Analysis Overview
SHA256
362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11
Threat Level: Known bad
The file 362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11 was found to be: Known bad.
Malicious Activity Summary
UPX dump on OEP (original entry point)
Detects executables containing possible sandbox analysis VM usernames
UPX dump on OEP (original entry point)
Reads user/profile data of web browsers
Checks computer location settings
UPX packed file
Adds Run key to start application
Enumerates connected drives
Drops file in System32 directory
Drops file in Program Files directory
Drops file in Windows directory
Enumerates physical storage devices
Unsigned PE
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-07 20:02
Signatures
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-07 20:02
Reported
2024-04-07 20:04
Platform
win7-20231129-en
Max time kernel
150s
Max time network
147s
Command Line
Signatures
Detects executables containing possible sandbox analysis VM usernames
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\System32\DriverStore\Temp\brasilian lingerie catfight nipples wifey (Jenna,Jenna).mpg.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\shared\italian handjob hot (!) latex (Melissa).mpg.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Windows\System32\LogFiles\Fax\Incoming\beast [free] mature (Jade).mpg.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\canadian bukkake sleeping Ôë .rar.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\african nude catfight vagina hotel .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\nude hot (!) .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\shared\gang bang animal sleeping .rar.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\indian kicking girls balls .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\danish horse lesbian hole .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\hardcore hot (!) .mpg.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Google\Temp\blowjob trambling [free] .mpg.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\swedish fucking fetish full movie .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\asian horse masturbation mature .zip.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\microsoft shared\spanish gang bang full movie femdom .avi.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\Download\gang bang lesbian .avi.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\fucking lesbian uncut .rar.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\gay handjob [free] boobs pregnant .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Shared Gadgets\kicking full movie cock .avi.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\canadian handjob lesbian legs hotel .rar.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\african trambling girls (Jenna).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\american gang bang [milf] .rar.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\canadian nude nude girls pregnant .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Program Files\Windows Journal\Templates\bukkake big titts hairy (Curtney,Britney).zip.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\blowjob uncut sm (Sonja).zip.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Program Files\DVD Maker\Shared\fetish hardcore [milf] .mpg.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_3b85bcbe4734e96a\russian horse [free] girly .rar.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_c26c5b8280c6af34\norwegian lesbian girls girly .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_60c2504d62fd4f0e\hardcore several models wifey (Sandy).avi.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_f0ca3430257ea13f\indian nude several models beautyfull .mpg.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\gang bang lesbian ash girly (Ashley).mpg.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8c6fc5a7aa8c435d\chinese action fetish catfight .rar.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_6f0f7833cb71e18d\indian xxx [bangbus] feet mistress .mpg.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_1412267f4b3bb985\danish kicking handjob [bangbus] hole sweet .zip.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_6.1.7600.16385_none_a727eb798dcfb185\african cum [free] redhair (Britney,Kathrin).rar.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\swedish hardcore catfight penetration .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_97a45841ff925aa0\gay licking bondage (Sonja).mpg.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_5e4ff1f4cf2dee9b\animal blowjob girls balls .avi.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_00225053e03f4c04\russian beast big mistress (Britney,Janette).zip.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e30b5ec05031d17d\nude hardcore several models cock granny .avi.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_f27c4f066f5c6701\spanish fetish xxx [milf] penetration .avi.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a3772de7111797da\danish xxx uncut titts ash .mpg.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_f3c374fc18118ca2\action bukkake masturbation feet 50+ .rar.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b4aea777fe683838\british lingerie full movie .rar.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_94828572f7ddbf0f\bukkake big circumcision .mpg.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_6.1.7600.16385_none_49dd84a06c7c8863\asian cum [milf] (Sylvia).rar.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\nude cum [bangbus] boots (Jade,Samantha).zip.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\malaysia nude lingerie catfight redhair (Sandy).rar.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_657d9a203abeb154\russian lesbian trambling uncut cock ejaculation .avi.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\british cum public .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05\kicking catfight wifey .mpg.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_d81c96999f75bd77\german xxx beast [milf] .avi.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0af98f1835676d1b\indian beastiality public bedroom .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_cd2006602e5ee22e\brasilian cumshot sleeping .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ac16749b75335680\danish lesbian blowjob big .avi.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_4d274741486b900c\japanese xxx porn [bangbus] (Jade,Tatjana).rar.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\african gay several models boobs beautyfull .mpg.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Windows\SoftwareDistribution\Download\danish hardcore public .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_65b23d3c3a97bfaf\canadian beastiality horse girls .rar.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_de-de_5803850b2f40840e\norwegian gay several models .zip.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\Downloads\cumshot action masturbation .mpg.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_05ea1d9b8e2bf020\cumshot xxx [bangbus] legs .rar.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\tyrkish lesbian several models sweet (Kathrin,Karin).mpg.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8d9f242de8497d58\chinese nude kicking full movie swallow .mpg.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_6.1.7600.16385_none_6377027f0030a06a\african hardcore lingerie uncut 50+ (Sandy,Gina).avi.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_9498b282333b64ec\hardcore lesbian boobs young (Sarah).avi.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_664dbffec8693dfe\danish sperm [bangbus] sm .rar.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\malaysia animal [milf] glans 40+ .avi.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Windows\assembly\temp\norwegian lingerie porn lesbian .mpg.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Windows\assembly\tmp\kicking big 50+ .zip.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_dba3691c6002e10e\asian lesbian fucking lesbian cock sm .zip.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_a945e2c500c90142\german animal bukkake licking legs .avi.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_b7f38afb92de484f\german sperm fetish hidden (Jade).mpg.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\cum [milf] .avi.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_7f84cd98a7a56fd8\british lingerie hidden (Curtney).avi.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\italian beastiality [bangbus] .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_16a2bb1dbab1c595\african xxx fetish girls circumcision (Sonja).mpg.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_94ab98ac6d213009\beastiality [milf] ash stockings .mpg.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f25d066604c2ad34\british action trambling full movie swallow .mpg.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_4fe2107fd06efdd8\asian action several models wifey .zip.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_34400a5790d1d336\bukkake voyeur boobs (Samantha,Christine).zip.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8bc7919d3f36cee7\tyrkish lesbian horse girls ash .rar.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_965db382b6fef5cb\french action big legs high heels (Jade,Jade).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Windows\Downloaded Program Files\trambling trambling lesbian .zip.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\blowjob several models .zip.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\chinese hardcore girls glans .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\Downloads\spanish bukkake xxx [bangbus] 50+ .rar.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5d6ada54ed6d35a2\brasilian lesbian girls sm .zip.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ea4a469ab7713182\american nude [free] feet upskirt .zip.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_39374e2435a71b47\beastiality lingerie public nipples (Curtney).zip.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe
"C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe"
C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe
"C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe"
C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe
"C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 138.85.51.102.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.170.1.11.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.46.74.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 204.144.40.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.41.55.77.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.139.89.114.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.183.230.171.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 179.91.234.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.10.12.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 63.133.208.229.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 188.132.163.12.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 176.207.111.246.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 142.177.1.100.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.253.28.186.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.190.216.170.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.163.54.207.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.70.235.181.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.94.157.62.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 188.102.63.86.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.227.236.102.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.238.208.232.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.168.146.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.81.91.100.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 139.123.73.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 250.46.168.168.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 215.210.140.129.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.44.38.97.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.215.111.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.5.215.205.in-addr.arpa | udp |
Files
memory/2360-0-0x0000000000400000-0x000000000041D000-memory.dmp
C:\Program Files\Windows Sidebar\Shared Gadgets\kicking full movie cock .avi.exe
| MD5 | 5b224cde16c716edaf997af959509cbd |
| SHA1 | 229f9a43a80c881a7904dc5dabd5d3549f79a833 |
| SHA256 | a3a47ddf8cef41a15b30475112e710cf218a412505eb34888e1ce406670617c5 |
| SHA512 | ff5d108a5635525393554b032ba6441d857576a17c819cdd47ab1dacfd11767eb49e6d3a2d185745ac70ea547cba0513320c615190b0e2b4ca7b18527df73297 |
memory/2360-65-0x0000000004BD0000-0x0000000004BED000-memory.dmp
memory/2472-66-0x0000000000400000-0x000000000041D000-memory.dmp
memory/2472-89-0x0000000001E10000-0x0000000001E2D000-memory.dmp
memory/636-90-0x0000000000400000-0x000000000041D000-memory.dmp
memory/2360-92-0x0000000000400000-0x000000000041D000-memory.dmp
C:\debug.txt
| MD5 | c8424149653e4b81765d557f6c878677 |
| SHA1 | 42da4739e16e6c74116d9a00e09b2c63628d89de |
| SHA256 | 5dd4e1efd60fb379ba8d1fe4a858ba0f51c612410f2525224e7b4f1d550b1b85 |
| SHA512 | 54f2b70ed8f17b85b26d1667ba4c7f6f9a24ab162d61c19a4d5b13bf16972717f7cb0feed5e7377b7ce54fce604d214602d4f37599ab798694b8d16ea1ca8e6b |
memory/636-104-0x0000000000400000-0x000000000041D000-memory.dmp
memory/2360-106-0x0000000000400000-0x000000000041D000-memory.dmp
memory/2360-105-0x0000000000400000-0x000000000041D000-memory.dmp
memory/2360-108-0x0000000004BD0000-0x0000000004BED000-memory.dmp
memory/2472-110-0x0000000001E10000-0x0000000001E2D000-memory.dmp
memory/2360-111-0x0000000000400000-0x000000000041D000-memory.dmp
memory/2360-114-0x0000000000400000-0x000000000041D000-memory.dmp
memory/2360-117-0x0000000000400000-0x000000000041D000-memory.dmp
memory/2360-122-0x0000000000400000-0x000000000041D000-memory.dmp
memory/2360-125-0x0000000000400000-0x000000000041D000-memory.dmp
memory/2360-128-0x0000000000400000-0x000000000041D000-memory.dmp
memory/2360-131-0x0000000000400000-0x000000000041D000-memory.dmp
memory/2360-134-0x0000000000400000-0x000000000041D000-memory.dmp
memory/2360-137-0x0000000000400000-0x000000000041D000-memory.dmp
memory/2360-140-0x0000000000400000-0x000000000041D000-memory.dmp
memory/2360-143-0x0000000000400000-0x000000000041D000-memory.dmp
memory/2360-146-0x0000000000400000-0x000000000041D000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-07 20:02
Reported
2024-04-07 20:04
Platform
win10v2004-20240226-en
Max time kernel
150s
Max time network
155s
Command Line
Signatures
Detects executables containing possible sandbox analysis VM usernames
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\IME\SHARED\norwegian horse [milf] mature .avi.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\japanese beastiality blowjob full movie upskirt .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\black handjob porn [free] boots .mpg.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\animal hot (!) hotel .rar.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\japanese xxx hidden latex .mpg.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\indian gang bang [bangbus] 40+ (Kathrin).zip.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\canadian fetish animal hidden YEâPSè& .zip.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\spanish handjob several models .rar.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\german action several models boobs bondage .mpg.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Windows\System32\LogFiles\Fax\Incoming\handjob gang bang public .rar.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\animal public mistress .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\SHARED\asian beast lesbian [milf] .avi.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\blowjob sleeping vagina redhair .avi.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\swedish nude fucking sleeping 40+ .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\american animal horse full movie latex (Sandy,Curtney).zip.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\italian action girls (Jenna).mpg.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Templates\indian nude gang bang [bangbus] glans .rar.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\german beastiality fetish [free] .zip.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\norwegian xxx hot (!) (Jade).zip.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\chinese hardcore blowjob [free] boobs .avi.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\sperm sleeping femdom .rar.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Program Files\dotnet\shared\italian cumshot blowjob licking feet sweet .avi.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\sperm masturbation .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Shared Gadgets\black horse voyeur feet .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\american porn horse licking .rar.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\danish cumshot beast hidden boobs .zip.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Microsoft Shared\french horse public upskirt (Liz,Kathrin).avi.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\Download\german cum fucking girls feet .rar.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\handjob catfight latex (Sarah,Sarah).zip.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Program Files\Microsoft Office\Updates\Download\kicking fucking hidden beautyfull (Gina,Janette).mpg.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.789_en-us_58ebf9ecc407e3c0\german handjob [milf] 50+ (Anniston).zip.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_10.0.19041.1_none_4ac6500cab2b2113\malaysia cumshot masturbation granny .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Windows\WinSxS\Temp\american animal action several models titts 40+ .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.1_none_b6514808f7d87b1a\gang bang girls beautyfull .zip.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_6c85d64de79e0985\chinese xxx catfight ash .mpg.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_it-it_56adcc94becfef03\hardcore hidden shoes .zip.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_9aa486d790131d4e\asian nude xxx licking (Jenna).mpg.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_89c0bf1761110f07\british fetish cum hot (!) .zip.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\british fetish lesbian licking redhair .avi.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_it-it_72a319bf8ee74a9b\beast [milf] (Sandy).mpg.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_f3b35d713ce0fc7f\japanese fetish blowjob girls shower .avi.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_887b2378b7b5651d\brasilian lingerie hot (!) .avi.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-m..ineshared.resources_31bf3856ad364e35_10.0.19041.1_en-us_a4327320c19e2fa7\sperm gay lesbian penetration .mpg.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-u..ell-sharedutilities_31bf3856ad364e35_10.0.19041.546_none_a93e4a2569276206\british hardcore uncut mistress .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1202_none_e2f5ebbcec2d8fca\african horse masturbation ash .zip.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Windows\WinSxS\x86_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_10.0.19041.1_none_34e3bab50607a64b\indian handjob several models fishy .mpg.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\british lingerie horse full movie pregnant (Jade).mpg.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Windows\security\templates\spanish sperm sleeping (Sonja,Sonja).mpg.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_de-de_16bd831fd16633be\horse xxx girls (Ashley,Sonja).mpg.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_10.0.19041.1_none_ee94ce5eb8e7e4c0\american gay voyeur young .mpg.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_en-us_8dd6053a0a5910eb\tyrkish nude several models lady .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx4-uninstallsqlstatetemplate_sql_b03f5f7f11d50a3a_4.0.15805.0_none_db70a8ec1b999dd5\british lesbian sleeping cock stockings .mpg.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_d58d4747b1d5988c\malaysia handjob hidden bedroom (Sylvia,Gina).mpg.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Windows\assembly\temp\american gay porn hidden vagina (Sonja).avi.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Windows\SystemResources\Windows.UI.ShellCommon\SharePickerUI\lesbian uncut vagina .rar.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_cb389cf57d74d691\danish fucking several models leather (Melissa).zip.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_2fe79eae2833b9b1\kicking girls (Janette,Janette).avi.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Windows\mssrv.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx4-_dataperfcou.._shared12_neutral_h_b03f5f7f11d50a3a_4.0.15805.0_none_24ed4511dcc3019e\american gang bang licking .rar.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Windows\WinSxS\x86_netfx4-uninstallsqlstatetemplate_sql_b03f5f7f11d50a3a_4.0.15805.0_none_231ddfc33015c6db\asian xxx gang bang masturbation .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_ca03036af4a5017e\cum masturbation balls .zip.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\russian cum catfight (Jade).mpg.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-u..tyvm-sysprep-shared_31bf3856ad364e35_10.0.19041.1_none_3ba048793ab5eb3f\asian gang bang several models circumcision .rar.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx-shared_registry_whidbey_31bf3856ad364e35_10.0.19041.1_none_1c68775f06732f08\german beastiality hidden redhair (Sarah,Curtney).avi.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Windows\WinSxS\msil_microsoft.powershel..filedownloadmanager_31bf3856ad364e35_10.0.19041.1_none_cb69bad627df9263\porn licking .zip.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_es-es_c9ce604ef4cbf323\british horse sperm uncut ejaculation .avi.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.964_none_1c1a193f5bfcf136\japanese sperm hot (!) .zip.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1_none_97e9c0335b4cd39a\black horse masturbation blondie .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx-aspnet-nonwow64-shared_b03f5f7f11d50a3a_4.0.19041.1_none_d66d07dacac85e2d\norwegian horse bukkake uncut glans pregnant (Kathrin).rar.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx4-_dataoraclec.._shared12_neutral_h_b03f5f7f11d50a3a_4.0.15805.0_none_3b8d4dacc2ea6b71\beast hardcore public ash wifey .avi.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_7860bee9439c3ae7\fetish lesbian [milf] .zip.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_4c786ae2f508e6d5\russian cum sleeping (Kathrin,Britney).mpg.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..ces-ime-eashared-lm_31bf3856ad364e35_10.0.19041.1_none_4756d423b091d10b\american gang bang beast big wifey .zip.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1288_none_6115038ba57fcb33\cum lesbian boobs mature .avi.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_10.0.19041.1_none_a3d9a07cf2290837\french fucking blowjob hot (!) .zip.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_it-it_1a80ce63d483fe70\malaysia fucking horse full movie vagina circumcision (Gina,Curtney).avi.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_19d22204a1f3fcaf\black porn fucking masturbation castration .zip.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.153_none_e23c926e32d07dc1\brasilian gay girls bedroom (Kathrin).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.746_none_aaeae146be52e178\cumshot catfight redhair .rar.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-w..acejoin-gptemplates_31bf3856ad364e35_10.0.19041.1_none_609f27436445f4da\bukkake beast [milf] hole leather .zip.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\porn public wifey .mpg.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\Downloads\beastiality uncut glans circumcision (Britney,Samantha).avi.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_en-us_310bfb76047869ad\animal cum full movie shoes (Janette).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.1_none_a7ad1894592cfa12\chinese sperm animal [free] feet .mpg.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\Downloads\kicking several models high heels .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_10.0.19041.1_none_965fbcbe4df0916b\hardcore uncut fishy .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_56cd15352969a8d0\asian bukkake public .avi.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Windows\PLA\Templates\indian gay [bangbus] .avi.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5fdc43acc1be690d\cum lingerie public YEâPSè& .avi.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_es-es_e5c3ad79c4e34ebb\kicking uncut titts swallow (Melissa).zip.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\gang bang porn [bangbus] beautyfull (Tatjana).mpg.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_8fafa997b9980bea\lesbian animal lesbian .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_1bbb9ab9fc52bac9\handjob [milf] .avi.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_ee7ea14f7d8a3ee3\norwegian lesbian [bangbus] legs .mpg.exe | C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe
"C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe"
C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe
"C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe"
C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe
"C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe"
C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe
"C:\Users\Admin\AppData\Local\Temp\362897ebc826aeee8e260644cc07f47fe925dec9d3f713b2247d22747139ba11.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.204.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.147.13.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 252.9.108.58.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.193.137.249.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.79.230.191.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.214.26.135.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.148.243.208.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.11.135.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 244.51.77.146.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 151.149.225.243.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 253.136.106.38.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.150.137.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.6.139.205.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.145.12.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.65.42.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 87.136.149.138.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 204.95.223.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.36.210.76.in-addr.arpa | udp |
Files
memory/1820-0-0x0000000000400000-0x000000000041D000-memory.dmp
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\german beastiality fetish [free] .zip.exe
| MD5 | 1893e6d4819b698e4d7c0671e1096486 |
| SHA1 | f068a7f5bd0d5ba9c3c90e9385dac3a4366f0330 |
| SHA256 | 384e8c2c99028dec86f22fd9c6dac1bbc34c9d0a0a77f25d07cdc9143ee06085 |
| SHA512 | 90558452d1bde7340023c57c83665fd814bafc0259bee390060e12aee8ce082b21c35a972e358dd4b997e0225d6adc4ed724b8d24f62634df6c908c699080f09 |
memory/2828-19-0x0000000000400000-0x000000000041D000-memory.dmp
memory/4636-83-0x0000000000400000-0x000000000041D000-memory.dmp
memory/1820-156-0x0000000000400000-0x000000000041D000-memory.dmp
memory/2828-171-0x0000000000400000-0x000000000041D000-memory.dmp
memory/4636-172-0x0000000000400000-0x000000000041D000-memory.dmp
memory/788-173-0x0000000000400000-0x000000000041D000-memory.dmp
memory/1820-174-0x0000000000400000-0x000000000041D000-memory.dmp
memory/1820-175-0x0000000000400000-0x000000000041D000-memory.dmp
memory/1820-197-0x0000000000400000-0x000000000041D000-memory.dmp
memory/1820-201-0x0000000000400000-0x000000000041D000-memory.dmp
memory/1820-205-0x0000000000400000-0x000000000041D000-memory.dmp
memory/1820-209-0x0000000000400000-0x000000000041D000-memory.dmp
memory/1820-213-0x0000000000400000-0x000000000041D000-memory.dmp
memory/1820-217-0x0000000000400000-0x000000000041D000-memory.dmp
memory/1820-221-0x0000000000400000-0x000000000041D000-memory.dmp
memory/1820-226-0x0000000000400000-0x000000000041D000-memory.dmp
memory/1820-230-0x0000000000400000-0x000000000041D000-memory.dmp
memory/1820-236-0x0000000000400000-0x000000000041D000-memory.dmp
memory/1820-246-0x0000000000400000-0x000000000041D000-memory.dmp
memory/1820-250-0x0000000000400000-0x000000000041D000-memory.dmp