fed70b75\asian bukkake public hole .avi.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_f3c374fc18118ca2\german hardcore [milf] cock .avi.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_6208b91f46896156\german blowjob masturbation feet mature .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Windows\winsxs\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_6b16fa9f975e1109\chinese horse sleeping shower .avi.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_dd18b2a07d49aa11\american porn bukkake hot (!) feet leather .zip.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\italian handjob trambling catfight feet .avi.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\american nude horse hidden bedroom .mpg.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Windows\security\templates\italian action horse girls titts pregnant (Sarah).rar.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8bfc34b93f0fdd42\norwegian beast catfight glans sm .rar.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\indian beastiality beast [bangbus] leather .avi.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_7f84cd98a7a56fd8\trambling girls cock .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_05ea1d9b8e2bf020\african bukkake masturbation castration (Sandy,Curtney).mpg.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\gay big feet blondie .zip.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5d9f7d70ed4643fd\lingerie [milf] 40+ .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_34400a5790d1d336\horse uncut pregnant .rar.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_095efe9c8261401e\horse xxx girls hole upskirt .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8bc7919d3f36cee7\asian trambling lesbian cock .zip.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Windows\winsxs\InstallTemp\action beast full movie blondie .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_60a2cbbf935c42b4\gang bang fucking lesbian .mpg.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_4d274741486b900c\trambling masturbation bondage .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_515dc677700303ec\horse uncut feet .mpg.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_ddab3bcb3a4ffb45\japanese beastiality bukkake sleeping cock .mpg.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\brasilian horse lingerie catfight feet high heels .zip.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\italian beastiality lesbian big bondage .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Windows\SoftwareDistribution\Download\bukkake lesbian hotel (Jenna,Tatjana).avi.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e30b5ec05031d17d\porn bukkake hidden (Sylvia).rar.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_3b85bcbe4734e96a\indian action horse several models pregnant .avi.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\russian kicking xxx catfight black hairunshaved .avi.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_d81c96999f75bd77\action xxx big (Janette).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_de-de_5803850b2f40840e\american kicking sperm several models cock .mpg.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2fc4a33adb648f33\brasilian cum hardcore hidden cock ìï .mpg.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\tyrkish handjob horse girls feet beautyfull (Jade).rar.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_it-it_18a6fde3093acac7\canadian horse uncut glans ash .rar.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\trambling lesbian black hairunshaved (Christine,Janette).zip.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b4aea777fe683838\american animal trambling [milf] upskirt .rar.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_dba3691c6002e10e\animal beast uncut feet .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-m..-temptable-provider_31bf3856ad364e35_6.1.7600.16385_none_1dd3ce8d1e7524cd\xxx licking glans swallow .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_94ab98ac6d213009\tyrkish horse bukkake lesbian shoes .mpg.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Windows\assembly\temp\russian kicking horse sleeping leather (Ashley,Sylvia).zip.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\Downloads\italian gang bang xxx hidden hotel .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_293ea1e3e6bc5364\chinese fucking voyeur titts traffic .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\indian horse fucking hidden glans .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\brasilian handjob sperm sleeping swallow .avi.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\swedish gang bang xxx several models latex .mpg.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_c26c5b8280c6af34\french beast voyeur .zip.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\blowjob girls (Liz).zip.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\Downloads\sperm public penetration .rar.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_3c93ac15fd731acf\russian nude lesbian catfight .avi.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\swedish cum sperm full movie (Sylvia).avi.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_bcc167434bb9b3ea\french bukkake uncut feet black hairunshaved (Sarah).mpg.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ea4a469ab7713182\japanese beastiality trambling [free] ejaculation .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_16a2bb1dbab1c595\fetish bukkake uncut gorgeoushorny (Christine,Janette).zip.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_00225053e03f4c04\action bukkake [bangbus] cock .rar.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ad7c61fb28607522\cum gay uncut fishy (Sonja,Liz).rar.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_f0ca3430257ea13f\danish nude fucking lesbian (Jade).rar.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_aedaf3947d09fbe5\french gay catfight .zip.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Windows\mssrv.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05\fetish sperm voyeur hole balls .rar.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_39374e2435a71b47\animal horse voyeur bondage (Gina,Sylvia).rar.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_d8216ed3d8746200\danish horse gay masturbation glans .zip.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\danish cum beast public 40+ .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe
"C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe"
C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe
"C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe"
C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe
"C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe"
C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe
"C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 223.117.212.229.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.75.207.222.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 252.136.163.211.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 135.210.117.73.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 213.38.1.220.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.197.214.62.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.251.83.180.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 96.2.184.16.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 201.103.41.133.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.105.50.123.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.205.8.133.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.230.90.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.119.118.131.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.211.27.25.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.111.253.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.101.118.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.224.76.7.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 54.94.207.112.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.104.176.1.in-addr.arpa | udp |
Files
memory/2756-0-0x0000000000400000-0x000000000041E000-memory.dmp
C:\Program Files\Windows Sidebar\Shared Gadgets\lesbian public hairy (Britney,Karin).mpg.exe
| MD5 | 2f75562806830e677b843be9b2453ad0 |
| SHA1 | 94799a07e206611c4fd91cb0086bb34e62c78324 |
| SHA256 | 7adeebadd0e6f4c8eb7ce640c1f262bcb274217c619e7886ee27158be0e525c4 |
| SHA512 | 089ed4db8c22a5f5dae2f7a52e85f3030cd5c992415a12611fc0ed781a8be38299b5e13384191a3e5ca12e4dab3b32b8695a258fb5f179913f21bf9da323656e |
memory/3068-16-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2756-52-0x0000000005150000-0x000000000516E000-memory.dmp
memory/2756-86-0x0000000000400000-0x000000000041E000-memory.dmp
memory/3068-87-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2476-88-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2672-89-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2756-90-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2756-91-0x0000000000400000-0x000000000041E000-memory.dmp
memory/3068-95-0x0000000004900000-0x000000000491E000-memory.dmp
memory/2756-97-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2756-103-0x0000000000400000-0x000000000041E000-memory.dmp
C:\debug.txt
| MD5 | 3486d64733584d078445742000cd9065 |
| SHA1 | 5c54e122d1254cd6b33953925aeedf52d7d9e6e8 |
| SHA256 | 8a610391868d0b1a70d4f488e3a6b29499d90c1779ca5b84718325ec0147f648 |
| SHA512 | 8ea37ab735ef8c1c62fdc333d3d43f43b145fcc68d7ee78bf19b8721cf9157776b3aca0f32b29e47930c2aa663c6985bd960b1880b5786b96866884464895889 |
memory/2756-115-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2756-119-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2756-123-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2756-127-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2756-133-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2756-137-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2756-141-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2756-145-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2756-149-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2756-153-0x0000000000400000-0x000000000041E000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-07 18:20
Reported
2024-04-07 18:23
Platform
win10v2004-20231215-en
Max time kernel
150s
Max time network
151s
Command Line
Signatures
Detects executables containing possible sandbox analysis VM usernames
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\FxsTmp\american fucking cumshot lesbian boobs mistress (Ashley).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\tyrkish trambling gay catfight young (Karin,Tatjana).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\SHARED\german trambling horse girls .mpg.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\african handjob big wifey .rar.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\british beast lesbian uncut nipples stockings .zip.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\SHARED\action horse hot (!) granny .rar.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Windows\System32\LogFiles\Fax\Incoming\bukkake masturbation glans .mpg.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\american beast full movie cock lady .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\cumshot [free] boobs YEâPSè& .mpg.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\indian fucking horse girls (Kathrin).zip.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\italian blowjob porn uncut blondie (Melissa,Britney).mpg.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\porn catfight cock wifey .zip.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\canadian animal sperm several models boobs .avi.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\tyrkish horse full movie boobs wifey .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\horse hidden wifey .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\norwegian lingerie lesbian masturbation YEâPSè& (Jenna,Ashley).avi.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Program Files\Microsoft Office\Updates\Download\indian fucking sleeping boobs sweet .rar.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Shared Gadgets\lesbian cum uncut shoes .zip.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Microsoft Shared\horse voyeur titts .zip.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\beast trambling full movie .mpg.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Templates\sperm sleeping hairy (Sarah,Curtney).avi.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\trambling beast uncut (Ashley).mpg.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\french lingerie uncut bondage (Sarah,Kathrin).rar.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\canadian fetish catfight penetration (Jenna).zip.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\cumshot licking glans (Jenna).mpg.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Program Files\dotnet\shared\sperm porn girls (Christine).mpg.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\norwegian beast voyeur black hairunshaved .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\japanese beast hardcore girls upskirt (Ashley).zip.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\cumshot masturbation .avi.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\Download\tyrkish horse girls boots (Gina).zip.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\assembly\tmp\italian bukkake [milf] nipples castration (Sonja).rar.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.84_none_81616275259e37fe\chinese cum [bangbus] (Gina,Anniston).avi.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_es-es_64c107d8bb3ade94\beast horse masturbation (Ashley,Karin).avi.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Windows\WinSxS\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_10.0.19041.1_none_a723631dce180fe0\xxx big lady .zip.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Windows\security\templates\porn fetish several models ash .rar.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_es-es_8da1621e0a800290\gang bang uncut ash boots .zip.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1288_none_6115038ba57fcb33\kicking masturbation ash boots .rar.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_57eddd48e7a74274\bukkake kicking sleeping wifey .rar.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_en-us_e5f85095c4bc5d16\japanese blowjob [milf] cock mature .zip.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_10.0.19041.1_none_551afa5edf8be30e\indian horse sleeping granny .mpg.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-update-upshared_31bf3856ad364e35_10.0.19041.84_none_85259eff919b7c9e\spanish lingerie sperm girls .zip.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_de-de_e4e52f411b7b0526\tyrkish horse several models boobs .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_fad1fa0072ef4a3a\malaysia fucking girls ash .zip.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_10.0.19041.1_none_096bb4dc0d5d63a0\fucking hot (!) 50+ .avi.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Windows\WinSxS\msil_microsoft.powershel..filedownloadmanager_31bf3856ad364e35_10.0.19041.1_none_cb69bad627df9263\danish action horse [milf] boots (Jenna,Ashley).mpg.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\templates\danish nude beastiality several models legs (Gina).rar.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_4c786ae2f508e6d5\german bukkake blowjob licking bondage (Jade,Curtney).rar.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.746_none_2212358fc33cc10f\nude trambling public .mpg.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-s..mon-sharedresources_31bf3856ad364e35_10.0.19041.1_none_5417ea1f38dbb76b\african handjob public (Gina).rar.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_it-it_bdb6c49fcea35732\gay fetish catfight hole .mpg.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_b1ffa0e7b4ed03e2\tyrkish kicking voyeur shoes (Liz).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-u..ell-sharedutilities_31bf3856ad364e35_10.0.19041.546_none_a93e4a2569276206\nude hardcore uncut .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.746_none_aaeae146be52e178\brasilian cum uncut blondie .zip.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_3058d81cfd5218f2\german gang bang sleeping mistress .rar.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_2610450c30b37cc4\russian horse cumshot public bondage .avi.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_3a3c49005c947bac\norwegian horse animal masturbation hairy (Samantha,Anniston).avi.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\Downloads\indian sperm public (Christine).avi.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_de-de_881b257d159a5de8\german sperm horse [bangbus] shower .zip.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_de-de_21122d7205c6f5b9\russian hardcore big bondage .mpg.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.789_en-us_58ebf9ecc407e3c0\malaysia porn [free] upskirt .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1288_none_ca3007304990b2ea\chinese horse horse catfight leather (Sonja,Samantha).avi.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_6c6bd34f082a97f1\norwegian xxx cumshot full movie sweet .avi.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_it-it_4c5922428a6f2d08\african gay beast [bangbus] lady .avi.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.84_none_c494b3b28da10665\russian cum cum hidden vagina fishy .zip.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-t..ervices-tsfairshare_31bf3856ad364e35_10.0.19041.1_none_e32b64807ab11fd2\african blowjob catfight glans (Sandy,Christine).mpg.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.928_none_33e0d5558cdd7c61\gang bang lesbian hidden .avi.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_it-it_72a319bf8ee74a9b\canadian cumshot porn voyeur (Gina,Sarah).rar.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_en-us_310bfb76047869ad\beastiality handjob uncut mistress .zip.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Windows\WinSxS\Temp\american nude beastiality girls Ôï .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_10.0.19041.1_none_359f84f8e5af60e2\horse hardcore full movie girly .rar.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Windows\WinSxS\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_10.0.19041.1_none_15ba23b7f1e2b81b\norwegian trambling bukkake full movie high heels .zip.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Windows\InputMethod\SHARED\indian horse [free] ash .mpg.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\black action [milf] gorgeoushorny (Sylvia).avi.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Windows\SoftwareDistribution\Download\asian sperm horse uncut .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_ee7ea14f7d8a3ee3\gay xxx big ash .mpg.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\kicking xxx [milf] .avi.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\indian horse animal several models latex .mpg.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1202_none_d8a1416ab7cccdcf\japanese fetish full movie titts girly .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_en-us_8dd6053a0a5910eb\chinese handjob licking boobs black hairunshaved .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..se-shared-datafiles_31bf3856ad364e35_10.0.19041.1_none_2f5f00d280dce9f6\american action nude public legs 40+ .zip.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1151_none_fbdc4c5f677dc2ec\japanese beast blowjob big ash .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx-aspnet-nonwow64-shared_b03f5f7f11d50a3a_4.0.19041.1_none_d66d07dacac85e2d\tyrkish blowjob [free] swallow (Sandy,Ashley).rar.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Windows\WinSxS\x86_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_10.0.19041.1_none_34e3bab50607a64b\animal sleeping wifey .zip.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_adfc5e0bfca53431\beastiality public .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_es-es_30d7585a049f5b52\danish gang bang masturbation stockings .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_855aff45853749ef\swedish cum lingerie uncut latex .rar.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_de-de_bc04d4fbcc35e12a\malaysia blowjob masturbation .zip.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c3d467c525734eb3\swedish bukkake [free] swallow .avi.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_10.0.19041.1_none_bd731e5b85dd203e\handjob [milf] young .mpg.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\italian kicking hidden blondie (Samantha).avi.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\american sperm trambling public redhair (Jade,Sonja).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.1_none_abfc9db6c377b91f\asian blowjob bukkake big .rar.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_de-de_16bd831fd16633be\lesbian gang bang [milf] feet (Anniston,Sonja).avi.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_8d8f6812a0c99533\norwegian cum public sweet (Christine).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe
"C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe"
C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe
"C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe"
C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe
"C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 178.223.142.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 159.113.53.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 208.236.151.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 135.187.30.210.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 45.162.49.183.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 139.198.126.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.48.164.224.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 120.135.150.134.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 132.220.252.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.57.242.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 245.84.248.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.236.215.213.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 223.153.139.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 219.207.111.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 7.165.27.180.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.197.214.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.4.173.29.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.2.81.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.33.1.85.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.22.28.58.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.43.106.102.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.3.243.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.237.233.31.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 39.47.75.86.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 162.51.82.236.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 214.151.94.148.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 120.144.243.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 115.33.248.230.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.101.211.83.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 243.232.41.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.194.70.153.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 115.185.162.115.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 245.150.47.164.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 45.109.3.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.197.240.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 188.140.104.200.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.174.44.105.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 44.56.175.194.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.34.75.135.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 224.95.146.106.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 199.44.130.231.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 184.18.140.183.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 230.123.188.250.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.87.162.223.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.252.46.29.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 190.2.253.50.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 139.138.153.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 112.215.190.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 231.163.7.50.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.40.197.101.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.120.93.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.179.165.244.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 37.188.1.70.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 220.246.238.31.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 116.65.226.107.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 188.9.245.171.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.183.45.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.174.163.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.33.163.1.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 142.181.73.47.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.175.85.181.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 153.45.76.130.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.163.227.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 208.63.53.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.19.4.137.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.255.25.80.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 224.8.25.100.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 221.50.1.50.in-addr.arpa | udp |
Files
memory/2908-0-0x0000000000400000-0x000000000041E000-memory.dmp
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\horse hidden wifey .mpeg.exe
| MD5 | 2046b373e8f64713deef1a63241fde4c |
| SHA1 | 3be025ed91b4ca51040b0fa293f9360651903436 |
| SHA256 | eeb3e9bf2fd68785e9b3ab771fccdeaadeca9d8590a61f50e46563ac318dfe76 |
| SHA512 | 2210218e0997ddcae85656a8bd9106d68bc8bfe51691bd7cfffddf98d8679de2b92f26875183c118ef918c19318fd2221a69fc8e283729bea194aade279333d4 |
memory/1664-121-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2908-184-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1356-186-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2908-188-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2908-193-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2908-202-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2908-205-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2908-209-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2908-212-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2908-215-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2908-218-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2908-221-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2908-224-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2908-227-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2908-230-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2908-233-0x0000000000400000-0x000000000041E000-memory.dmp