Analysis Overview
SHA256
223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd
Threat Level: Known bad
The file 223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd was found to be: Known bad.
Malicious Activity Summary
UPX dump on OEP (original entry point)
UPX dump on OEP (original entry point)
Detects executables containing possible sandbox analysis VM usernames
Reads user/profile data of web browsers
UPX packed file
Checks computer location settings
Adds Run key to start application
Enumerates connected drives
Drops file in System32 directory
Drops file in Program Files directory
Drops file in Windows directory
Unsigned PE
Enumerates physical storage devices
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-07 19:20
Signatures
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-07 19:20
Reported
2024-04-07 19:23
Platform
win10v2004-20240226-en
Max time kernel
168s
Max time network
174s
Command Line
Signatures
Detects executables containing possible sandbox analysis VM usernames
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\IME\SHARED\lesbian animal [bangbus] cock hairy .mpg.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\fetish kicking [free] (Jade).rar.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\fucking blowjob voyeur nipples sweet .mpg.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\fetish blowjob licking .avi.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\SHARED\african fucking girls 50+ .avi.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\nude action sleeping hairy .mpg.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\american horse uncut (Sandy,Ashley).avi.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\horse full movie young (Christine).mpg.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\porn action hot (!) circumcision .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\lesbian trambling lesbian .mpg.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Windows\System32\LogFiles\Fax\Incoming\asian blowjob horse catfight penetration .avi.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\chinese animal bukkake [free] .zip.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\danish lesbian [milf] legs .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\spanish xxx porn catfight traffic (Christine).zip.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\cumshot [free] upskirt (Britney,Curtney).rar.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\malaysia beast animal masturbation redhair .mpg.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\norwegian gang bang sleeping boobs granny (Sonja).mpg.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\malaysia xxx lesbian nipples ejaculation (Jenna,Sarah).avi.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\beast full movie (Karin,Kathrin).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\asian beast fetish big circumcision .zip.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Program Files\Microsoft Office\Updates\Download\danish lesbian lesbian uncut circumcision .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Microsoft Shared\horse gay lesbian penetration .avi.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\Download\japanese sperm beastiality public feet .avi.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\brasilian bukkake masturbation circumcision (Jenna).zip.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Program Files\dotnet\shared\gay cumshot girls glans circumcision (Ashley).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Templates\american nude masturbation (Christine).zip.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\porn beastiality masturbation granny .avi.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Shared Gadgets\french cum animal [bangbus] .rar.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\french horse blowjob [free] ash hotel (Gina,Britney).avi.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\lesbian licking .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedrealitysvc_31bf3856ad364e35_10.0.19041.1_none_5a23b464e1e0b15e\american kicking sleeping .rar.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_10.0.19041.1_none_0341fea186758116\tyrkish horse sperm [milf] fishy .zip.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_f8d34ba1b1eb00de\tyrkish hardcore voyeur (Janette).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Windows\SoftwareDistribution\Download\porn girls castration .avi.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-m..ineshared.resources_31bf3856ad364e35_10.0.19041.1_en-us_99ddc8ce8d3d6dac\horse animal [bangbus] nipples leather (Sonja).mpg.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_57eddd48e7a74274\gay kicking [free] cock 40+ (Sylvia,Gina).zip.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_10.0.19041.1_none_4ac6500cab2b2113\lingerie porn girls ash boots .avi.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Windows\InputMethod\SHARED\british cumshot kicking girls circumcision (Christine).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\indian beastiality masturbation .avi.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.867_none_c29826784f9429f8\american action fetish [free] feet .mpg.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_89c0bf1761110f07\brasilian hardcore horse licking .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_es-es_8da1621e0a800290\sperm licking shower .avi.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\gay hot (!) cock leather .mpg.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Windows\SoftwareDistribution\Download\SharedFileCache\italian sperm catfight legs ash (Kathrin).rar.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-m..ineshared.resources_31bf3856ad364e35_10.0.19041.1_en-us_a4327320c19e2fa7\russian nude several models YEâPSè& .zip.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-security-ntlmshared_31bf3856ad364e35_10.0.19041.1_none_7d9dab4e456449b1\lesbian sperm [bangbus] boobs .zip.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_5abbd3c4a3f2014c\animal horse uncut .mpg.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_10.0.19041.1_none_91025638be651781\indian beastiality several models .rar.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_6c6bd34f082a97f1\beastiality [bangbus] circumcision .mpg.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.844_none_67b5915b5651dd8a\black blowjob public nipples .zip.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_5af076e0a3cb0fa7\cumshot [free] high heels (Sonja).avi.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_it-it_bdb6c49fcea35732\bukkake full movie circumcision .avi.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx4-installsqlstatetemplate_sql_b03f5f7f11d50a3a_4.0.15805.0_none_7636d1cd418015c8\danish gang bang xxx public .mpg.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_8d8f6812a0c99533\hardcore kicking masturbation boots .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\african trambling trambling big shower .avi.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\porn [bangbus] redhair .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.746_none_a06b29f6c4bab99e\tyrkish gay voyeur .rar.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Windows\WinSxS\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_10.0.19041.1_none_15ba23b7f1e2b81b\brasilian beastiality uncut ash .rar.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_833abdc06c68d338\danish horse lesbian pregnant (Tatjana,Ashley).zip.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_10.0.19041.1_none_8c0b126c198fcf70\beast cumshot masturbation (Gina,Britney).rar.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedrealitysvc_31bf3856ad364e35_10.0.19041.746_none_822bf1ada1526fa8\black hardcore girls high heels .avi.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_7860bee9439c3ae7\danish handjob girls black hairunshaved .zip.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_2fe79eae2833b9b1\malaysia animal girls young .rar.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.1_none_fa09f84703cb02c5\swedish porn public .zip.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-w..acejoin-gptemplates_31bf3856ad364e35_10.0.19041.1_none_609f27436445f4da\animal horse [bangbus] lady (Ashley,Britney).mpg.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_67a96afcfa248327\brasilian hardcore gay sleeping sm (Ashley,Kathrin).mpg.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-composable-sharepicker_31bf3856ad364e35_10.0.19041.1_none_c87e96327faffd0e\action horse licking .zip.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d38ece58f77171b4\danish lingerie lesbian nipples 50+ (Karin).avi.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_10.0.19041.1_none_c513167c1d0a90dd\handjob animal sleeping balls .rar.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Windows\WinSxS\msil_microsoft.powershel..filedownloadmanager_31bf3856ad364e35_10.0.19041.1_none_cb69bad627df9263\black fucking catfight circumcision (Tatjana).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_6c85d64de79e0985\tyrkish blowjob catfight mistress .mpg.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_de-de_e4e52f411b7b0526\canadian horse blowjob hidden boobs .mpg.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_ca03036af4a5017e\american nude bukkake masturbation blondie (Anniston).rar.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5021dd18efc0460c\british beast [bangbus] YEâPSè& (Sarah,Melissa).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_f3b35d713ce0fc7f\beastiality big hairy .avi.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_it-it_4c5922428a6f2d08\spanish cumshot horse hidden nipples hotel .zip.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_de-de_881b257d159a5de8\british hardcore gang bang uncut feet shoes .rar.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..ces-ime-eashared-lm_31bf3856ad364e35_10.0.19041.1_none_3d0229d17c310f10\xxx kicking licking .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-s..mon-sharedresources_31bf3856ad364e35_10.0.19041.1_none_5417ea1f38dbb76b\action kicking full movie ash hotel (Gina,Curtney).mpg.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1288_none_6115038ba57fcb33\spanish xxx big castration .avi.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\russian sperm bukkake public sm (Gina,Melissa).mpg.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Windows\SystemResources\Windows.UI.ShellCommon\SharePickerUI\trambling [milf] (Sonja).zip.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..ces-ime-eashared-lm_31bf3856ad364e35_10.0.19041.1_none_4756d423b091d10b\canadian fucking trambling lesbian (Ashley).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_fad1fa0072ef4a3a\british lingerie sleeping cock boots (Curtney,Ashley).avi.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.1_none_b201c2e68d8dbc0d\beast public ash .zip.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_10.0.19041.1_none_de1581e9a275faf8\fetish lesbian licking legs fishy .mpg.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_10.0.19041.1_none_bd731e5b85dd203e\canadian hardcore [milf] .rar.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_a4f93129c473df49\black porn licking ash .mpg.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.906_none_f962ab5f47e1e896\asian cum masturbation blondie .avi.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1_none_0b596e2a33be7d4c\lingerie girls glans (Melissa).mpg.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_8fafa997b9980bea\italian lesbian licking .avi.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_d58d4747b1d5988c\black fucking licking .zip.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_07787dd7ae0cf4f6\porn beast [bangbus] .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_10.0.19041.1_none_359f84f8e5af60e2\british kicking hot (!) (Tatjana,Tatjana).mpg.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe
"C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe"
C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe
"C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe"
C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe
"C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe"
C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe
"C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe"
Network
| Country | Destination | Domain | Proto |
| US | 138.91.171.81:80 | tcp | |
| US | 8.8.8.8:53 | 79.121.231.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.118.77.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 159.113.53.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 93.65.42.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.167.197.111.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.238.38.70.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.32.61.110.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.167.46.11.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.196.71.239.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.151.37.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.87.143.120.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 109.142.69.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.60.131.224.in-addr.arpa | udp |
Files
memory/2964-0-0x0000000000400000-0x0000000000429000-memory.dmp
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\malaysia beast animal masturbation redhair .mpg.exe
| MD5 | 8239647316019ec99ad75e72025105e4 |
| SHA1 | afe81005e0b64aaead84f7d5dc4032e05d95db24 |
| SHA256 | 572e50a68aaa63d5433f4a8675590487722a8926eb21c185de6d21f1d1f9cacb |
| SHA512 | c5dc8879105d6348c302df75d8276f55e45dacba2a6b151d3b9793fbbd6ed30675f17ef342add3cf96e33f7d0b0056fd38c01b42775a90c8fb54a2071b8b4e67 |
memory/1088-12-0x0000000000400000-0x0000000000429000-memory.dmp
memory/3328-33-0x0000000000400000-0x0000000000429000-memory.dmp
memory/3804-35-0x0000000000400000-0x0000000000429000-memory.dmp
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-07 19:20
Reported
2024-04-07 19:22
Platform
win7-20231129-en
Max time kernel
150s
Max time network
146s
Command Line
Signatures
Detects executables containing possible sandbox analysis VM usernames
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\config\systemprofile\japanese cumshot blowjob several models pregnant (Sonja,Sarah).rar.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\indian cumshot beast [free] (Melissa).mpg.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\shared\tyrkish fetish horse full movie castration .avi.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\tyrkish animal fucking public 50+ .rar.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\beast big sweet .rar.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\hardcore hidden (Janette).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Windows\System32\LogFiles\Fax\Incoming\beast sleeping sm (Sandy,Sarah).zip.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\japanese gang bang blowjob full movie (Jade).avi.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\beast hot (!) glans bondage (Sarah).zip.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\shared\brasilian cumshot trambling lesbian .zip.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\DVD Maker\Shared\swedish beastiality lesbian uncut .mpg.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\Download\danish gang bang horse [bangbus] (Tatjana).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\sperm full movie glans (Gina,Curtney).mpg.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Shared Gadgets\lingerie [free] wifey .zip.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\american gang bang sperm full movie redhair .avi.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\microsoft shared\fucking several models redhair .mpg.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\american nude fucking [milf] .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\brasilian porn trambling hidden 50+ .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\black kicking blowjob licking traffic .avi.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\hardcore licking beautyfull .zip.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\lesbian licking shoes (Gina,Janette).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Program Files\Windows Journal\Templates\italian beastiality blowjob lesbian hotel .rar.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\indian horse fucking [free] hole .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\japanese animal lingerie masturbation .zip.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\gay [bangbus] .avi.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\trambling big granny (Sonja,Karin).rar.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_6f0f7833cb71e18d\british lingerie girls titts ash (Melissa).rar.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_en-us_00f45b041e1e8fd3\canadian hardcore several models stockings .zip.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_es-es_00bfb7e81e458178\japanese handjob lesbian sleeping hole sm .avi.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0ac4ebfc358e5ec0\brasilian animal blowjob masturbation hotel .avi.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_dba3691c6002e10e\british fucking public hole .avi.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_7bfdfb15e7184c41\cum xxx several models cock latex .rar.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Windows\PLA\Templates\brasilian porn bukkake several models hole (Christine,Liz).mpg.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_aea650787d30ed8a\swedish porn sperm lesbian feet (Jenna,Curtney).rar.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_05ea1d9b8e2bf020\malaysia fucking licking cock (Jenna,Tatjana).zip.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\fucking hot (!) glans wifey .mpg.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8c6fc5a7aa8c435d\beast licking feet upskirt (Melissa).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8d9f242de8497d58\nude gay sleeping .avi.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_9498b282333b64ec\porn xxx voyeur 40+ .rar.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\hardcore several models latex .avi.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-m..-temptable-provider_31bf3856ad364e35_6.1.7600.16385_none_1dd3ce8d1e7524cd\fucking [bangbus] traffic (Kathrin,Liz).avi.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_16a2bb1dbab1c595\kicking horse girls .mpg.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_657d9a203abeb154\british sperm several models feet sweet (Karin).avi.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_94828572f7ddbf0f\horse blowjob catfight ìï .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\trambling girls cock .mpg.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\horse lesbian .zip.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\fucking lesbian cock stockings (Curtney).rar.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\gay masturbation titts .rar.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_293ea1e3e6bc5364\hardcore [milf] feet ejaculation (Curtney).zip.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_99b74194b7347cab\malaysia lesbian full movie fishy (Britney,Tatjana).avi.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_095efe9c8261401e\italian cum beast hot (!) titts fishy .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\fucking hot (!) cock Ôë (Karin).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Windows\assembly\tmp\tyrkish beastiality blowjob [milf] (Curtney).rar.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\hardcore lesbian .rar.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_d81c96999f75bd77\german xxx voyeur upskirt (Jenna,Jade).zip.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ea4a469ab7713182\kicking sperm girls hole .rar.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_a945e2c500c90142\black nude gay lesbian YEâPSè& .mpg.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Windows\assembly\temp\trambling licking black hairunshaved (Britney,Liz).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_1412267f4b3bb985\cumshot trambling hot (!) hole redhair (Liz).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_60a2cbbf935c42b4\african sperm [bangbus] (Tatjana).zip.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_39c9d74ef2ad6c7b\german trambling uncut (Janette).avi.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8bc7919d3f36cee7\chinese horse catfight mature .rar.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_60c2504d62fd4f0e\fetish gay lesbian .rar.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Windows\winsxs\InstallTemp\horse masturbation black hairunshaved (Sonja,Sylvia).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_6.1.7600.16385_none_2958d4a31d2ec64f\german lingerie sleeping cock shoes .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\Downloads\brasilian animal xxx [milf] .zip.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Windows\security\templates\japanese cumshot bukkake hidden hole .zip.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b4aea777fe683838\nude fucking [bangbus] redhair .zip.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_f0ca3430257ea13f\american cum hardcore hot (!) glans .mpg.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\danish animal xxx masturbation glans boots .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_387a16fe7addf3b6\lesbian uncut cock .rar.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_6.1.7600.16385_none_49dd84a06c7c8863\trambling catfight feet ash .avi.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_it-it_18a6fde3093acac7\asian horse catfight titts ejaculation .zip.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_6.1.7600.16385_none_5499606faffb3f9f\chinese xxx girls feet balls .zip.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\tyrkish animal hardcore [bangbus] gorgeoushorny .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0993a1b8823a4e79\chinese trambling hidden beautyfull .rar.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Windows\SoftwareDistribution\Download\japanese cumshot blowjob catfight (Tatjana).avi.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5d9f7d70ed4643fd\sperm full movie hole (Jenna,Samantha).zip.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_de-de_5803850b2f40840e\tyrkish cumshot lesbian licking .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ac16749b75335680\kicking lesbian masturbation blondie .avi.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\danish handjob sperm big cock circumcision (Tatjana).mpg.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_6.1.7600.16385_none_a727eb798dcfb185\swedish cum horse uncut lady .avi.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Windows\winsxs\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_79642285ffd2a388\animal lingerie catfight (Sarah).mpg.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_3c93ac15fd731acf\hardcore sleeping shoes (Anniston,Sarah).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_5e4ff1f4cf2dee9b\canadian sperm [milf] cock redhair .avi.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\Downloads\fucking hot (!) glans blondie .zip.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e30b5ec05031d17d\porn hardcore voyeur hole .zip.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\tyrkish fetish beast lesbian cock (Jenna,Jade).avi.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_00225053e03f4c04\beast girls .avi.exe | C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe
"C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe"
C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe
"C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe"
C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe
"C:\Users\Admin\AppData\Local\Temp\223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 66.193.31.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 12.2.14.197.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 94.254.1.220.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.6.102.85.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.3.64.165.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 7.112.132.200.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 250.162.217.176.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.227.40.212.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 243.218.204.15.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.213.8.71.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.85.72.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.15.186.213.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 93.56.148.146.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.82.210.41.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 222.194.165.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 39.151.124.110.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.210.81.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.197.160.253.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 116.106.54.194.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 44.196.123.101.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.104.62.113.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.219.177.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 62.246.68.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 165.160.105.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.134.218.55.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 207.4.191.25.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.210.8.170.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 177.6.69.58.in-addr.arpa | udp |
Files
memory/836-0-0x0000000000400000-0x0000000000429000-memory.dmp
C:\Program Files\Windows Sidebar\Shared Gadgets\lingerie [free] wifey .zip.exe
| MD5 | 4ab761d5e57ed38d44c6041f0127e58e |
| SHA1 | 8e1fbe6d54bd32d52c4633cb534bdff5eedf5058 |
| SHA256 | 4fe9220b5ac9b953e54adf91dd54476c68bd21a43e1853619ef0d9f31d7fafe5 |
| SHA512 | 57eedfadfab19014760336afa920aa4080b984bcc3c1e3fa5ec77741ca1e65bb54f167f1e4c95c99f3e7fa5742ab4e05d4f8bfe4c258ab08c76f40212e46fa83 |
memory/836-77-0x0000000004CD0000-0x0000000004CF9000-memory.dmp
memory/2516-78-0x0000000000400000-0x0000000000429000-memory.dmp
memory/2516-87-0x00000000045D0000-0x00000000045F9000-memory.dmp
memory/2904-88-0x0000000000400000-0x0000000000429000-memory.dmp