Analysis Overview
SHA256
2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc
Threat Level: Known bad
The file 2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc was found to be: Known bad.
Malicious Activity Summary
UPX dump on OEP (original entry point)
UPX dump on OEP (original entry point)
Detects executables containing possible sandbox analysis VM usernames
Reads user/profile data of web browsers
UPX packed file
Checks computer location settings
Adds Run key to start application
Enumerates connected drives
Drops file in System32 directory
Drops file in Windows directory
Drops file in Program Files directory
Enumerates physical storage devices
Unsigned PE
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-07 19:40
Signatures
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-07 19:40
Reported
2024-04-07 19:42
Platform
win10v2004-20240226-en
Max time kernel
150s
Max time network
151s
Command Line
Signatures
Detects executables containing possible sandbox analysis VM usernames
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\config\systemprofile\gay hidden hairy .zip.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\lingerie several models wifey .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\SHARED\bukkake sleeping stockings .avi.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\blowjob licking blondie (Ashley,Janette).rar.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\danish handjob gay big cock .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\norwegian trambling catfight (Curtney).zip.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\russian porn horse hidden hole (Kathrin,Sarah).rar.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\swedish cum sperm catfight circumcision .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\fucking uncut feet .rar.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\lingerie [bangbus] cock bedroom .zip.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\SHARED\fucking uncut cock sweet .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Windows\System32\LogFiles\Fax\Incoming\american horse bukkake public bondage .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\dotnet\shared\lingerie licking titts .rar.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\russian kicking xxx girls (Samantha).avi.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\xxx [milf] 50+ (Jenna,Sylvia).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Microsoft Shared\horse voyeur titts .avi.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\black action lesbian big boots .avi.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\Download\trambling voyeur titts upskirt .rar.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\tyrkish animal sperm full movie .rar.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\fucking uncut feet wifey .mpg.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\trambling [milf] glans traffic (Jade).zip.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Templates\black action blowjob hidden (Samantha).zip.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\italian gang bang blowjob full movie mistress .mpg.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\beast [free] ejaculation (Sonja,Samantha).avi.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Program Files\Microsoft Office\Updates\Download\hardcore [bangbus] (Jade).avi.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Shared Gadgets\bukkake sleeping beautyfull .rar.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\blowjob full movie young .mpg.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\danish kicking beast several models ejaculation (Kathrin,Karin).rar.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\horse girls cock .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\swedish nude sperm masturbation .zip.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1_none_97e9c0335b4cd39a\spanish sperm full movie .mpg.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5021dd18efc0460c\brasilian porn lesbian girls .zip.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_cb389cf57d74d691\nude xxx full movie hole granny .mpg.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\Downloads\xxx hot (!) hole upskirt .mpg.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.964_none_1c1a193f5bfcf136\spanish sperm masturbation femdom .rar.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-t..ervices-tsfairshare_31bf3856ad364e35_10.0.19041.1_none_e32b64807ab11fd2\asian fucking full movie glans .rar.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.928_none_33e0d5558cdd7c61\chinese trambling [bangbus] (Sarah).rar.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_621728fcd3c9d5f6\kicking fucking masturbation (Samantha).zip.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Windows\assembly\temp\indian animal xxx uncut lady .mpg.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_es-es_64c107d8bb3ade94\xxx [milf] mistress .rar.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1202_none_e2f5ebbcec2d8fca\norwegian gay hidden wifey .avi.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-s..mon-sharedresources_31bf3856ad364e35_10.0.19041.1_none_5417ea1f38dbb76b\trambling lesbian femdom .avi.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-update-upshared_31bf3856ad364e35_10.0.19041.84_none_85259eff919b7c9e\fucking sleeping .rar.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_it-it_56adcc94becfef03\cum lesbian big beautyfull (Britney,Curtney).mpg.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.1_none_d12f2a9a88909fc2\canadian bukkake [bangbus] shower (Christine,Samantha).zip.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_es-es_bf79b5fcc06b3128\african bukkake [bangbus] glans mistress (Samantha).rar.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_b1ffa0e7b4ed03e2\animal fucking hot (!) hole hairy .rar.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-composable-sharepicker_31bf3856ad364e35_10.0.19041.1_none_c87e96327faffd0e\beastiality blowjob voyeur bedroom .mpg.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..ces-ime-eashared-lm_31bf3856ad364e35_10.0.19041.1_none_3d0229d17c310f10\malaysia fucking big feet .avi.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Windows\assembly\tmp\black porn blowjob public balls .avi.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\sperm girls .avi.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedpc-sharedpccsp_31bf3856ad364e35_10.0.19041.1_none_24f622f1fc5a3f3c\blowjob [bangbus] .mpg.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Windows\Downloaded Program Files\hardcore uncut feet .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_it-it_72a319bf8ee74a9b\fucking full movie pregnant (Gina,Sylvia).zip.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.1_none_b6514808f7d87b1a\russian nude horse big .rar.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Windows\WinSxS\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_10.0.19041.1_none_a723631dce180fe0\brasilian nude horse catfight feet YEâPSè& .rar.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Windows\security\templates\indian action lesbian sleeping bedroom (Anniston,Curtney).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_10.0.19041.1_none_bd731e5b85dd203e\sperm licking YEâPSè& .avi.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_en-us_e5f85095c4bc5d16\asian hardcore full movie bedroom (Ashley,Sylvia).rar.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_9aa486d790131d4e\indian nude sperm uncut YEâPSè& .rar.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_e79b400a6df5fd2c\german fucking big hole .zip.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_10.0.19041.207_none_e2f2dfeea7fa44fc\asian horse voyeur glans shoes .mpg.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.1_none_a80cea873b2a6772\beastiality horse hot (!) .zip.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.1_none_c6da8048542fddc7\black fetish lesbian [bangbus] (Samantha).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_62312bfbb33d478a\norwegian xxx lesbian glans .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Windows\WinSxS\msil_microsoft.powershel..filedownloadmanager_31bf3856ad364e35_10.0.19041.1_none_cb69bad627df9263\fucking hot (!) mature .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\indian horse horse [free] titts .avi.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Windows\SoftwareDistribution\Download\SharedFileCache\tyrkish action lesbian hidden young .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_57eddd48e7a74274\xxx uncut .zip.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-u..ell-sharedutilities_31bf3856ad364e35_10.0.19041.1_none_813610a8a9b59e0a\african beast voyeur (Curtney).zip.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.746_none_d01527cffa9c25bc\cum fucking big 50+ .rar.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx-aspnet-sharedcomponents_b03f5f7f11d50a3a_4.0.19041.1_none_47ca94859da20b28\malaysia hardcore sleeping titts ejaculation (Karin).rar.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_10.0.19041.1_none_c513167c1d0a90dd\russian handjob gay voyeur .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.84_none_cee95e04c201c860\norwegian hardcore hidden .mpg.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\bukkake lesbian .rar.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_f3b35d713ce0fc7f\american cumshot xxx [free] hole (Ashley,Tatjana).avi.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.572_none_d9e58b774d1b6e80\spanish lingerie lesbian .avi.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-security-ntlmshared_31bf3856ad364e35_10.0.19041.1_none_7d9dab4e456449b1\horse big ash .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_a4f93129c473df49\chinese sperm voyeur titts hotel .mpg.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Windows\WinSxS\x86_microsoft-windows-m..-temptable-provider_31bf3856ad364e35_10.0.19041.1_none_77cfea69a421a4a1\cum xxx licking hole .rar.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_2fe79eae2833b9b1\swedish gang bang horse full movie cock .avi.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_2610450c30b37cc4\russian kicking xxx sleeping fishy .mpg.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.746_none_2212358fc33cc10f\african xxx uncut glans .avi.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1_none_a23e6a858fad9595\canadian xxx several models bedroom .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Windows\mssrv.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1_none_3cfd44d351b1a8ab\malaysia beast big .zip.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.906_none_f962ab5f47e1e896\french beast [free] glans ejaculation .rar.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-u..ell-sharedutilities_31bf3856ad364e35_10.0.19041.546_none_a93e4a2569276206\malaysia hardcore licking titts granny (Curtney).zip.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_3058d81cfd5218f2\trambling sleeping hole mistress .avi.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Windows\SystemResources\Windows.UI.ShellCommon\SharePickerUI\japanese nude hardcore lesbian sm (Sandy,Samantha).mpg.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_ca03036af4a5017e\malaysia blowjob masturbation glans .rar.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Windows\SoftwareDistribution\Download\russian kicking beast [bangbus] cock hotel .zip.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Windows\WinSxS\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_10.0.19041.1_none_c049dbdb4e15bdd2\kicking xxx big ejaculation .mpg.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\templates\black beastiality horse uncut fishy .rar.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe
"C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe"
C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe
"C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe"
C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe
"C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe"
C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe
"C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 164.186.69.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.121.32.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.198.139.33.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.254.224.94.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| NL | 72.246.173.187:80 | www.microsoft.com | tcp |
| NL | 72.246.173.187:80 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | 187.173.246.72.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.118.77.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.57.235.170.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.20.23.145.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.136.139.70.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 148.15.192.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.132.107.189.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.43.87.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 231.203.26.168.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.31.43.77.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.171.175.65.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.45.145.169.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.248.96.229.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.56.10.212.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.148.254.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.214.152.242.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 85.245.144.247.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 37.49.161.122.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 177.62.58.177.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.99.22.250.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 191.147.28.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.26.33.183.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.1.172.238.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.125.86.50.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.180.79.50.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.14.187.26.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 222.72.10.250.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.102.95.249.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.38.80.90.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.202.93.121.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 214.228.202.29.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.51.170.161.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 243.234.164.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 188.179.47.75.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.191.226.60.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 243.21.38.53.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.248.164.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.108.44.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.194.96.213.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.243.243.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.217.134.73.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.154.244.136.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.139.94.11.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.215.105.253.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 165.188.148.72.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.55.65.145.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 204.226.100.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 7.119.213.30.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 143.180.106.116.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.109.209.190.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.73.42.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.139.144.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.191.114.76.in-addr.arpa | udp |
Files
memory/4664-0-0x0000000000400000-0x000000000041E000-memory.dmp
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\italian gang bang blowjob full movie mistress .mpg.exe
| MD5 | b292795233b84c211c5368ccb0bd6979 |
| SHA1 | 34a5890e795c14f80441768e763fdb9b9fa761bd |
| SHA256 | 774c772414b5f10d525f35d9a4231dda1c615df6eb9b8498cd86059dd339765f |
| SHA512 | 097cadcc4e735f15e86bd8f5c0a7e3e790bb96f195904231866edf1a3f95c16b1f31dfbd7e9dae1f60b4f2e661c6cd274970382d8890440024146d4361204297 |
memory/3092-156-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1632-161-0x0000000000400000-0x000000000041E000-memory.dmp
memory/4664-188-0x0000000000400000-0x000000000041E000-memory.dmp
memory/3148-189-0x0000000000400000-0x000000000041E000-memory.dmp
memory/3092-190-0x0000000000400000-0x000000000041E000-memory.dmp
memory/4664-193-0x0000000000400000-0x000000000041E000-memory.dmp
memory/4664-194-0x0000000000400000-0x000000000041E000-memory.dmp
memory/4664-200-0x0000000000400000-0x000000000041E000-memory.dmp
memory/4664-210-0x0000000000400000-0x000000000041E000-memory.dmp
memory/4664-214-0x0000000000400000-0x000000000041E000-memory.dmp
memory/4664-219-0x0000000000400000-0x000000000041E000-memory.dmp
memory/4664-223-0x0000000000400000-0x000000000041E000-memory.dmp
memory/4664-227-0x0000000000400000-0x000000000041E000-memory.dmp
memory/4664-231-0x0000000000400000-0x000000000041E000-memory.dmp
memory/4664-235-0x0000000000400000-0x000000000041E000-memory.dmp
memory/4664-239-0x0000000000400000-0x000000000041E000-memory.dmp
memory/4664-243-0x0000000000400000-0x000000000041E000-memory.dmp
memory/4664-247-0x0000000000400000-0x000000000041E000-memory.dmp
memory/4664-251-0x0000000000400000-0x000000000041E000-memory.dmp
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-07 19:40
Reported
2024-04-07 19:42
Platform
win7-20240221-en
Max time kernel
150s
Max time network
151s
Command Line
Signatures
Detects executables containing possible sandbox analysis VM usernames
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\System32\DriverStore\Temp\danish cumshot beast [bangbus] feet YEâPSè& (Tatjana).zip.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\british lesbian voyeur beautyfull .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\shared\lingerie uncut latex .rar.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\black gang bang beast girls balls (Sonja,Sylvia).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\tyrkish action horse public .mpg.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\shared\american nude beast hot (!) hole Ôë .avi.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\japanese beastiality gay [bangbus] glans black hairunshaved .rar.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\russian fetish gay hot (!) .rar.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Windows\System32\LogFiles\Fax\Incoming\tyrkish porn fucking several models hole stockings .zip.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\sperm catfight feet hairy (Janette).zip.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Google\Update\Download\lesbian licking cock .avi.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\horse lesbian .mpg.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\xxx big (Samantha).mpg.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\american horse horse [milf] titts .avi.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\black gang bang fucking voyeur gorgeoushorny .avi.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\tyrkish kicking beast girls traffic .rar.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Shared Gadgets\danish animal horse [milf] ìï .avi.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\horse lesbian cock .mpg.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Program Files\DVD Maker\Shared\brasilian cum lesbian big feet blondie (Curtney).zip.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Program Files\Windows Journal\Templates\lingerie hot (!) hole ejaculation (Jade).avi.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\microsoft shared\sperm sleeping (Liz).zip.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\black horse lingerie several models 50+ (Britney,Sarah).avi.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\brasilian nude lesbian hot (!) YEâPSè& .rar.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\danish kicking beast sleeping hole .avi.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\trambling catfight (Tatjana).rar.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\assembly\tmp\fucking masturbation cock femdom (Curtney).rar.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_97a45841ff925aa0\bukkake full movie latex .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_3c93ac15fd731acf\xxx hot (!) .avi.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b4aea777fe683838\beastiality blowjob public (Tatjana).mpg.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_6.1.7600.16385_none_6377027f0030a06a\indian gang bang trambling licking feet leather .avi.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_16a2bb1dbab1c595\gay uncut cock redhair .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_965db382b6fef5cb\sperm masturbation (Janette).avi.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_cd2006602e5ee22e\nude fucking [milf] castration .rar.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\cum hardcore [milf] redhair .avi.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\brasilian cumshot blowjob [milf] hole .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_d81c96999f75bd77\bukkake [bangbus] (Liz).avi.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_f3c374fc18118ca2\horse lesbian [bangbus] feet traffic .avi.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Windows\mssrv.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0993a1b8823a4e79\spanish gay lesbian titts .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_d8216ed3d8746200\kicking lingerie full movie black hairunshaved .mpg.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\xxx [free] 50+ .zip.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\Downloads\gay girls feet .zip.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_3b85bcbe4734e96a\french xxx hidden cock girly (Curtney).rar.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_b7f38afb92de484f\lingerie licking (Karin).mpg.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ea4a469ab7713182\african hardcore [free] 50+ .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\american cum horse licking .rar.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Windows\security\templates\lesbian masturbation .zip.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8bfc34b93f0fdd42\brasilian handjob horse several models (Sarah).avi.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Windows\winsxs\InstallTemp\russian gang bang gay full movie cock sm .avi.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\bukkake full movie .avi.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\danish fetish xxx [milf] titts upskirt .mpg.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_657d9a203abeb154\sperm [milf] castration .mpg.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_en-us_00f45b041e1e8fd3\chinese xxx lesbian ash (Anniston,Karin).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8bc7919d3f36cee7\cum beast catfight cock black hairunshaved .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\Downloads\tyrkish handjob lesbian masturbation bedroom (Ashley,Samantha).mpg.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_65b23d3c3a97bfaf\french hardcore several models glans .mpg.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_it-it_18a6fde3093acac7\nude sperm voyeur glans .mpg.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\swedish kicking blowjob hidden traffic (Gina,Jade).mpg.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\black kicking trambling [bangbus] (Sarah).rar.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_a945e2c500c90142\beast hot (!) blondie .avi.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_60a2cbbf935c42b4\russian beastiality fucking voyeur titts (Britney,Tatjana).rar.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_515dc677700303ec\russian cumshot sperm sleeping .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_387a16fe7addf3b6\asian sperm licking swallow .avi.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_94828572f7ddbf0f\beastiality lingerie sleeping .avi.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_4fe2107fd06efdd8\animal horse [bangbus] (Sylvia).zip.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_6f0f7833cb71e18d\russian animal sperm masturbation feet .zip.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a3772de7111797da\indian fetish blowjob voyeur glans boots .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05\hardcore uncut young .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e30b5ec05031d17d\german beast licking leather .zip.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_6.1.7600.16385_none_5499606faffb3f9f\german xxx sleeping titts hotel (Janette).mpg.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f25d066604c2ad34\black action lingerie [bangbus] glans YEâPSè& .rar.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\swedish kicking xxx uncut stockings .avi.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\hardcore lesbian hotel .mpg.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0af98f1835676d1b\beastiality hardcore lesbian titts hotel .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_3863e9ef3f804dd9\american fetish lingerie big hole YEâPSè& .avi.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_7f84cd98a7a56fd8\italian kicking lesbian voyeur (Jade).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\danish horse hardcore catfight hole penetration .zip.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5d9f7d70ed4643fd\horse trambling catfight femdom .rar.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_00225053e03f4c04\japanese gang bang bukkake [free] castration (Kathrin,Sylvia).zip.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_664dbffec8693dfe\french lesbian several models gorgeoushorny .rar.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5d6ada54ed6d35a2\danish action lesbian sleeping glans .zip.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_ddab3bcb3a4ffb45\action sperm sleeping titts .mpg.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\japanese gang bang sperm uncut titts shoes (Samantha).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_f0ca3430257ea13f\british sperm full movie .avi.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\beast girls latex (Christine,Liz).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Windows\assembly\temp\bukkake [free] titts .zip.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0835101f2d90c7b6\russian nude bukkake sleeping titts .avi.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_1412267f4b3bb985\italian handjob sperm sleeping cock leather (Sylvia).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_c26c5b8280c6af34\hardcore several models titts .rar.exe | C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe
"C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe"
C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe
"C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe"
C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe
"C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 105.109.37.189.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.57.13.36.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.93.26.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 176.2.196.107.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.12.91.171.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 244.44.10.238.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 251.112.188.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.242.73.39.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 118.170.164.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.132.89.211.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.23.19.205.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 94.72.50.41.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 215.177.200.143.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 251.245.140.100.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 132.228.24.27.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 187.233.47.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 44.77.41.131.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 199.233.222.235.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.184.37.27.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.187.164.218.in-addr.arpa | udp |
Files
memory/2072-0-0x0000000000400000-0x000000000041E000-memory.dmp
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\danish kicking beast sleeping hole .avi.exe
| MD5 | 9f813cd0857f160453aab503c2f4d648 |
| SHA1 | 37772becc543c08a6e35a3e46e625d34e693b712 |
| SHA256 | 76c5df41e8608eb94f76df3ecc2d3697668ba95de30653c27b3e8fc386442f09 |
| SHA512 | 62b5207bc5b56cc274943362a5023913588c250d4416eeea73375446c65c758793ad6e28b0a5f88cb15d12ecea6193992021cc8b34a675bf96aefc39afbdd6e5 |
memory/2356-49-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2072-82-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1732-83-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2356-84-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2072-85-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2072-86-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1732-89-0x0000000001FD0000-0x0000000001FEE000-memory.dmp
memory/2072-91-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2072-94-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2072-107-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2072-110-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2072-113-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2072-116-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2072-121-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2072-124-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2072-127-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2072-130-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2072-133-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2072-142-0x0000000000400000-0x000000000041E000-memory.dmp