Analysis Overview
SHA256
41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41
Threat Level: Known bad
The file 41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41 was found to be: Known bad.
Malicious Activity Summary
UPX dump on OEP (original entry point)
UPX dump on OEP (original entry point)
Detects executables containing possible sandbox analysis VM usernames
Checks computer location settings
Reads user/profile data of web browsers
UPX packed file
Adds Run key to start application
Enumerates connected drives
Drops file in System32 directory
Drops file in Program Files directory
Drops file in Windows directory
Unsigned PE
Enumerates physical storage devices
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-07 20:26
Signatures
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-07 20:26
Reported
2024-04-07 20:29
Platform
win10v2004-20240226-en
Max time kernel
151s
Max time network
155s
Command Line
Signatures
Detects executables containing possible sandbox analysis VM usernames
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\action kicking public .mpg.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\french beast sleeping boots (Sarah,Ashley).rar.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\porn full movie hole shoes .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\indian action gang bang masturbation cock stockings (Janette,Curtney).avi.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\fucking beast catfight .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\gang bang catfight young .rar.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\indian beast sleeping (Samantha).rar.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\beastiality gay voyeur .rar.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\SHARED\beastiality [bangbus] traffic .mpg.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Windows\System32\LogFiles\Fax\Incoming\hardcore animal several models vagina 40+ .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\fetish hot (!) .avi.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\SHARED\gay several models .rar.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Common Files\Microsoft Shared\cumshot action masturbation high heels .avi.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\hardcore lingerie uncut young .rar.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\gay cumshot [bangbus] mature .rar.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\kicking cumshot uncut cock latex .mpg.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Shared Gadgets\african action xxx uncut fishy .mpg.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\danish gang bang big pregnant (Melissa,Liz).avi.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\japanese fetish masturbation boobs hairy .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Templates\indian animal catfight .rar.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\chinese beast cum full movie lady (Sonja).zip.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Program Files\Microsoft Office\Updates\Download\british handjob trambling public ash sm (Janette).rar.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\Download\hardcore fucking uncut (Ashley).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Program Files\dotnet\shared\bukkake porn girls feet femdom .zip.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\african trambling voyeur (Christine,Janette).zip.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\cum licking .rar.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\hardcore public .zip.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\asian hardcore uncut swallow (Sandy).mpg.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\sperm licking femdom (Tatjana).rar.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\fetish kicking voyeur hole 50+ .mpg.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\swedish trambling cum full movie (Gina).zip.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Windows\InputMethod\SHARED\kicking full movie titts fishy (Samantha,Sonja).avi.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\handjob lesbian lesbian boobs (Britney,Sandy).mpg.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.867_en-us_49453482f1fb5356\russian cum animal hot (!) wifey (Britney,Britney).rar.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\indian blowjob fetish hidden .zip.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_1bbb9ab9fc52bac9\brasilian horse [bangbus] mistress .avi.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.1_none_fa09f84703cb02c5\swedish lesbian handjob masturbation shower .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\tyrkish fetish [free] granny .mpg.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Windows\SoftwareDistribution\Download\SharedFileCache\chinese nude full movie .rar.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..se-shared-datafiles_31bf3856ad364e35_10.0.19041.1_none_2f5f00d280dce9f6\beastiality sleeping boobs .mpg.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Windows\CbsTemp\spanish porn public (Anniston).mpg.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\swedish horse gang bang [milf] .rar.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-composable-sharepicker_31bf3856ad364e35_10.0.19041.1_none_c87e96327faffd0e\lesbian [milf] vagina bedroom .zip.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5fdc43acc1be690d\asian sperm lesbian masturbation titts ejaculation .mpg.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\Downloads\german kicking [bangbus] redhair .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_2fe79eae2833b9b1\spanish gang bang lesbian girls bedroom (Jade).rar.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\japanese lingerie several models bedroom .mpg.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_215194e2327a46ac\beastiality masturbation shoes (Gina).mpg.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_211cf1c632a13851\kicking nude [milf] mature .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-a..gement-uevtemplates_31bf3856ad364e35_10.0.19041.1_none_0d66b54875835a49\russian horse hot (!) boobs stockings (Curtney,Jade).avi.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_ab42fb092bda9182\danish gay animal hot (!) legs femdom .zip.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.746_none_d01527cffa9c25bc\hardcore horse masturbation .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\canadian horse xxx several models vagina granny .avi.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_en-us_310bfb76047869ad\indian gay girls ash fishy .avi.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_es-es_30d7585a049f5b52\cumshot cumshot girls gorgeoushorny .rar.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_855aff45853749ef\russian lesbian uncut gorgeoushorny .mpg.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\Downloads\spanish blowjob girls .zip.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Windows\SystemResources\Windows.ShellCommon.SharedResources\horse animal [milf] feet .avi.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Windows\SystemResources\Windows.UI.ShellCommon\SharePickerUI\hardcore bukkake several models .avi.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.1_none_0bc0f3d4cd7dc8fd\chinese cumshot nude voyeur legs .zip.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_it-it_bdb6c49fcea35732\danish lingerie trambling [bangbus] boobs 40+ .rar.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_cb389cf57d74d691\african hardcore [free] (Samantha,Sonja).mpg.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_57eddd48e7a74274\lingerie blowjob [free] latex .mpg.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Windows\Downloaded Program Files\norwegian lingerie girls nipples .avi.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Windows\security\templates\swedish gay girls penetration (Sandy,Gina).rar.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.84_none_81616275259e37fe\swedish gay catfight penetration (Britney,Gina).zip.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.746_none_2212358fc33cc10f\american sperm several models hotel .avi.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Windows\mssrv.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c3d467c525734eb3\indian porn girls nipples 50+ (Curtney,Anniston).mpg.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d38ece58f77171b4\malaysia fucking gang bang catfight 50+ .rar.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.789_en-us_58ebf9ecc407e3c0\beastiality public .rar.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.867_none_c29826784f9429f8\norwegian animal public stockings .rar.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\fetish sleeping boobs wifey .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\danish beast [free] (Melissa).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\german porn lesbian [milf] .zip.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_4c786ae2f508e6d5\animal animal sleeping .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_f3b35d713ce0fc7f\lingerie sleeping nipples .rar.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_f07d4fae3e8e883f\british handjob girls hole traffic .rar.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..s-ime-eashared-ihds_31bf3856ad364e35_10.0.19041.1_none_e8996b7d3512363f\french horse action full movie boobs circumcision .avi.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Windows\PLA\Templates\beast uncut bondage .rar.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_adfc5e0bfca53431\sperm girls .mpg.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_5b152a8d329397ec\canadian handjob several models wifey .mpg.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.1_none_a80cea873b2a6772\italian cumshot bukkake hot (!) titts .rar.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_621728fcd3c9d5f6\german horse gang bang big latex .avi.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_7860bee9439c3ae7\lesbian lingerie voyeur (Gina).mpg.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_de-de_881b257d159a5de8\asian horse hot (!) penetration .zip.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_9aa486d790131d4e\swedish animal cumshot uncut ejaculation .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\american sperm cumshot [milf] .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\japanese gay licking .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\templates\norwegian handjob licking legs redhair (Liz).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\templates\japanese blowjob xxx big (Christine,Liz).zip.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.928_none_33e0d5558cdd7c61\tyrkish handjob horse masturbation ejaculation .zip.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.844_none_67b5915b5651dd8a\bukkake horse full movie hotel .mpg.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_5d54c0aac5c3c12c\kicking nude girls ash .mpg.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe
"C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe"
C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe
"C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe"
C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe
"C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe"
C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe
"C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 159.113.53.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.118.77.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.16.208.104.in-addr.arpa | udp |
Files
memory/320-0-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\kicking cumshot uncut cock latex .mpg.exe
| MD5 | e31d440e733f160b1608c143b96a45ae |
| SHA1 | d4cce6f97508583d0e2305ec23e88b7b4b4677d0 |
| SHA256 | eeffe2986f7c9b2600d9cdddb58c15f94419fcb210b026439143066875c1be48 |
| SHA512 | 52ec223b93a99f88ec9ed3d87308fff855dbf375b7b13ec9c2d55aca6562a6234303950f13fa19e662f43531d3542e35d32291260450fbe68a165f741f3802a2 |
memory/2184-11-0x0000000000400000-0x000000000041F000-memory.dmp
memory/4588-13-0x0000000000400000-0x000000000041F000-memory.dmp
memory/4352-14-0x0000000000400000-0x000000000041F000-memory.dmp
memory/320-16-0x0000000000400000-0x000000000041F000-memory.dmp
memory/2184-25-0x0000000000400000-0x000000000041F000-memory.dmp
memory/4588-30-0x0000000000400000-0x000000000041F000-memory.dmp
memory/4352-108-0x0000000000400000-0x000000000041F000-memory.dmp
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-07 20:26
Reported
2024-04-07 20:29
Platform
win7-20240215-en
Max time kernel
150s
Max time network
149s
Command Line
Signatures
Detects executables containing possible sandbox analysis VM usernames
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\danish kicking horse catfight cock femdom (Samantha).avi.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Windows\System32\LogFiles\Fax\Incoming\swedish gang bang fucking hidden YEâPSè& .mpg.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\horse lesbian 50+ .mpg.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\american porn lingerie hidden (Tatjana).mpg.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\fucking lesbian .avi.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\shared\tyrkish kicking horse big (Jade).zip.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\brasilian nude blowjob catfight 50+ (Kathrin,Jade).rar.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\japanese porn hardcore licking .zip.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\british hardcore lesbian cock .mpg.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\shared\danish cum gay uncut mistress (Anniston,Curtney).zip.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\japanese porn bukkake masturbation cock young (Sarah).zip.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\danish porn xxx hot (!) hole leather .zip.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\xxx hot (!) redhair .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\black kicking gay big feet .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Shared Gadgets\swedish cumshot lingerie voyeur feet femdom .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\horse [free] .rar.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\microsoft shared\fucking voyeur hole 40+ (Samantha).zip.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\gay [free] hole gorgeoushorny (Liz).mpg.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\lesbian voyeur glans upskirt (Jade).mpg.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\american fetish lesbian girls lady (Britney,Tatjana).zip.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\danish animal xxx [bangbus] .mpg.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Program Files\DVD Maker\Shared\japanese nude trambling sleeping glans bedroom .mpg.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\Download\japanese beastiality gay lesbian bedroom .mpg.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Program Files\Windows Journal\Templates\swedish fetish beast [bangbus] feet 40+ .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\russian cumshot bukkake public (Tatjana).zip.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ad7c61fb28607522\black action fucking masturbation bondage .avi.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Windows\SoftwareDistribution\Download\indian fetish xxx public cock balls (Sylvia).rar.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b4aea777fe683838\porn blowjob public .rar.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_bacc7ceffc55dca2\cumshot horse voyeur .rar.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_b7f38afb92de484f\fetish xxx girls ejaculation .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Windows\Downloaded Program Files\black action trambling [milf] hole mature .zip.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_6.1.7600.16385_none_5499606faffb3f9f\german xxx big hole sweet .rar.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_515dc677700303ec\russian cum hardcore licking hole (Britney,Liz).zip.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Windows\winsxs\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_6b16fa9f975e1109\british lingerie lesbian femdom (Kathrin,Liz).mpg.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05\spanish hardcore hidden lady .avi.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f25d066604c2ad34\gay lesbian (Sylvia).mpg.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_en-us_00f45b041e1e8fd3\handjob lingerie lesbian hole hairy .avi.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_7f84cd98a7a56fd8\swedish handjob lingerie [free] lady .rar.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_16a2bb1dbab1c595\fetish bukkake public 40+ .avi.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_cd2006602e5ee22e\animal hardcore public cock fishy (Curtney).zip.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_dd18b2a07d49aa11\horse hot (!) (Janette).avi.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_6.1.7600.16385_none_af6f98ff87b0e3cc\action fucking several models YEâPSè& .avi.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_39374e2435a71b47\french hardcore big titts 50+ .rar.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_963e6ae24c653bfe\brasilian porn trambling licking boots .mpg.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_d8216ed3d8746200\black animal horse several models (Samantha).rar.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Windows\mssrv.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_6.1.7600.16385_none_6377027f0030a06a\chinese lingerie masturbation (Sarah).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_97a45841ff925aa0\trambling girls hole YEâPSè& .rar.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\blowjob full movie .mpg.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\gay sleeping glans YEâPSè& (Liz).mpg.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_293ea1e3e6bc5364\british bukkake sleeping (Janette).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_60a2cbbf935c42b4\brasilian porn trambling masturbation cock sweet (Curtney).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\canadian blowjob lesbian sweet .mpg.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_dba3691c6002e10e\russian action sperm [milf] titts granny .avi.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_3c93ac15fd731acf\asian fucking [bangbus] (Liz).zip.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_a945e2c500c90142\beastiality xxx public feet lady (Jade).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Windows\winsxs\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_79642285ffd2a388\fucking uncut .zip.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\hardcore uncut hole wifey (Karin).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Windows\assembly\tmp\japanese porn blowjob sleeping latex .rar.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_94828572f7ddbf0f\porn xxx public hole sm .avi.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_6.1.7600.16385_none_2958d4a31d2ec64f\gang bang trambling girls feet .zip.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0835101f2d90c7b6\cum beast girls ejaculation .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8bc7919d3f36cee7\beastiality beast hot (!) hotel .avi.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_39c9d74ef2ad6c7b\french gay [free] 50+ .zip.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\danish kicking beast licking upskirt .avi.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_c26c5b8280c6af34\german trambling voyeur cock shower .mpg.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_94ab98ac6d213009\bukkake public latex .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_6.1.7600.16385_none_a727eb798dcfb185\hardcore girls beautyfull (Sonja,Janette).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_5e4ff1f4cf2dee9b\handjob lingerie voyeur cock lady .avi.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\tyrkish kicking trambling lesbian YEâPSè& (Britney,Sylvia).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\lesbian catfight gorgeoushorny .zip.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Windows\winsxs\InstallTemp\british bukkake masturbation .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_f3c374fc18118ca2\bukkake uncut ejaculation .rar.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_4d274741486b900c\fucking lesbian .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\swedish nude bukkake [bangbus] .zip.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\japanese action horse lesbian (Melissa).rar.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8c6fc5a7aa8c435d\indian beastiality sperm hot (!) glans (Anniston,Sylvia).mpg.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_3d98a610fed70b75\malaysia bukkake hot (!) hole high heels (Karin).mpg.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\russian porn blowjob several models .zip.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2fc4a33adb648f33\canadian sperm [free] hole sweet (Samantha).mpg.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_05ea1d9b8e2bf020\french fucking sleeping glans pregnant .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Windows\assembly\temp\black porn blowjob big (Melissa).zip.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5d9f7d70ed4643fd\cum lingerie uncut .mpg.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0af98f1835676d1b\beast catfight feet gorgeoushorny (Jade).rar.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\Downloads\norwegian gay voyeur .rar.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_4fe2107fd06efdd8\french lesbian several models cock pregnant .avi.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_3b85bcbe4734e96a\porn beast full movie titts pregnant .avi.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\japanese handjob sperm hot (!) titts .mpg.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\fucking hot (!) 40+ .zip.exe | C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe
"C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe"
C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe
"C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe"
C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe
"C:\Users\Admin\AppData\Local\Temp\41b96510b9e915bf2491c70b8e56231f6f1e312f49e1e31b77689d2d93f5ba41.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 254.80.203.5.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.49.204.32.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 139.79.227.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 250.96.131.241.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.76.34.130.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 7.253.85.239.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 215.188.40.213.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.180.229.146.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.196.230.78.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.48.60.22.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.111.239.189.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.157.118.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.143.13.81.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.1.111.208.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 182.200.225.242.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 253.116.150.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.115.34.21.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.50.208.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 123.104.76.156.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 164.51.181.70.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 230.25.181.139.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 176.5.249.53.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.116.19.176.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.170.181.182.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 115.229.88.43.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 12.155.137.187.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 132.226.109.105.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.252.130.99.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.212.110.253.in-addr.arpa | udp |
Files
memory/2904-0-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Program Files\Windows Sidebar\Shared Gadgets\swedish cumshot lingerie voyeur feet femdom .mpeg.exe
| MD5 | c1b228c83e7d6a7fe1a6f7d01e13c8e9 |
| SHA1 | 27066bbb7445e0a619d0b251398fdbc6f2132b4f |
| SHA256 | 219762dd18e578ab22efd2540e416fde2f2a4a19802d2b0e3ecae513835a419b |
| SHA512 | cf825946edd37b247c0def046cd394321b3b53e3d05defb70a40b0373999e03b507dfe86870868b8fe8612527f099cf39feb11d7c0c7039b56074b351595ed89 |
memory/2904-77-0x00000000050E0000-0x00000000050FF000-memory.dmp
memory/2112-78-0x0000000000400000-0x000000000041F000-memory.dmp
memory/2628-87-0x0000000000400000-0x000000000041F000-memory.dmp
memory/2112-86-0x0000000004CD0000-0x0000000004CEF000-memory.dmp
C:\debug.txt
| MD5 | 53ba4ab99140914bbea8f39da178406b |
| SHA1 | 46185c8e68f6150e281b20206d27bd11e2c7135c |
| SHA256 | 3b661ad29bc6db4766ad9ec97f95043f949f6ebd487d9d13460285f68522fa9b |
| SHA512 | eb415f5622242de4613504ce7290ecb47d92901880a61e108344c1a30aaf675e54a4c64665a93d769e372eb41d2e1f12f683ea4c24147c3ea6b1e0545e7d6ffd |
memory/2904-104-0x0000000000400000-0x000000000041F000-memory.dmp
memory/2904-106-0x00000000050E0000-0x00000000050FF000-memory.dmp
memory/2112-107-0x0000000000400000-0x000000000041F000-memory.dmp
memory/2112-108-0x0000000004CD0000-0x0000000004CEF000-memory.dmp
memory/2628-109-0x0000000000400000-0x000000000041F000-memory.dmp