Analysis Overview
SHA256
33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4
Threat Level: Known bad
The file 33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4 was found to be: Known bad.
Malicious Activity Summary
UPX dump on OEP (original entry point)
UPX dump on OEP (original entry point)
Checks computer location settings
UPX packed file
Reads user/profile data of web browsers
Adds Run key to start application
Enumerates connected drives
Drops file in System32 directory
Drops file in Program Files directory
Drops file in Windows directory
Enumerates physical storage devices
Unsigned PE
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-07 19:57
Signatures
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-07 19:57
Reported
2024-04-07 20:00
Platform
win7-20240221-en
Max time kernel
150s
Max time network
158s
Command Line
Signatures
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\IME\shared\lingerie lesbian (Liz).avi.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\japanese cum lingerie voyeur YEâPSè& .mpg.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\american action horse public hole .zip.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\american cumshot beast hidden mistress (Jenna,Liz).rar.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\french trambling [milf] feet ejaculation .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\horse lesbian bedroom .mpg.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\indian beastiality blowjob masturbation Ôë (Gina,Melissa).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Windows\System32\LogFiles\Fax\Incoming\lingerie public (Janette).mpg.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\shared\american action bukkake hot (!) fishy (Ashley,Jade).avi.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\fucking masturbation titts penetration .mpg.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\Common Files\Microsoft Shared\danish handjob xxx full movie cock mistress .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\fucking sleeping .avi.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\bukkake hot (!) titts (Anniston,Curtney).mpg.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Program Files\DVD Maker\Shared\brasilian cum gay [milf] titts .zip.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Shared Gadgets\fucking [bangbus] hole .avi.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\Download\tyrkish action lingerie [milf] granny .zip.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\microsoft shared\trambling masturbation high heels .rar.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\american action hardcore licking mistress .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\lesbian catfight leather .mpg.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\japanese cumshot fucking sleeping black hairunshaved .zip.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\japanese porn hardcore hidden .mpg.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Program Files\Windows Journal\Templates\blowjob full movie cock (Sonja,Liz).mpg.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\japanese animal hardcore licking mistress .mpg.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\gay masturbation glans sm .avi.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\russian gang bang lingerie big balls (Sonja,Samantha).rar.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_6.1.7600.16385_none_af6f98ff87b0e3cc\lesbian voyeur redhair .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ac16749b75335680\danish nude trambling hidden .avi.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_6.1.7600.16385_none_2958d4a31d2ec64f\american cumshot beast big .zip.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_39374e2435a71b47\blowjob masturbation titts mature .zip.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_dd18b2a07d49aa11\handjob bukkake full movie glans .zip.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\swedish animal lesbian big feet sm .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_f27c4f066f5c6701\xxx lesbian penetration .mpg.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_293ea1e3e6bc5364\gay several models (Sylvia).avi.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5d9f7d70ed4643fd\cumshot beast lesbian (Tatjana).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8bc7919d3f36cee7\chinese sperm girls ash .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_c26c5b8280c6af34\american beastiality beast public bondage .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\japanese cum bukkake [bangbus] (Sarah).zip.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\danish fetish blowjob hot (!) sweet .rar.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_bcc167434bb9b3ea\african sperm catfight bondage .rar.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_94828572f7ddbf0f\italian kicking hardcore lesbian .avi.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8d9f242de8497d58\action blowjob several models titts .rar.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_657d9a203abeb154\horse girls (Curtney).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ea4a469ab7713182\asian sperm sleeping .zip.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a3772de7111797da\malaysia beast licking .zip.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_cd2006602e5ee22e\chinese blowjob uncut hotel (Sonja,Janette).mpg.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5d6ada54ed6d35a2\cumshot fucking sleeping castration .zip.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_9498b282333b64ec\american porn hardcore uncut sweet .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Windows\winsxs\InstallTemp\bukkake [milf] circumcision (Ashley,Liz).avi.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Windows\winsxs\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_79642285ffd2a388\african hardcore big swallow (Christine,Curtney).mpg.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\indian animal hardcore sleeping YEâPSè& (Sonja,Liz).avi.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_6.1.7600.16385_none_49dd84a06c7c8863\gang bang gay masturbation feet .rar.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_aedaf3947d09fbe5\norwegian beast hidden black hairunshaved .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_515dc677700303ec\handjob gay several models feet traffic (Sarah).avi.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_34400a5790d1d336\tyrkish nude xxx uncut .zip.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_39c9d74ef2ad6c7b\hardcore hot (!) glans femdom .avi.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_f0ca3430257ea13f\swedish cumshot bukkake lesbian feet pregnant (Tatjana).zip.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_387a16fe7addf3b6\british fucking catfight glans .zip.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Windows\mssrv.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0835101f2d90c7b6\canadian fucking hidden redhair .zip.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_94ab98ac6d213009\tyrkish fetish lingerie [bangbus] (Jade).avi.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e30b5ec05031d17d\fucking masturbation redhair .mpg.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_ddab3bcb3a4ffb45\brasilian action gay hidden .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_5e4ff1f4cf2dee9b\american handjob gay sleeping hole .avi.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\indian cumshot hardcore hot (!) titts .mpg.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05\brasilian cum lesbian public (Melissa).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_d81c96999f75bd77\chinese gay catfight mistress (Sonja,Jade).mpg.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_de-de_5803850b2f40840e\gang bang fucking big feet traffic .zip.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-m..-temptable-provider_31bf3856ad364e35_6.1.7600.16385_none_1dd3ce8d1e7524cd\danish cum beast [bangbus] girly (Britney,Sylvia).zip.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0ac4ebfc358e5ec0\japanese animal blowjob [free] glans boots .zip.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_60c2504d62fd4f0e\malaysia trambling lesbian titts .mpg.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_f3c374fc18118ca2\fucking voyeur glans pregnant .mpg.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_664dbffec8693dfe\russian porn bukkake public cock ash (Sarah).mpg.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\indian nude lesbian masturbation upskirt .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_97a45841ff925aa0\nude horse lesbian bondage .rar.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_095efe9c8261401e\animal horse [bangbus] beautyfull .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\italian horse xxx catfight feet swallow (Karin).zip.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\horse [free] blondie (Kathrin,Curtney).mpg.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_4fe2107fd06efdd8\chinese bukkake catfight black hairunshaved .mpg.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_6.1.7600.16385_none_5499606faffb3f9f\animal trambling uncut black hairunshaved .rar.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Windows\winsxs\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_6b16fa9f975e1109\norwegian fucking hot (!) ìï .zip.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\Downloads\sperm [milf] cock pregnant (Janette).avi.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_16a2bb1dbab1c595\animal lingerie masturbation titts blondie (Curtney).mpg.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_965db382b6fef5cb\black porn gay catfight femdom (Ashley,Curtney).avi.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0af98f1835676d1b\spanish hardcore several models YEâPSè& .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_05ea1d9b8e2bf020\gang bang fucking licking .zip.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_4d274741486b900c\horse lingerie full movie pregnant .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\russian fetish hardcore hidden hairy .rar.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f25d066604c2ad34\sperm voyeur ash .avi.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_00225053e03f4c04\russian animal hardcore lesbian (Sylvia).rar.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe
"C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe"
C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe
"C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe"
C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe
"C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe"
C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe
"C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 252.242.141.188.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 153.93.157.195.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.74.255.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 45.240.12.43.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.239.30.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.213.27.195.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 54.40.104.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.9.205.101.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.196.111.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.86.241.1.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.183.248.167.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 114.50.41.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.169.193.144.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.34.220.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 174.174.130.165.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.156.206.252.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 111.45.191.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 174.207.159.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.242.149.7.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 94.115.202.148.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.177.210.101.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.13.129.162.in-addr.arpa | udp |
Files
memory/2816-0-0x0000000000400000-0x000000000041E000-memory.dmp
C:\Program Files\Windows Sidebar\Shared Gadgets\fucking [bangbus] hole .avi.exe
| MD5 | e365511adbd4b7eed7ee96e00546a5da |
| SHA1 | e8e247a8eef17b666373b5b27292f0a5e07dac89 |
| SHA256 | 377d60a44df50106c11148ed62cf592d44f8026ad6096401a852f2f7dfc1a541 |
| SHA512 | d4f7c27fc55f94a9e215af22cbfd8c207c37b963b2ea9bdf24d20ba660ee8c0459d61e86b62f331245414712ba0bbfc8c7fb9b3a4bc31139a613a6120944322b |
memory/2816-16-0x0000000004DC0000-0x0000000004DDE000-memory.dmp
memory/2676-17-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2816-60-0x0000000005700000-0x000000000571E000-memory.dmp
memory/2676-61-0x0000000004460000-0x000000000447E000-memory.dmp
memory/2512-62-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2488-63-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2816-96-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2816-99-0x0000000004DC0000-0x0000000004DDE000-memory.dmp
memory/2676-100-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2816-101-0x0000000005700000-0x000000000571E000-memory.dmp
memory/2676-102-0x0000000004460000-0x000000000447E000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-07 19:57
Reported
2024-04-07 20:00
Platform
win10v2004-20240226-en
Max time kernel
148s
Max time network
151s
Command Line
Signatures
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\config\systemprofile\beast hardcore catfight .avi.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\cumshot [free] ash .mpg.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Windows\System32\LogFiles\Fax\Incoming\lesbian lesbian [milf] hairy (Sarah,Sandy).mpg.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\SHARED\beast handjob voyeur (Ashley).rar.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\fucking big mistress (Ashley,Samantha).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\SHARED\fetish licking vagina traffic (Jenna,Melissa).rar.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\trambling cumshot sleeping .zip.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\tyrkish porn fetish catfight sm .zip.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\black xxx masturbation sm (Tatjana,Gina).mpg.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\cumshot beast hot (!) glans Ôï .rar.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\horse full movie .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\african fucking several models titts .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\Windows Sidebar\Shared Gadgets\beastiality lesbian nipples granny .avi.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\german xxx beastiality [milf] boots .avi.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\horse public fishy (Sarah,Christine).avi.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Program Files\dotnet\shared\norwegian fetish lesbian .mpg.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Templates\brasilian sperm gay girls .zip.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\black action cumshot full movie legs fishy .mpg.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Program Files\Microsoft Office\Updates\Download\xxx cumshot several models beautyfull .rar.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\tyrkish xxx public wifey .avi.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\brasilian lesbian fucking masturbation .mpg.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Microsoft Shared\french xxx catfight glans .rar.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\fucking xxx big sweet .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\Download\brasilian blowjob cumshot licking upskirt .mpg.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\british fucking big swallow .rar.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\asian nude full movie mature .zip.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\lesbian lesbian licking (Kathrin).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\norwegian beast blowjob hot (!) (Ashley).avi.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\italian lingerie hardcore uncut black hairunshaved .avi.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\gang bang horse [free] titts ash .mpg.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\Downloaded Program Files\norwegian animal gay sleeping penetration .zip.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\beast porn several models glans stockings .avi.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_es-es_bf79b5fcc06b3128\xxx animal lesbian wifey .zip.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-w..acejoin-gptemplates_31bf3856ad364e35_10.0.19041.1_none_609f27436445f4da\canadian sperm hot (!) ejaculation (Sarah,Anniston).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_de-de_e4e52f411b7b0526\american horse masturbation hole black hairunshaved (Anniston).avi.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx4-_dataperfcou.._shared12_neutral_h_b03f5f7f11d50a3a_4.0.15805.0_none_24ed4511dcc3019e\canadian trambling [milf] (Britney).zip.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_it-it_56adcc94becfef03\british blowjob kicking masturbation traffic (Janette,Melissa).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Windows\WinSxS\x86_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_10.0.19041.1_none_34e3bab50607a64b\swedish porn horse [bangbus] blondie .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\cum xxx public sm .mpg.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_it-it_bdb6c49fcea35732\african kicking uncut titts (Sandy).avi.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1_none_0b596e2a33be7d4c\brasilian gang bang [free] ejaculation .zip.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-security-ntlmshared_31bf3856ad364e35_10.0.19041.1_none_734900fc110387b6\french kicking [milf] .rar.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_215194e2327a46ac\french beastiality beast catfight ejaculation .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_ee7ea14f7d8a3ee3\chinese xxx lesbian boobs young (Jenna,Kathrin).mpg.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_10.0.19041.1_none_a3d9a07cf2290837\indian hardcore masturbation .zip.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.1_none_4a03fd12cb3f16c2\gang bang hidden circumcision .mpg.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\hardcore masturbation mistress (Karin,Janette).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_211cf1c632a13851\porn [free] hairy .mpg.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..se-shared-datafiles_31bf3856ad364e35_10.0.19041.1_none_2f5f00d280dce9f6\asian lesbian animal [bangbus] high heels .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_fe0807c37141be7a\xxx voyeur .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\danish xxx cum catfight cock upskirt .rar.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.1_none_abfc9db6c377b91f\indian kicking kicking girls (Janette,Liz).zip.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_en-us_64f5aaf4bb13ecef\african cum hardcore several models (Curtney,Sonja).rar.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedrealitysvc_31bf3856ad364e35_10.0.19041.1_none_5a23b464e1e0b15e\brasilian handjob uncut circumcision (Anniston).rar.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_2426cc56d654beaa\beast uncut ash .avi.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1288_none_6115038ba57fcb33\action lesbian (Gina,Sonja).avi.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_ab42fb092bda9182\danish porn [bangbus] .zip.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_1bbb9ab9fc52bac9\canadian beast fetish lesbian boobs (Sonja).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.1266_none_7916f7558927ae23\japanese fetish licking young .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Windows\WinSxS\x86_netfx4-installsqlstatetemplate_sql_b03f5f7f11d50a3a_4.0.15805.0_none_bde408a455fc3ece\fetish horse [free] traffic .zip.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.1_none_0bc0f3d4cd7dc8fd\beast uncut leather .mpg.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-update-upshared_31bf3856ad364e35_10.0.19041.84_none_85259eff919b7c9e\brasilian kicking girls (Sylvia,Sonja).mpg.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_19d22204a1f3fcaf\nude horse lesbian .mpg.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-t..ervices-tsfairshare_31bf3856ad364e35_10.0.19041.1_none_e32b64807ab11fd2\bukkake lesbian [free] hairy (Anniston,Britney).rar.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1_none_3cfd44d351b1a8ab\black bukkake catfight .zip.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..ces-ime-eashared-lm_31bf3856ad364e35_10.0.19041.1_none_4756d423b091d10b\asian horse licking (Gina).rar.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_10.0.19041.1_none_bd731e5b85dd203e\kicking big (Sarah).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_10.0.19041.1_none_ae957c4c35a7bf73\german blowjob nude full movie black hairunshaved .avi.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx-shared_registry_whidbey_31bf3856ad364e35_10.0.19041.1_none_1c68775f06732f08\norwegian fucking kicking [bangbus] (Sonja).zip.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_56cd15352969a8d0\indian blowjob hidden glans pregnant .rar.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_es-es_30d7585a049f5b52\horse action masturbation wifey .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.964_none_1c1a193f5bfcf136\brasilian fucking nude uncut .zip.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-m..ineshared.resources_31bf3856ad364e35_10.0.19041.1_en-us_99ddc8ce8d3d6dac\japanese sperm [free] .mpg.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Windows\WinSxS\x86_microsoft-windows-m..-temptable-provider_31bf3856ad364e35_10.0.19041.1_none_77cfea69a421a4a1\action xxx big .mpg.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_b1ffa0e7b4ed03e2\nude big .avi.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_es-es_64c107d8bb3ade94\spanish animal masturbation feet circumcision (Britney).avi.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Windows\SoftwareDistribution\Download\SharedFileCache\brasilian handjob sleeping high heels .avi.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_it-it_f1a0741e853eda74\kicking xxx masturbation cock upskirt .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_6c6bd34f082a97f1\lingerie hardcore several models redhair (Sandy).rar.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_10.0.19041.1_none_0341fea186758116\spanish trambling masturbation cock .mpg.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_ca03036af4a5017e\black cum sleeping feet (Sonja).zip.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-security-ntlmshared_31bf3856ad364e35_10.0.19041.1_none_7d9dab4e456449b1\malaysia trambling animal [bangbus] ejaculation .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\Downloads\norwegian gang bang lingerie big ash .zip.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-a..gement-uevtemplates_31bf3856ad364e35_10.0.19041.1_none_0d66b54875835a49\porn catfight .zip.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.867_none_c29826784f9429f8\american blowjob lesbian penetration .mpg.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-u..ell-sharedutilities_31bf3856ad364e35_10.0.19041.1_none_813610a8a9b59e0a\sperm fetish girls hotel .avi.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx4-installsqlstatetemplate_sql_b03f5f7f11d50a3a_4.0.15805.0_none_7636d1cd418015c8\action nude lesbian hole .mpg.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx4-_dataoraclec.._shared12_neutral_h_b03f5f7f11d50a3a_4.0.15805.0_none_3b8d4dacc2ea6b71\gang bang animal licking stockings (Samantha,Sonja).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_b597a55b603b537d\spanish sperm gang bang public .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\cum [free] (Janette).rar.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_62312bfbb33d478a\hardcore hardcore hidden ejaculation (Sonja,Sonja).zip.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.153_none_e23c926e32d07dc1\spanish porn gay uncut sm (Ashley).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedrealitysvc_31bf3856ad364e35_10.0.19041.746_none_822bf1ada1526fa8\chinese hardcore cum hidden blondie (Sarah).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_8d8f6812a0c99533\swedish action beast [bangbus] mistress .avi.exe | C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe
"C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe"
C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe
"C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe"
C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe
"C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe"
C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe
"C:\Users\Admin\AppData\Local\Temp\33cfb7c9c00d219166b7c1688d5711667fa618960132723813876fc2293ca6d4.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.118.77.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.45.87.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.42.139.90.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 235.183.150.191.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.219.31.83.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.151.23.246.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 166.37.22.220.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.239.163.58.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.151.240.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.32.7.241.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.57.7.98.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.150.216.236.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.184.187.213.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.235.195.250.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 186.200.34.156.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 112.231.174.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 184.8.25.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.84.5.243.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.206.36.148.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 246.4.57.53.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 120.134.38.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 125.42.189.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 211.93.232.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.126.123.59.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 45.25.35.55.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.69.210.75.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.24.247.30.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 47.127.173.127.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.249.12.186.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 248.100.152.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 102.190.189.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 243.21.22.223.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 102.195.185.206.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.240.195.27.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.175.79.38.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 62.89.84.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.102.249.72.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.89.94.137.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.66.149.102.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.153.56.57.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.64.57.129.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 120.42.135.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.92.84.211.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 182.124.171.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.206.98.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.79.63.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 115.159.5.47.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 231.243.70.148.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.225.181.55.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 219.56.183.1.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.96.241.125.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.143.255.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 166.255.224.133.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.116.91.146.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.46.162.28.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.173.42.148.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.213.173.56.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.109.82.98.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.113.246.240.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.171.56.227.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 139.186.133.212.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.20.246.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.239.183.245.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.175.8.227.in-addr.arpa | udp |
Files
memory/3480-0-0x0000000000400000-0x000000000041E000-memory.dmp
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\brasilian lesbian fucking masturbation .mpg.exe
| MD5 | a8ab3a9270f56c5d28502be8b3c31332 |
| SHA1 | 97fcfa3d209a93a4e9091522c4b7ebfcc29c77d7 |
| SHA256 | 6bfc2428501711875acbd887b986d3ce22d9c6eaf89228f947408b26a4920f23 |
| SHA512 | 42255e76a39e42e5c9c54e9cf7031f8cbba543eb44a4728ddd0430ae7bc3d45bcbc589227eddde06d3dc36f5d8d788d2bcc02099d7f600a4e0a7f4625ac7e5c1 |
memory/4376-57-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2984-157-0x0000000000400000-0x000000000041E000-memory.dmp
memory/3156-158-0x0000000000400000-0x000000000041E000-memory.dmp
memory/3480-188-0x0000000000400000-0x000000000041E000-memory.dmp
memory/4376-193-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2984-194-0x0000000000400000-0x000000000041E000-memory.dmp
memory/3156-195-0x0000000000400000-0x000000000041E000-memory.dmp
C:\debug.txt
| MD5 | 6ae2bef8f6aa6ba58dc44aaa60df5a0f |
| SHA1 | 2719a5ac786fa0e27580ce7e192cdfc9ed10102a |
| SHA256 | 9a4127086ea21f9498466058686dd8795fcc647f6af330dae28d892467e69158 |
| SHA512 | 5521c5baffe2887fe65b18974f2e22673be4452e3e9f00a295a967ff208cb785ef99a7ebf87ac4475ddfa002fa75db5e2090b973f43c528e61644f6a20c6dcf1 |