Analysis Overview
SHA256
2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b
Threat Level: Known bad
The file 2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b was found to be: Known bad.
Malicious Activity Summary
UPX dump on OEP (original entry point)
UPX dump on OEP (original entry point)
Detects executables containing possible sandbox analysis VM usernames
UPX packed file
Reads user/profile data of web browsers
Checks computer location settings
Adds Run key to start application
Enumerates connected drives
Drops file in System32 directory
Drops file in Program Files directory
Drops file in Windows directory
Enumerates physical storage devices
Unsigned PE
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-07 19:22
Signatures
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-07 19:22
Reported
2024-04-07 19:25
Platform
win7-20240215-en
Max time kernel
150s
Max time network
149s
Command Line
Signatures
Detects executables containing possible sandbox analysis VM usernames
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\IME\shared\tyrkish action trambling hidden .avi.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\russian horse horse girls lady .rar.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\russian horse bukkake masturbation latex (Sandy,Janette).avi.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\chinese beast full movie .mpg.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\swedish cum hardcore sleeping (Jade).rar.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\japanese fetish lingerie hot (!) .mpg.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\swedish beastiality lingerie [free] (Samantha).rar.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\shared\danish animal bukkake [bangbus] boots .avi.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Windows\System32\LogFiles\Fax\Incoming\xxx public granny .mpg.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\tyrkish horse bukkake big penetration .avi.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Google\Update\Download\cum xxx masturbation leather .avi.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\bukkake [bangbus] .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\italian action xxx uncut glans .rar.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Program Files\Windows Journal\Templates\trambling girls shower .avi.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Shared Gadgets\brasilian nude fucking public lady .mpg.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\indian handjob sperm [free] titts ìï (Sylvia).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\japanese beastiality lingerie masturbation hole young .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Program Files\DVD Maker\Shared\bukkake lesbian (Tatjana).rar.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\microsoft shared\horse [free] hole blondie .rar.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\russian cumshot sperm hot (!) swallow .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\danish cumshot xxx full movie (Samantha).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\danish nude blowjob [bangbus] hole granny (Tatjana).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\gay catfight feet hotel (Melissa).zip.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\swedish kicking bukkake [milf] hole latex .avi.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\american gang bang bukkake [milf] cock .mpg.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_en-us_00f45b041e1e8fd3\british sperm catfight .rar.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_6.1.7600.16385_none_af6f98ff87b0e3cc\russian gang bang blowjob girls feet .zip.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_39374e2435a71b47\blowjob hidden (Melissa).rar.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_aedaf3947d09fbe5\malaysia sperm hidden stockings .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\japanese cum blowjob sleeping sweet (Kathrin,Sylvia).mpg.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\Downloads\danish kicking trambling sleeping .zip.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5d6ada54ed6d35a2\lesbian catfight upskirt .mpg.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_60c2504d62fd4f0e\danish kicking gay [milf] feet .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_387a16fe7addf3b6\indian porn hardcore hot (!) (Curtney).rar.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_94ab98ac6d213009\action gay hot (!) hole ash .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Windows\Downloaded Program Files\indian kicking gay full movie (Jade).rar.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\blowjob big cock (Sandy,Sylvia).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05\norwegian blowjob public glans castration (Liz).rar.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_d81c96999f75bd77\kicking beast sleeping 40+ (Kathrin,Sarah).mpg.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Windows\assembly\tmp\italian horse lesbian several models glans penetration .mpg.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f25d066604c2ad34\kicking hardcore [milf] feet (Sandy,Sarah).avi.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Windows\winsxs\Temp\russian gang bang xxx licking .rar.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\tyrkish animal trambling girls hole mistress .mpg.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\tyrkish horse sperm [milf] glans .rar.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\beast licking redhair .avi.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_00225053e03f4c04\swedish nude hardcore girls shower .avi.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_aea650787d30ed8a\hardcore [milf] (Tatjana).zip.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\Downloads\russian handjob lesbian licking shoes .avi.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_f3c374fc18118ca2\japanese gang bang lingerie [milf] cock shower .zip.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_1412267f4b3bb985\danish beastiality gay hot (!) cock penetration .mpg.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_9498b282333b64ec\nude blowjob hidden girly .mpg.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_dba3691c6002e10e\french lesbian public .avi.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_a945e2c500c90142\french fucking public .zip.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_965db382b6fef5cb\african beast voyeur ìï .rar.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_d8216ed3d8746200\african sperm lesbian feet shower .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0835101f2d90c7b6\canadian sperm licking glans blondie .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_6.1.7600.16385_none_6377027f0030a06a\swedish handjob lesbian catfight young (Sandy,Sylvia).zip.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_4fe2107fd06efdd8\asian trambling sleeping .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_6.1.7600.16385_none_49dd84a06c7c8863\kicking lesbian [milf] hole redhair (Janette).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8bfc34b93f0fdd42\beast full movie cock gorgeoushorny .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\black handjob gay masturbation mistress .rar.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\horse masturbation hole .zip.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_it-it_18a6fde3093acac7\horse sperm licking young (Sonja,Janette).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Windows\PLA\Templates\danish cumshot trambling sleeping cock pregnant .mpg.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8d9f242de8497d58\cum lesbian big glans .rar.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0993a1b8823a4e79\nude bukkake [free] gorgeoushorny .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_es-es_00bfb7e81e458178\norwegian trambling public swallow .zip.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\trambling catfight mistress .mpg.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\lesbian full movie hole (Sonja,Liz).avi.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_94828572f7ddbf0f\gang bang horse uncut feet boots (Karin).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_6208b91f46896156\action lesbian masturbation titts 50+ .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_c26c5b8280c6af34\british lingerie [bangbus] .avi.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\tyrkish action gay uncut latex (Kathrin,Sylvia).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_99b74194b7347cab\fetish sperm catfight glans mature (Tatjana).zip.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_963e6ae24c653bfe\cumshot horse several models cock .zip.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\danish beastiality lingerie several models titts high heels (Liz).rar.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_16a2bb1dbab1c595\british xxx big (Samantha).zip.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ac16749b75335680\french horse full movie (Tatjana).mpg.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_2e7f079c3208e549\beast several models .mpg.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Windows\winsxs\InstallTemp\horse xxx uncut glans high heels (Tatjana).zip.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_cd2006602e5ee22e\tyrkish cum gay full movie ash .avi.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_05ea1d9b8e2bf020\swedish kicking xxx voyeur .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_515dc677700303ec\spanish gay masturbation .mpg.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_dd18b2a07d49aa11\spanish bukkake lesbian cock ìï (Melissa).zip.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Windows\assembly\temp\indian fetish horse sleeping leather .zip.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e30b5ec05031d17d\beastiality lingerie licking glans .rar.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ad7c61fb28607522\japanese porn beast voyeur .mpg.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_6f0f7833cb71e18d\trambling big (Janette).zip.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0af98f1835676d1b\cum xxx hidden .zip.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe
"C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe"
C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe
"C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe"
C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe
"C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 174.177.156.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.139.215.12.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.50.44.253.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.196.2.126.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 54.120.208.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 184.122.205.169.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.15.231.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 190.73.94.144.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 207.95.118.42.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.82.48.245.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 164.165.123.213.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 127.121.248.176.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.238.85.153.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.40.244.174.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 45.104.84.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.105.38.180.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.10.27.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 127.154.229.208.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.137.108.6.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 176.113.118.41.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.248.30.98.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.239.90.75.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.140.30.68.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 44.22.180.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.79.46.57.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.235.129.28.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 153.83.212.143.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.139.100.134.in-addr.arpa | udp |
Files
memory/2896-0-0x0000000000400000-0x000000000041E000-memory.dmp
C:\Program Files\Windows Sidebar\Shared Gadgets\brasilian nude fucking public lady .mpg.exe
| MD5 | 2739f0b9b3ebd4ebd373471710651af2 |
| SHA1 | 2c1f6b717677bf163483df14cdf8bdb7857f5656 |
| SHA256 | d567617e2b8446cf4f49fc791b07fad884f70933c63317f2569dbdeb657fb725 |
| SHA512 | 3ca5c958a912a520a9b7ccd87d4b30539e057acdd6da9dd0d0ae73f2624d772169c68566954de11d32a8e6bd5ac9af09aebeecff5fbe90c69a743fbc1e3a5f73 |
memory/2896-68-0x0000000005390000-0x00000000053AE000-memory.dmp
memory/2332-69-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2652-91-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2332-90-0x0000000004590000-0x00000000045AE000-memory.dmp
memory/2896-95-0x0000000000400000-0x000000000041E000-memory.dmp
C:\debug.txt
| MD5 | 17d55eb7544df25c0c804034d5eb4cb4 |
| SHA1 | da4de13868a3e9b37fa8974667c6e8cd715431e5 |
| SHA256 | 2a295f3e7a3b780ce43f83c4927931ce1899c8f10958c71098ba249049389e5d |
| SHA512 | 244f90e6410a4a9cf4bc897f9b0de16a8e5533c3849e8660c8dde33f7a70d358a41cd8994bb48c82289f92cdd46397f3e8e499317fb1a60b9ceaa99b3afc7860 |
memory/2332-104-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2652-105-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2896-106-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2896-109-0x0000000005390000-0x00000000053AE000-memory.dmp
memory/2896-110-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2896-113-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2896-116-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2896-121-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2896-124-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2896-127-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2896-130-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2896-133-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2896-136-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2896-139-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2896-142-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2896-145-0x0000000000400000-0x000000000041E000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-07 19:22
Reported
2024-04-07 19:25
Platform
win10v2004-20240226-en
Max time kernel
150s
Max time network
151s
Command Line
Signatures
Detects executables containing possible sandbox analysis VM usernames
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\IME\SHARED\asian porn [milf] (Kathrin,Tatjana).mpg.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\SHARED\bukkake big .zip.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\horse horse masturbation boobs upskirt .rar.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\cum [bangbus] mature .zip.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\indian porn full movie legs (Sarah).rar.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Windows\System32\LogFiles\Fax\Incoming\canadian lingerie fucking uncut (Tatjana).mpg.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\danish blowjob cumshot [free] vagina .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\beastiality fucking lesbian (Liz).rar.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\danish animal cumshot lesbian ash 40+ (Anniston,Gina).mpg.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\hardcore voyeur nipples .avi.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\russian kicking public hole .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\japanese action licking ¼ë .mpg.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\african horse voyeur redhair (Kathrin).zip.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\chinese hardcore full movie redhair (Karin,Jenna).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\fucking lesbian vagina high heels .avi.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\italian nude catfight granny .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\lingerie big .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Templates\porn porn licking ¼ë .rar.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\gang bang full movie ash shower .avi.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\Download\swedish cumshot [bangbus] cock .zip.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Program Files\dotnet\shared\cumshot nude masturbation mature .avi.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Program Files\Microsoft Office\Updates\Download\french kicking animal licking feet YEâPSè& .zip.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\danish porn fucking masturbation .mpg.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\norwegian kicking catfight ΋ .zip.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\german trambling cumshot lesbian femdom .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Microsoft Shared\american horse masturbation .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\chinese horse catfight vagina traffic .mpg.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\porn [milf] leather .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\british trambling fetish [bangbus] mistress .rar.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Shared Gadgets\german fucking nude masturbation (Kathrin).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_es-es_64c107d8bb3ade94\chinese fetish catfight blondie (Jenna,Britney).rar.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_10.0.19041.1_none_91025638be651781\italian kicking voyeur mature (Anniston,Curtney).avi.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_6242879b1c08046f\norwegian action gay voyeur .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\black nude trambling licking nipples hotel .avi.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Windows\SystemResources\Windows.ShellCommon.SharedResources\spanish blowjob sperm girls boobs .mpg.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_f3b35d713ce0fc7f\beast trambling licking glans .rar.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.1_none_a80cea873b2a6772\swedish beast voyeur glans .mpg.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_10.0.19041.1_none_a3d9a07cf2290837\french trambling several models swallow .rar.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_10.0.19041.1_none_01240756137c3159\british kicking voyeur .avi.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx4-_dataperfcou.._shared12_neutral_h_b03f5f7f11d50a3a_4.0.15805.0_none_24ed4511dcc3019e\lesbian hidden (Jade,Melissa).avi.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Windows\mssrv.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_10.0.19041.1_none_de1581e9a275faf8\indian sperm big castration (Sonja,Sandy).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_9aa486d790131d4e\handjob [bangbus] feet .avi.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_10.0.19041.746_none_292c449ed2edefa3\american porn beastiality several models glans 40+ (Janette,Kathrin).avi.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_de-de_e4e52f411b7b0526\nude animal catfight bondage (Christine).avi.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_10.0.19041.1_none_551afa5edf8be30e\asian cum girls boobs blondie (Gina,Liz).zip.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\indian cumshot cum big vagina balls (Janette).avi.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.789_en-us_58ebf9ecc407e3c0\lesbian lesbian uncut (Sandy,Gina).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_it-it_1a80ce63d483fe70\nude girls (Anniston).rar.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_1bbb9ab9fc52bac9\beastiality licking black hairunshaved .mpg.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_2fe79eae2833b9b1\indian fucking fetish big beautyfull (Jenna,Sylvia).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_10.0.19041.1_none_ee94ce5eb8e7e4c0\horse trambling hot (!) upskirt (Jenna,Curtney).zip.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\swedish xxx beast [milf] feet .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\malaysia beast girls upskirt .rar.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.746_none_d01527cffa9c25bc\gay [bangbus] .mpg.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.1_none_fa09f84703cb02c5\cumshot hidden .avi.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..se-shared-datafiles_31bf3856ad364e35_10.0.19041.1_none_2f5f00d280dce9f6\british blowjob trambling hidden redhair (Samantha).rar.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_bfae5918c0443f83\trambling porn masturbation .rar.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_10.0.19041.1_none_ae957c4c35a7bf73\chinese porn lingerie sleeping nipples traffic .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1_none_97e9c0335b4cd39a\asian horse [milf] nipples granny .mpg.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_fe0807c37141be7a\horse [free] hole wifey (Anniston).rar.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.964_none_1c1a193f5bfcf136\gang bang blowjob big cock shower (Sandy).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedrealitysvc_31bf3856ad364e35_10.0.19041.1_none_5a23b464e1e0b15e\russian hardcore kicking masturbation legs .rar.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-update-upshared_31bf3856ad364e35_10.0.19041.1151_none_025296d718a7b3a8\french kicking public ash high heels .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Windows\WinSxS\x86_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_10.0.19041.1_none_34e3bab50607a64b\french trambling action [milf] cock stockings (Sylvia,Jenna).avi.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.928_none_33e0d5558cdd7c61\italian cumshot lesbian balls (Samantha).mpg.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.1_none_f42978969c79336a\sperm voyeur blondie .avi.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_en-us_e5f85095c4bc5d16\swedish cumshot voyeur cock femdom (Jenna,Kathrin).rar.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-security-ntlmshared_31bf3856ad364e35_10.0.19041.1_none_734900fc110387b6\fetish porn hidden .zip.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_3058d81cfd5218f2\chinese sperm horse [bangbus] sweet .zip.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_fad1fa0072ef4a3a\norwegian kicking lesbian hot (!) ash (Sonja).rar.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_10.0.19041.1_none_965fbcbe4df0916b\british blowjob trambling hot (!) .rar.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-sx-shared_31bf3856ad364e35_10.0.19041.1_none_f8e978b0ed48a6bb\porn several models redhair (Britney,Gina).avi.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..ces-ime-eashared-lm_31bf3856ad364e35_10.0.19041.1_none_3d0229d17c310f10\african xxx lesbian big latex (Janette,Sonja).zip.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Windows\WinSxS\x86_netfx4-installsqlstatetemplate_sql_b03f5f7f11d50a3a_4.0.15805.0_none_bde408a455fc3ece\norwegian gang bang beast full movie gorgeoushorny .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_it-it_56adcc94becfef03\malaysia beast [free] latex .rar.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\brasilian fucking gang bang several models (Karin,Janette).zip.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.572_none_cf90e12518baac85\xxx lesbian feet ash (Liz,Liz).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1_none_3cfd44d351b1a8ab\cumshot [free] circumcision .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_en-us_64f5aaf4bb13ecef\porn action uncut gorgeoushorny (Ashley).mpg.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_10.0.19041.1_none_c513167c1d0a90dd\danish animal [milf] .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-t..ervices-tsfairshare_31bf3856ad364e35_10.0.19041.1_none_e32b64807ab11fd2\swedish blowjob lingerie hidden hole Ôï .rar.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.84_none_81616275259e37fe\german bukkake full movie pregnant .rar.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_855aff45853749ef\swedish hardcore hardcore lesbian lady .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1202_none_d8a1416ab7cccdcf\spanish trambling lingerie licking (Samantha).zip.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_fd7349c396c417ae\nude several models (Sarah,Janette).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1288_none_56c05939711f0938\german hardcore beast sleeping titts balls .rar.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_it-it_f1a0741e853eda74\nude animal voyeur bedroom .zip.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.84_none_c494b3b28da10665\nude hot (!) bedroom .zip.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-w..acejoin-gptemplates_31bf3856ad364e35_10.0.19041.1_none_609f27436445f4da\trambling fucking hot (!) penetration .zip.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx4-_dataoraclec.._shared12_neutral_h_b03f5f7f11d50a3a_4.0.15805.0_none_3b8d4dacc2ea6b71\cum beastiality girls .zip.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_10.0.19041.1_none_096bb4dc0d5d63a0\german action cumshot lesbian shoes .zip.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedrealitysvc_31bf3856ad364e35_10.0.19041.746_none_822bf1ada1526fa8\japanese gay girls black hairunshaved .zip.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_8fafa997b9980bea\gay sperm hot (!) .avi.exe | C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe
"C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe"
C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe
"C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe"
C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe
"C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe"
C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe
"C:\Users\Admin\AppData\Local\Temp\2342142f2dfff7a8968deb05c97ea98717197a67d5c65c192ef60c26ede5094b.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.118.77.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.96.78.123.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 87.160.170.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 208.37.217.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 109.50.247.247.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.18.46.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.189.4.244.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.48.50.124.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.153.221.81.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 124.178.217.244.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.51.78.90.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 201.120.241.145.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.171.171.130.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.243.1.239.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.35.61.149.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.222.213.47.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.193.143.90.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.174.157.1.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.50.236.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 167.72.125.195.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.236.77.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.118.222.53.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.232.171.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 246.243.119.42.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.26.171.228.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 176.177.11.119.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 147.35.202.166.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.96.97.55.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 118.246.197.116.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 191.181.134.98.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 168.117.252.63.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.84.128.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.160.177.127.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.164.87.244.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.90.78.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.236.121.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 189.218.78.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 160.177.197.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.111.113.248.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 181.115.207.22.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.89.175.63.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 142.187.127.153.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 115.161.104.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.165.52.235.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 85.84.108.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 63.136.219.252.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.107.67.6.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 221.253.44.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 176.207.176.1.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.44.2.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 61.109.87.122.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 93.220.176.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.233.49.229.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.78.28.123.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 159.231.7.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.243.236.38.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.154.194.222.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 39.118.39.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.173.189.20.in-addr.arpa | udp |
Files
memory/3920-0-0x0000000000400000-0x000000000041E000-memory.dmp
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\porn [milf] leather .mpeg.exe
| MD5 | fc501d60de978e826b52494e83f9cc0f |
| SHA1 | 2fd651d273490391e21e4a6dedab5a7e01b90e1a |
| SHA256 | 5bfeb50b2593ef710ac9156d2ff588bb3117eaf4b917b2cb14001765fc358a62 |
| SHA512 | 2fbce098152c61699a31147e587fa948f95af2b29de0488b37c191e0c2c6ac3b4d97b3ab835e9701c4a15378f23cada2dd75affd88f271cfcae8072cdf1e40fd |
memory/1096-71-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2952-156-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2504-157-0x0000000000400000-0x000000000041E000-memory.dmp
memory/3920-181-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1096-182-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2504-184-0x0000000000400000-0x000000000041E000-memory.dmp
memory/3920-186-0x0000000000400000-0x000000000041E000-memory.dmp
memory/3920-187-0x0000000000400000-0x000000000041E000-memory.dmp
memory/3920-193-0x0000000000400000-0x000000000041E000-memory.dmp
memory/3920-203-0x0000000000400000-0x000000000041E000-memory.dmp
memory/3920-207-0x0000000000400000-0x000000000041E000-memory.dmp
memory/3920-212-0x0000000000400000-0x000000000041E000-memory.dmp
memory/3920-216-0x0000000000400000-0x000000000041E000-memory.dmp
memory/3920-220-0x0000000000400000-0x000000000041E000-memory.dmp
memory/3920-224-0x0000000000400000-0x000000000041E000-memory.dmp
memory/3920-228-0x0000000000400000-0x000000000041E000-memory.dmp
memory/3920-232-0x0000000000400000-0x000000000041E000-memory.dmp
memory/3920-236-0x0000000000400000-0x000000000041E000-memory.dmp
memory/3920-240-0x0000000000400000-0x000000000041E000-memory.dmp
memory/3920-244-0x0000000000400000-0x000000000041E000-memory.dmp