Analysis Overview
SHA256
414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8
Threat Level: Known bad
The file 414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8 was found to be: Known bad.
Malicious Activity Summary
UPX dump on OEP (original entry point)
UPX dump on OEP (original entry point)
Detects executables containing possible sandbox analysis VM usernames
Reads user/profile data of web browsers
Checks computer location settings
UPX packed file
Adds Run key to start application
Enumerates connected drives
Drops file in System32 directory
Drops file in Program Files directory
Drops file in Windows directory
Unsigned PE
Enumerates physical storage devices
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-07 20:25
Signatures
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-07 20:25
Reported
2024-04-07 20:27
Platform
win7-20240319-en
Max time kernel
150s
Max time network
151s
Command Line
Signatures
Detects executables containing possible sandbox analysis VM usernames
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\FxsTmp\lingerie hidden hole .zip.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\shared\swedish nude blowjob hot (!) (Melissa).avi.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Windows\System32\LogFiles\Fax\Incoming\xxx sleeping titts femdom .rar.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\indian kicking gay big hole upskirt .zip.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\bukkake several models titts pregnant .mpg.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\handjob bukkake lesbian mature .zip.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\shared\danish horse sperm girls traffic .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\tyrkish fetish bukkake hot (!) feet redhair (Janette).rar.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\bukkake masturbation titts leather .mpg.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\swedish animal sperm [milf] (Melissa).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\DVD Maker\Shared\xxx [bangbus] feet black hairunshaved .avi.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\russian porn xxx masturbation blondie .zip.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\Download\danish animal bukkake sleeping .mpg.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\bukkake hidden castration .zip.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Shared Gadgets\brasilian cumshot beast masturbation shower .mpg.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\fucking uncut .rar.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\swedish action bukkake lesbian beautyfull .mpg.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\trambling [free] hole bedroom (Liz).zip.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\russian handjob hardcore licking young .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\blowjob several models girly .mpg.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\lesbian sleeping .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Program Files\Windows Journal\Templates\brasilian horse gay voyeur 50+ (Ashley,Melissa).rar.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\microsoft shared\black fetish gay masturbation boots .avi.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\indian nude bukkake hot (!) swallow .zip.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\sperm girls black hairunshaved .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f25d066604c2ad34\sperm big .zip.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_2e7f079c3208e549\asian xxx full movie hole 40+ .mpg.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_16a2bb1dbab1c595\british blowjob [bangbus] feet stockings .mpg.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_94ab98ac6d213009\indian animal gay catfight cock penetration (Jade).zip.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Windows\PLA\Templates\blowjob girls (Janette).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_bcc167434bb9b3ea\spanish trambling full movie .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8d9f242de8497d58\american nude xxx [bangbus] YEâPSè& .avi.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\Downloads\american cumshot xxx several models feet .mpg.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_d81c96999f75bd77\american beastiality beast hidden circumcision (Ashley,Melissa).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Windows\security\templates\japanese kicking xxx licking wifey (Anniston,Sylvia).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5d6ada54ed6d35a2\indian nude sperm [free] bedroom .avi.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_3863e9ef3f804dd9\african gay big .zip.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_3b85bcbe4734e96a\lesbian masturbation (Karin).avi.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\hardcore licking 50+ (Sonja,Melissa).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\danish fetish gay lesbian (Sylvia).mpg.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_664dbffec8693dfe\bukkake full movie .avi.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\blowjob [bangbus] .zip.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8c6fc5a7aa8c435d\cum horse several models sweet .zip.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_6.1.7600.16385_none_a727eb798dcfb185\malaysia bukkake girls redhair (Ashley,Karin).zip.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_387a16fe7addf3b6\cum gay full movie penetration .zip.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\Downloads\fucking public traffic (Anniston,Janette).zip.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_4fe2107fd06efdd8\canadian beast girls shoes (Anniston,Sylvia).mpg.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Windows\winsxs\InstallTemp\action horse licking femdom .avi.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\beast several models titts wifey .zip.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\italian kicking trambling masturbation .avi.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Windows\assembly\tmp\fucking several models cock girly (Tatjana).zip.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\danish cum xxx masturbation glans mistress .avi.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\bukkake uncut (Karin).rar.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8bfc34b93f0fdd42\french trambling girls feet .zip.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\xxx several models granny .zip.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_es-es_00bfb7e81e458178\beast uncut high heels .avi.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Windows\SoftwareDistribution\Download\brasilian beastiality gay girls .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_d8216ed3d8746200\kicking trambling lesbian cock .avi.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_05ea1d9b8e2bf020\african beast uncut hole young (Samantha).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\lesbian full movie pregnant .zip.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\tyrkish nude trambling masturbation hole .zip.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0ac4ebfc358e5ec0\british bukkake uncut .rar.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_3c93ac15fd731acf\swedish handjob bukkake [bangbus] (Jade).rar.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ac16749b75335680\beast girls .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_bacc7ceffc55dca2\cum fucking big traffic .zip.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_cd2006602e5ee22e\asian horse full movie .avi.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\danish cum sperm full movie (Karin).zip.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_6f0f7833cb71e18d\bukkake [free] balls .mpg.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_39c9d74ef2ad6c7b\japanese cum blowjob lesbian (Melissa).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Windows\winsxs\Temp\fucking full movie balls .rar.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ea4a469ab7713182\norwegian lingerie big (Sarah).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_6208b91f46896156\black animal blowjob big glans .rar.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_1412267f4b3bb985\italian gang bang horse masturbation wifey .mpg.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-m..-temptable-provider_31bf3856ad364e35_6.1.7600.16385_none_1dd3ce8d1e7524cd\hardcore [bangbus] glans fishy (Curtney).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_b7f38afb92de484f\black gang bang trambling hot (!) gorgeoushorny (Jenna,Melissa).avi.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\russian animal lesbian voyeur cock circumcision .zip.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8bc7919d3f36cee7\swedish kicking lingerie masturbation titts upskirt (Sylvia).avi.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ad7c61fb28607522\action xxx sleeping (Melissa).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_60a2cbbf935c42b4\action sperm licking stockings .rar.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\tyrkish gang bang beast several models cock femdom .rar.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\lingerie voyeur .zip.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_5e4ff1f4cf2dee9b\handjob hardcore [bangbus] .avi.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a3772de7111797da\danish cum lesbian sleeping glans .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_f0ca3430257ea13f\sperm full movie (Tatjana).rar.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5d9f7d70ed4643fd\bukkake masturbation stockings .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_7bfdfb15e7184c41\canadian gay hot (!) .avi.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_f3c374fc18118ca2\cumshot bukkake several models cock castration .avi.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_aedaf3947d09fbe5\asian xxx uncut .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_515dc677700303ec\tyrkish horse trambling [milf] sm .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe
"C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe"
C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe
"C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe"
C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe
"C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe"
C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe
"C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 148.224.213.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.125.85.43.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 250.166.239.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.177.81.70.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.66.38.135.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.43.215.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 247.13.66.14.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 174.18.234.233.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.198.35.202.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.128.119.226.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.169.210.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.194.180.53.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.227.216.81.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.76.204.158.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.63.148.222.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.246.31.187.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.62.214.255.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.145.85.31.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 251.164.10.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.226.112.249.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.133.148.136.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 94.86.51.248.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.111.45.149.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.28.218.126.in-addr.arpa | udp |
Files
memory/1148-0-0x0000000000400000-0x000000000041E000-memory.dmp
C:\Program Files\Windows Sidebar\Shared Gadgets\brasilian cumshot beast masturbation shower .mpg.exe
| MD5 | 40d9349cbf20daa70482af8c591bf991 |
| SHA1 | 39c1bb70356c2933f763c6cf746b683789376b5b |
| SHA256 | 87632b29b1399e9118054d418a940d009d1e80d46c885d50c95c41b9d86b2092 |
| SHA512 | 249a87f5909ec9261dc44d8a5f0273012722d128d653535af40c9158ab90923d8afda2e8821d785b51bae391cc92e51f02760be8feae974c44cc418b36b18f25 |
memory/1148-35-0x0000000004EE0000-0x0000000004EFE000-memory.dmp
memory/2512-37-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2512-65-0x0000000004800000-0x000000000481E000-memory.dmp
memory/1148-66-0x0000000004EE0000-0x0000000004EFE000-memory.dmp
memory/2416-67-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2456-68-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1148-92-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2512-93-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1148-96-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1148-98-0x0000000004EE0000-0x0000000004EFE000-memory.dmp
memory/1148-99-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2512-101-0x0000000004800000-0x000000000481E000-memory.dmp
memory/1148-104-0x0000000004EE0000-0x0000000004EFE000-memory.dmp
memory/1148-115-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1148-119-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1148-123-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1148-129-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1148-133-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1148-137-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1148-141-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1148-145-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1148-149-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1148-153-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1148-157-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1148-161-0x0000000000400000-0x000000000041E000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-07 20:25
Reported
2024-04-07 20:27
Platform
win10v2004-20240226-en
Max time kernel
150s
Max time network
155s
Command Line
Signatures
Detects executables containing possible sandbox analysis VM usernames
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\indian gay hidden .rar.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\chinese gay cumshot [bangbus] mature .avi.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\hardcore hidden nipples latex .mpg.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\russian cum girls mature (Jenna,Christine).avi.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\tyrkish hardcore voyeur boobs young .avi.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Windows\System32\LogFiles\Fax\Incoming\blowjob lingerie uncut ash .zip.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\malaysia blowjob catfight titts penetration .mpg.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\indian porn trambling public upskirt (Britney,Anniston).zip.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\SHARED\gay masturbation cock sweet (Ashley).zip.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\italian gay beast hidden girly .mpg.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\cumshot trambling full movie .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\SHARED\cumshot lingerie big .rar.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\Common Files\microsoft shared\spanish nude hidden (Sonja).zip.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Program Files\Microsoft Office\Updates\Download\tyrkish action animal [free] 50+ (Curtney).mpg.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\horse handjob masturbation pregnant .zip.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\russian porn blowjob full movie ash .mpg.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\indian beastiality full movie hairy .mpg.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\beastiality full movie .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\american beast licking glans leather .avi.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Shared Gadgets\horse kicking voyeur (Britney,Sylvia).mpg.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\german action trambling lesbian swallow .rar.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\EU5927.tmp\african handjob uncut bedroom .mpg.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\gang bang big .zip.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\hardcore public boobs beautyfull .zip.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\chinese blowjob several models penetration .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Program Files\dotnet\shared\blowjob lesbian titts .zip.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Templates\horse girls beautyfull (Christine,Ashley).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\nude several models .zip.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Microsoft Shared\spanish lesbian masturbation lady (Gina).avi.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\american action horse hot (!) glans (Sonja,Karin).zip.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\Download\tyrkish sperm lesbian ¼ë .zip.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_it-it_4c5922428a6f2d08\action lingerie sleeping swallow .rar.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_es-es_e5c3ad79c4e34ebb\german animal sperm sleeping .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-u..tyvm-sysprep-shared_31bf3856ad364e35_10.0.19041.1_none_3ba048793ab5eb3f\cum big vagina balls (Anniston,Melissa).zip.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_10.0.19041.1_none_359f84f8e5af60e2\french cum several models .zip.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.1_none_b6514808f7d87b1a\indian beastiality bukkake uncut .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_621728fcd3c9d5f6\swedish lingerie gang bang [free] nipples ejaculation .zip.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1151_none_fbdc4c5f677dc2ec\chinese fucking [bangbus] .mpg.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Windows\WinSxS\x86_microsoft-windows-m..-temptable-provider_31bf3856ad364e35_10.0.19041.1_none_77cfea69a421a4a1\russian horse beastiality full movie (Janette).rar.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\cum sperm voyeur (Ashley).avi.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_8d8f6812a0c99533\chinese cumshot [free] .avi.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedpc-sharedpccsp_31bf3856ad364e35_10.0.19041.1_none_24f622f1fc5a3f3c\fetish uncut boobs ejaculation .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.844_none_67b5915b5651dd8a\danish gay lesbian lesbian (Janette).zip.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.867_none_c29826784f9429f8\asian porn hidden traffic (Samantha).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_es-es_bf79b5fcc06b3128\animal public legs .rar.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1_none_3cfd44d351b1a8ab\action cumshot masturbation (Kathrin).mpg.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\black porn [free] boobs ash .mpg.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_6242879b1c08046f\fucking handjob masturbation .avi.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_3058d81cfd5218f2\handjob cum [free] .zip.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Windows\WinSxS\x86_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_10.0.19041.1_none_d980e9752d51efac\asian lesbian lingerie [milf] .avi.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_de-de_881b257d159a5de8\danish gay sperm sleeping high heels (Christine).mpg.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.1_none_c6da8048542fddc7\gay beast [milf] nipples pregnant .rar.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_10.0.19041.1_none_4ac6500cab2b2113\chinese hardcore voyeur legs .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.906_none_f962ab5f47e1e896\asian handjob licking granny .zip.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Windows\CbsTemp\beast fucking catfight gorgeoushorny .zip.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedpc-sharedpccsp_31bf3856ad364e35_10.0.19041.746_none_4cfe603abbcbfd86\trambling animal hidden upskirt (Sylvia).mpg.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1288_none_ca3007304990b2ea\black cumshot several models .avi.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_10.0.19041.1_none_bd731e5b85dd203e\sperm [free] latex (Sonja).avi.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\german trambling [milf] .rar.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_8fafa997b9980bea\gay gay [bangbus] (Jenna,Christine).zip.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_f3b35d713ce0fc7f\asian sperm xxx hidden boots .avi.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.84_none_c494b3b28da10665\gang bang big boobs (Ashley).rar.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_f8d34ba1b1eb00de\trambling licking .rar.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.746_none_b53f8b98f2b3a373\sperm masturbation ejaculation .avi.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_cb389cf57d74d691\norwegian handjob [milf] hotel .rar.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-s..mon-sharedresources_31bf3856ad364e35_10.0.19041.1_none_5417ea1f38dbb76b\malaysia hardcore public vagina (Janette).zip.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_10.0.19041.1_none_91025638be651781\italian trambling beast hot (!) ash .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Windows\WinSxS\msil_microsoft.powershel..filedownloadmanager_31bf3856ad364e35_10.0.19041.1_none_cb69bad627df9263\bukkake fucking masturbation hotel .avi.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_ca03036af4a5017e\trambling full movie vagina boots .rar.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Windows\PLA\Templates\horse girls mature (Sarah,Melissa).mpg.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.1_none_b201c2e68d8dbc0d\tyrkish lingerie voyeur .avi.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\Downloads\cumshot lingerie [free] shower .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.746_none_d404daff82e97769\russian lingerie [free] penetration .rar.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-a..gement-uevtemplates_31bf3856ad364e35_10.0.19041.1_none_0d66b54875835a49\russian gay trambling sleeping castration .rar.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-t..ervices-tsfairshare_31bf3856ad364e35_10.0.19041.1_none_e32b64807ab11fd2\porn masturbation nipples .avi.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\trambling several models circumcision (Melissa).rar.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.867_en-us_49453482f1fb5356\gay kicking [milf] legs boots (Tatjana,Karin).mpg.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_it-it_bdb6c49fcea35732\cum animal full movie bedroom .zip.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.789_en-us_58ebf9ecc407e3c0\gang bang beast [bangbus] vagina girly (Jade).rar.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.1_none_fa09f84703cb02c5\russian cumshot hardcore sleeping .avi.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.153_none_e23c926e32d07dc1\hardcore several models beautyfull (Britney).avi.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx4-installsqlstatetemplate_sql_b03f5f7f11d50a3a_4.0.15805.0_none_7636d1cd418015c8\spanish porn full movie ash .zip.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_6c85d64de79e0985\lesbian cum voyeur leather (Sandy,Tatjana).avi.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\norwegian lingerie [free] glans blondie .avi.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..s-ime-eashared-ihds_31bf3856ad364e35_10.0.19041.1_none_e8996b7d3512363f\american nude horse hot (!) bedroom .rar.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_62312bfbb33d478a\animal masturbation .zip.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_1bbb9ab9fc52bac9\gay handjob hot (!) feet femdom .rar.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_fd7349c396c417ae\horse lesbian Ôï .zip.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1288_none_6115038ba57fcb33\german horse full movie (Britney).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\gang bang sleeping .rar.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..ces-ime-eashared-lm_31bf3856ad364e35_10.0.19041.1_none_3d0229d17c310f10\american bukkake hot (!) shoes .rar.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..se-shared-datafiles_31bf3856ad364e35_10.0.19041.1_none_2f5f00d280dce9f6\kicking sleeping vagina leather .rar.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_de-de_3d077a9cd5de5151\japanese cumshot big swallow .mpg.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_10.0.19041.1_none_096bb4dc0d5d63a0\beastiality [bangbus] (Ashley,Karin).avi.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx4-_dataperfcou.._shared12_neutral_h_b03f5f7f11d50a3a_4.0.15805.0_none_24ed4511dcc3019e\danish xxx gang bang hidden vagina .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe
"C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe"
C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe
"C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe"
C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe
"C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe"
C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe
"C:\Users\Admin\AppData\Local\Temp\414cc1043a75533bdd96146a24d3186447a286846c1afe4992ad6ffa8d0532e8.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.39.50.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 128.202.192.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 250.103.7.147.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.18.158.15.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.190.247.253.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 144.25.56.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.138.253.50.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.182.216.25.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 87.151.33.58.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.152.8.223.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.246.38.76.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.132.113.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.31.85.53.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 214.94.85.81.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.10.41.122.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 123.21.12.249.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 116.52.242.100.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 125.107.138.208.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 114.80.6.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 174.147.216.98.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.9.51.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 181.219.3.81.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 166.119.167.17.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 186.18.62.176.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.237.84.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 246.195.123.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 208.169.75.48.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 125.85.245.228.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.173.31.176.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 222.84.68.118.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.25.147.82.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 184.233.126.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.218.128.1.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.45.38.79.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 235.54.31.82.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 168.252.244.197.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 109.34.243.210.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.85.8.98.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.230.102.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.17.172.71.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.50.184.9.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.255.23.188.in-addr.arpa | udp |
Files
memory/2772-0-0x0000000000400000-0x000000000041E000-memory.dmp
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\indian beastiality full movie hairy .mpg.exe
| MD5 | 62d7b9a8c4686fd2dace95c3727fb86a |
| SHA1 | 7c8938c6d2d8db9cff64c8662ada21972953e570 |
| SHA256 | b6d8da5883d556d4c39a56d2ffa5f1714015f492f34b0a722730bce0aee65f36 |
| SHA512 | bcf288d6c95770d464fb648ec99d5b7f74f7d25c44173e7f49b143a960499e252f1f29f09573e67cc2ae2e9d8d9e117e1fc8401922c873b851b041d72e7a598c |
memory/2584-23-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2772-146-0x0000000000400000-0x000000000041E000-memory.dmp
memory/4740-179-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2584-186-0x0000000000400000-0x000000000041E000-memory.dmp
memory/3412-187-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2772-188-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2772-189-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2772-193-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2772-197-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2772-202-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2772-208-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2772-218-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2772-222-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2772-227-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2772-231-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2772-235-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2772-239-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2772-243-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2772-247-0x0000000000400000-0x000000000041E000-memory.dmp