Analysis Overview
SHA256
341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661
Threat Level: Known bad
The file 341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661 was found to be: Known bad.
Malicious Activity Summary
UPX dump on OEP (original entry point)
UPX dump on OEP (original entry point)
Detects executables containing possible sandbox analysis VM usernames
Reads user/profile data of web browsers
UPX packed file
Checks computer location settings
Adds Run key to start application
Enumerates connected drives
Drops file in System32 directory
Drops file in Program Files directory
Drops file in Windows directory
Enumerates physical storage devices
Unsigned PE
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-07 19:58
Signatures
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-07 19:58
Reported
2024-04-07 20:00
Platform
win7-20240221-en
Max time kernel
150s
Max time network
146s
Command Line
Signatures
Detects executables containing possible sandbox analysis VM usernames
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\russian action trambling several models (Liz).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\beast [milf] ash .rar.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\horse [bangbus] cock hotel .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\tyrkish handjob gay [milf] titts latex (Liz).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\sperm hidden titts mature .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\shared\tyrkish fetish beast catfight titts 40+ (Karin).rar.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\italian horse lesbian [free] (Samantha).rar.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\brasilian horse xxx public granny .avi.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\shared\tyrkish cum trambling hidden feet black hairunshaved .avi.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Windows\System32\LogFiles\Fax\Incoming\brasilian horse xxx full movie titts .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Google\Update\Download\gay several models latex .avi.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\indian cumshot lesbian full movie .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\lingerie hot (!) (Janette).avi.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\indian porn sperm [milf] .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\lingerie girls lady (Sonja,Samantha).rar.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\microsoft shared\indian cum sperm uncut lady .zip.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Program Files\Windows Journal\Templates\swedish kicking lingerie uncut titts YEâPSè& .mpg.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\black fetish lingerie full movie circumcision .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\italian horse sperm [milf] .zip.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\danish porn gay big titts .rar.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Program Files\DVD Maker\Shared\danish horse lesbian sleeping titts blondie .rar.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\lesbian licking redhair .zip.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\hardcore full movie 50+ .zip.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Shared Gadgets\horse lingerie full movie hole sweet .avi.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\lesbian [milf] hole hotel .rar.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SoftwareDistribution\Download\italian kicking horse masturbation cock .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_bcc167434bb9b3ea\blowjob voyeur titts beautyfull .avi.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f25d066604c2ad34\tyrkish action lesbian [bangbus] titts young .avi.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_2e7f079c3208e549\chinese beast [free] titts sm .avi.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_it-it_18a6fde3093acac7\asian trambling [bangbus] hole circumcision (Sarah).rar.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\sperm [milf] 40+ .avi.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Windows\Downloaded Program Files\horse big hole castration .rar.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\Downloads\russian porn beast public ash (Jenna,Samantha).avi.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_39c9d74ef2ad6c7b\canadian lingerie girls bondage (Britney,Tatjana).rar.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_ddab3bcb3a4ffb45\norwegian hardcore full movie high heels .avi.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_664dbffec8693dfe\black gang bang beast [milf] ejaculation .rar.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\american handjob horse full movie 50+ .rar.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\tyrkish cum lingerie [milf] feet mature .zip.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0ac4ebfc358e5ec0\hardcore several models cock .rar.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_4d274741486b900c\black porn gay uncut beautyfull .zip.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8bc7919d3f36cee7\lingerie [milf] (Jade).rar.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_f0ca3430257ea13f\french fucking public ejaculation .avi.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_965db382b6fef5cb\fetish blowjob several models wifey .avi.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\norwegian lingerie [bangbus] ash (Kathrin,Melissa).mpg.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2fc4a33adb648f33\indian gang bang hardcore big glans traffic .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ac16749b75335680\brasilian action gay catfight cock .mpg.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_293ea1e3e6bc5364\african trambling catfight penetration .zip.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_657d9a203abeb154\malaysia xxx full movie stockings .zip.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_6.1.7600.16385_none_6377027f0030a06a\cum horse hidden balls .mpg.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Windows\PLA\Templates\sperm masturbation .mpg.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\danish handjob lesbian [free] latex .mpg.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\japanese fetish trambling masturbation glans bedroom .zip.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Windows\assembly\tmp\japanese beastiality xxx several models (Curtney).rar.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\russian beastiality fucking licking hole .zip.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_387a16fe7addf3b6\canadian lesbian masturbation 40+ .avi.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Windows\security\templates\tyrkish gang bang xxx hot (!) .mpg.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_7f84cd98a7a56fd8\african hardcore lesbian wifey .avi.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8bfc34b93f0fdd42\porn trambling voyeur balls .avi.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_05ea1d9b8e2bf020\asian beast full movie high heels .avi.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_515dc677700303ec\kicking fucking licking swallow .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\brasilian fetish sperm hidden cock leather (Janette).zip.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_en-us_00f45b041e1e8fd3\nude xxx sleeping bedroom .zip.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_es-es_00bfb7e81e458178\russian handjob blowjob several models beautyfull .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_34400a5790d1d336\canadian blowjob [free] .mpg.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_6.1.7600.16385_none_5499606faffb3f9f\british blowjob hidden boots (Sandy,Curtney).avi.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_39374e2435a71b47\blowjob masturbation high heels .avi.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_94828572f7ddbf0f\handjob hardcore full movie feet ìï (Curtney).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_095efe9c8261401e\nude blowjob full movie latex .mpg.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_d8216ed3d8746200\japanese porn lesbian several models gorgeoushorny .avi.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\japanese cum bukkake big pregnant .mpg.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\trambling voyeur sweet .rar.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_99b74194b7347cab\japanese action sperm hot (!) feet YEâPSè& (Curtney).zip.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\hardcore licking cock mature (Sarah).rar.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Windows\winsxs\InstallTemp\tyrkish beastiality trambling licking (Jade).mpg.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_6208b91f46896156\cum bukkake voyeur wifey .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_60a2cbbf935c42b4\cumshot lingerie sleeping .avi.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\american horse gay voyeur .zip.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8d9f242de8497d58\brasilian action gay lesbian titts .avi.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_f3c374fc18118ca2\cumshot sperm [bangbus] hole .avi.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05\german trambling licking .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_00225053e03f4c04\black nude bukkake licking wifey .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a3772de7111797da\danish gang bang horse public hairy .mpg.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_6.1.7600.16385_none_af6f98ff87b0e3cc\asian beast hot (!) fishy .avi.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_94ab98ac6d213009\bukkake masturbation gorgeoushorny .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ad7c61fb28607522\horse hidden hole mature (Liz).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_60c2504d62fd4f0e\nude lingerie girls hole sweet .mpg.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_dba3691c6002e10e\horse lesbian beautyfull .zip.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Windows\winsxs\Temp\bukkake masturbation .zip.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_dd18b2a07d49aa11\tyrkish action horse catfight .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe
"C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe"
C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe
"C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe"
C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe
"C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 177.183.253.47.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 139.219.238.49.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 159.215.14.21.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.253.137.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 37.227.97.253.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.134.127.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.99.191.121.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 213.204.28.135.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 243.52.36.48.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 223.135.236.33.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 199.208.27.39.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.17.189.240.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.16.69.208.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.201.31.211.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.14.127.237.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 54.117.69.164.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.14.121.182.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.106.109.73.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.146.187.120.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.184.186.235.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 126.232.203.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 96.44.236.161.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 139.130.84.225.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 159.47.86.120.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.192.45.212.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.13.124.86.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.148.183.107.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 179.72.76.27.in-addr.arpa | udp |
| US | 8.8.8.8:53 | udp |
Files
memory/2208-0-0x0000000000400000-0x000000000041E000-memory.dmp
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\lingerie girls lady (Sonja,Samantha).rar.exe
| MD5 | 7ec47b1511937e4ea7fe8123a07c6b4a |
| SHA1 | 0add8a6447116b60f2196fc2018c6be47c48ad45 |
| SHA256 | 3e2a28694b95322371e4a12160d834add10fc81a880dfc9f69fd4ae039c167bb |
| SHA512 | 3cd869e7822f0decc2bfbfa0791a58017d2eac9f8cb2bfea199b65b22515543d2c68406362ca12da53e79a995a3c04bc92961a9834b9e2be3a15b43dcad2bebf |
memory/2208-64-0x0000000004D20000-0x0000000004D3E000-memory.dmp
memory/2604-65-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2604-89-0x0000000004F10000-0x0000000004F2E000-memory.dmp
memory/856-90-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2208-94-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2604-103-0x0000000000400000-0x000000000041E000-memory.dmp
memory/856-104-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2208-105-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2208-108-0x0000000004D20000-0x0000000004D3E000-memory.dmp
memory/2604-109-0x0000000004F10000-0x0000000004F2E000-memory.dmp
memory/2208-110-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2208-113-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2208-116-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2208-121-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2208-124-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2208-127-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2208-130-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2208-133-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2208-136-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2208-139-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2208-142-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2208-145-0x0000000000400000-0x000000000041E000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-07 19:58
Reported
2024-04-07 20:00
Platform
win10v2004-20231215-en
Max time kernel
150s
Max time network
154s
Command Line
Signatures
Detects executables containing possible sandbox analysis VM usernames
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\IME\SHARED\swedish beastiality xxx hidden (Tatjana).avi.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Windows\System32\LogFiles\Fax\Incoming\american handjob hardcore voyeur .rar.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\gay [milf] (Janette).rar.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\SHARED\danish animal trambling [free] feet pregnant .zip.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\indian action blowjob hot (!) beautyfull .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\sperm hidden (Tatjana).rar.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\kicking horse uncut blondie (Sandy,Tatjana).mpg.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\italian cumshot gay public leather .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\lingerie voyeur .avi.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\danish beastiality trambling full movie .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\japanese action bukkake [free] stockings .avi.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\indian cumshot xxx [free] .rar.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\Microsoft Office\Updates\Download\horse masturbation mature .mpg.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\tyrkish cum horse girls (Samantha).avi.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\danish gang bang hardcore licking .zip.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\brasilian handjob horse voyeur titts shoes .zip.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\indian nude beast several models feet (Jenna,Janette).mpg.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\russian horse gay big traffic .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\black horse lesbian big .zip.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Microsoft Shared\lingerie [milf] upskirt .zip.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\black horse horse catfight (Curtney).avi.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\Download\american cum trambling several models titts .mpg.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Program Files\dotnet\shared\bukkake sleeping high heels .zip.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Templates\indian porn lesbian hot (!) hole .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Shared Gadgets\danish beastiality hardcore [free] hole ejaculation .mpg.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\blowjob several models hotel .avi.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\russian nude beast full movie 40+ .mpg.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\tyrkish action gay masturbation sweet .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\beast girls upskirt (Anniston,Jade).avi.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\danish animal beast masturbation fishy .mpg.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SystemResources\Windows.ShellCommon.SharedResources\horse [milf] feet .zip.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-a..gement-uevtemplates_31bf3856ad364e35_10.0.19041.1_none_0d66b54875835a49\black kicking sperm lesbian boots (Anniston,Sarah).rar.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_de-de_16bd831fd16633be\japanese cum fucking big blondie .rar.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_e79b400a6df5fd2c\horse voyeur .rar.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx4-uninstallsqlstatetemplate_sql_b03f5f7f11d50a3a_4.0.15805.0_none_db70a8ec1b999dd5\malaysia xxx big castration .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.928_none_33e0d5558cdd7c61\black animal horse lesbian ejaculation (Sandy,Tatjana).zip.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1202_none_d8a1416ab7cccdcf\malaysia lingerie big 50+ .rar.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_5af076e0a3cb0fa7\beastiality trambling voyeur feet blondie .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.746_none_96167fa49059f7a3\norwegian hardcore catfight beautyfull .mpg.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-u..tyvm-sysprep-shared_31bf3856ad364e35_10.0.19041.1_none_3ba048793ab5eb3f\horse trambling hidden titts balls .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..ces-ime-eashared-lm_31bf3856ad364e35_10.0.19041.1_none_4756d423b091d10b\norwegian bukkake voyeur (Melissa).rar.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_7860bee9439c3ae7\indian beastiality sperm catfight feet .avi.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_ab42fb092bda9182\german xxx public glans traffic (Sarah).rar.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Windows\WinSxS\Temp\italian kicking gay sleeping ejaculation .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.546_none_cd016aa683e5a345\chinese xxx [free] (Sylvia).zip.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1202_none_e2f5ebbcec2d8fca\horse [milf] .zip.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\indian beastiality beast [milf] .avi.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_adfc5e0bfca53431\fucking lesbian pregnant .rar.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_833abdc06c68d338\beastiality horse [free] .avi.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_9aa486d790131d4e\swedish animal sperm catfight feet circumcision .rar.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_62312bfbb33d478a\beast big blondie (Britney,Janette).rar.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_es-es_e5c3ad79c4e34ebb\animal sperm [milf] titts .zip.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_10.0.19041.1_none_03040a328f65b761\norwegian horse full movie .rar.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Windows\SoftwareDistribution\Download\SharedFileCache\tyrkish handjob blowjob uncut .rar.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.906_none_ef0e010d1381269b\russian porn horse girls .mpg.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_3058d81cfd5218f2\sperm public hole .zip.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_b597a55b603b537d\gay big feet .rar.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.867_en-us_49453482f1fb5356\cumshot fucking catfight (Karin).rar.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d38ece58f77171b4\trambling licking (Sylvia).avi.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_fd7349c396c417ae\cum blowjob licking high heels .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1_none_97e9c0335b4cd39a\german gay catfight latex .mpg.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_07787dd7ae0cf4f6\russian horse lesbian public cock upskirt .rar.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Windows\WinSxS\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_10.0.19041.1_none_15ba23b7f1e2b81b\african horse [free] .rar.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Windows\WinSxS\x86_netfx4-uninstallsqlstatetemplate_sql_b03f5f7f11d50a3a_4.0.15805.0_none_231ddfc33015c6db\porn beast hot (!) upskirt .avi.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\Downloads\fucking voyeur ash .zip.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_f07d4fae3e8e883f\british xxx voyeur .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_2fe79eae2833b9b1\german fucking [milf] (Liz).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.572_none_cf90e12518baac85\asian trambling sleeping (Jade).mpg.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1288_none_6115038ba57fcb33\italian gang bang gay full movie circumcision .mpg.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_5d54c0aac5c3c12c\cum sperm [milf] .rar.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1151_none_fbdc4c5f677dc2ec\indian kicking beast several models (Curtney).zip.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.1_none_c6da8048542fddc7\cum blowjob [free] feet .mpg.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx4-_dataoraclec.._shared12_neutral_h_b03f5f7f11d50a3a_4.0.15805.0_none_3b8d4dacc2ea6b71\danish cum blowjob hot (!) leather .zip.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Windows\WinSxS\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_10.0.19041.1_none_4ab14109a3e1e067\british hardcore several models (Liz).rar.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-sx-shared_31bf3856ad364e35_10.0.19041.1_none_f8e978b0ed48a6bb\african sperm lesbian (Tatjana).rar.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Windows\SystemResources\Windows.UI.ShellCommon\SharePickerUI\indian porn hardcore voyeur hotel .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1288_none_ca3007304990b2ea\cum blowjob full movie .zip.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_10.0.19041.1_none_ae957c4c35a7bf73\horse sperm full movie .mpg.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_10.0.19041.1_none_ee94ce5eb8e7e4c0\japanese nude beast big (Jade).rar.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.84_none_c494b3b28da10665\sperm uncut girly (Christine,Liz).rar.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx-shared_registry_whidbey_31bf3856ad364e35_10.0.19041.1_none_1c68775f06732f08\animal lesbian hot (!) feet hotel (Tatjana).avi.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\danish nude trambling full movie (Melissa).mpg.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedpc-sharedpccsp_31bf3856ad364e35_10.0.19041.746_none_4cfe603abbcbfd86\russian cum bukkake [milf] hole .rar.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_en-us_8dd6053a0a5910eb\indian animal trambling voyeur feet bondage .avi.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_2610450c30b37cc4\french horse sleeping fishy (Sonja,Curtney).rar.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..se-shared-datafiles_31bf3856ad364e35_10.0.19041.1_none_2f5f00d280dce9f6\sperm licking lady .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-m..ineshared.resources_31bf3856ad364e35_10.0.19041.1_en-us_a4327320c19e2fa7\gay [free] lady .rar.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Windows\WinSxS\msil_microsoft.powershel..filedownloadmanager_31bf3856ad364e35_10.0.19041.1_none_cb69bad627df9263\fucking hot (!) Ôï .mpg.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.746_none_b53f8b98f2b3a373\beastiality beast licking (Liz).mpg.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_621728fcd3c9d5f6\malaysia hardcore catfight traffic .zip.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.1_none_7862ecae0548fb54\gay big titts upskirt .zip.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-u..ell-sharedutilities_31bf3856ad364e35_10.0.19041.546_none_a93e4a2569276206\chinese lingerie voyeur glans blondie .rar.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_fad1fa0072ef4a3a\cum blowjob masturbation glans .avi.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.1266_none_7916f7558927ae23\gang bang sperm girls hole mistress .zip.exe | C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe
"C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe"
C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe
"C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe"
C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe
"C:\Users\Admin\AppData\Local\Temp\341b0c1ce9737a12d3ba6d935f3bf846febd62b1ac414f52a2e978769b54a661.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 178.223.142.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 159.113.53.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.251.225.49.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.118.77.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.250.129.83.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.74.25.15.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.223.10.168.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.66.174.189.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 208.229.243.231.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.77.181.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.247.100.65.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.113.9.211.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 165.24.162.183.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 39.156.4.240.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.205.47.224.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.213.102.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.87.120.238.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.49.65.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.115.124.244.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.123.200.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.113.111.48.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.176.61.253.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 124.5.189.116.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.91.113.124.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 246.228.188.86.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 201.235.6.129.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.68.149.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 126.65.52.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.188.35.241.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 176.61.27.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 239.64.54.253.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 215.12.110.175.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 244.173.21.226.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.68.214.110.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.94.143.78.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.149.189.159.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.134.4.73.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 44.120.44.123.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.252.243.214.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.94.124.53.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 135.111.45.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 222.112.247.243.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.240.194.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 165.8.247.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 37.78.141.120.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.44.218.42.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.183.201.171.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 61.123.156.26.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.49.113.186.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.226.225.187.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 139.254.20.131.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.1.112.244.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.186.128.211.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.125.219.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.232.213.131.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.136.100.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.105.70.138.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 231.247.41.114.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 220.20.39.193.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 185.201.196.1.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 245.184.96.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 166.253.163.53.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 39.66.81.36.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.105.209.32.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 242.162.55.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 236.179.217.213.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 148.77.93.101.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.51.157.193.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.15.144.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.202.98.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.80.238.237.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 204.76.233.187.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 127.235.90.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.11.178.21.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 116.122.6.203.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.252.205.6.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.110.170.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.225.179.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.115.174.208.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.86.210.233.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.161.104.26.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 255.132.72.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 109.56.189.127.in-addr.arpa | udp |
| US | 8.8.8.8:53 | udp |
Files
memory/3520-0-0x0000000000400000-0x000000000041E000-memory.dmp
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\danish animal beast masturbation fishy .mpg.exe
| MD5 | c48b91c1fed9495401110ee6feb23ddc |
| SHA1 | a1b9eb50ba1a696d2c9bd2ee97ac3954e06080d1 |
| SHA256 | 2c40663d2b6d297b5a4f1c216e541e0942b5fd34c3a5ec1857e850e310340a5f |
| SHA512 | 70b5acd50f16dd205e50f6ebe54bcc5193984e8dfd8d09e079aaf834ed91b057bd9c9072670b4c976bedc198dafae81eef92b7ccafdaa221c8300410f7c4436c |
memory/4804-156-0x0000000000400000-0x000000000041E000-memory.dmp
memory/3520-183-0x0000000000400000-0x000000000041E000-memory.dmp
memory/4652-184-0x0000000000400000-0x000000000041E000-memory.dmp
memory/3520-187-0x0000000000400000-0x000000000041E000-memory.dmp
memory/3520-191-0x0000000000400000-0x000000000041E000-memory.dmp
memory/3520-193-0x0000000000400000-0x000000000041E000-memory.dmp
memory/3520-202-0x0000000000400000-0x000000000041E000-memory.dmp
memory/3520-205-0x0000000000400000-0x000000000041E000-memory.dmp
memory/3520-209-0x0000000000400000-0x000000000041E000-memory.dmp
memory/3520-212-0x0000000000400000-0x000000000041E000-memory.dmp
memory/3520-215-0x0000000000400000-0x000000000041E000-memory.dmp
memory/3520-218-0x0000000000400000-0x000000000041E000-memory.dmp
memory/3520-221-0x0000000000400000-0x000000000041E000-memory.dmp
memory/3520-224-0x0000000000400000-0x000000000041E000-memory.dmp
memory/3520-227-0x0000000000400000-0x000000000041E000-memory.dmp
memory/3520-230-0x0000000000400000-0x000000000041E000-memory.dmp
memory/3520-233-0x0000000000400000-0x000000000041E000-memory.dmp