Analysis Overview
SHA256
c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b
Threat Level: Known bad
The file c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b was found to be: Known bad.
Malicious Activity Summary
UPX dump on OEP (original entry point)
Detects executables containing possible sandbox analysis VM usernames
UPX dump on OEP (original entry point)
UPX packed file
Reads user/profile data of web browsers
Checks computer location settings
Adds Run key to start application
Enumerates connected drives
Drops file in System32 directory
Drops file in Windows directory
Drops file in Program Files directory
Unsigned PE
Enumerates physical storage devices
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-08 01:05
Signatures
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-08 01:05
Reported
2024-04-08 01:08
Platform
win10v2004-20240226-en
Max time kernel
150s
Max time network
152s
Command Line
Signatures
Detects executables containing possible sandbox analysis VM usernames
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\config\systemprofile\italian porn big leather .rar.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\trambling girls ash .zip.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\animal lesbian voyeur tß .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\cumshot girls leather (Sonja,Karin).rar.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\handjob nude [milf] (Anniston).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\horse beast [bangbus] glans girly (Sonja,Anniston).zip.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\italian porn xxx voyeur leather .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\asian beast hidden .rar.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\SHARED\malaysia fetish uncut vagina gorgeoushorny .rar.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Windows\System32\LogFiles\Fax\Incoming\black lesbian [milf] (Anniston).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\brasilian hardcore cumshot several models fishy .zip.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\SHARED\canadian fetish cum girls .zip.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\bukkake hot (!) legs swallow .zip.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\asian porn full movie upskirt .avi.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\kicking [milf] hotel (Janette,Melissa).mpg.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\trambling nude big castration .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\hardcore beastiality licking titts YEâPSè& (Kathrin).zip.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Program Files\Microsoft Office\Updates\Download\canadian fetish voyeur .rar.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\german handjob full movie balls .zip.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Shared Gadgets\cum hardcore sleeping nipples shower .avi.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\canadian hardcore masturbation girly .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\bukkake porn full movie glans 50+ (Tatjana).zip.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Program Files\dotnet\shared\gang bang action big .zip.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Templates\fetish catfight shoes .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\bukkake sleeping (Jade,Samantha).avi.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\bukkake hardcore voyeur hole (Samantha).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\malaysia lesbian licking ΋ .zip.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\Download\nude fucking public black hairunshaved .rar.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Microsoft Shared\gang bang [bangbus] legs .zip.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\japanese hardcore kicking several models ash .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-w..acejoin-gptemplates_31bf3856ad364e35_10.0.19041.1_none_609f27436445f4da\fucking beastiality [milf] .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5fdc43acc1be690d\french gay [bangbus] young (Sonja).rar.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-u..ell-sharedutilities_31bf3856ad364e35_10.0.19041.546_none_a93e4a2569276206\nude voyeur .rar.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.906_none_f962ab5f47e1e896\canadian gay girls gorgeoushorny .zip.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.867_none_c29826784f9429f8\kicking nude [free] vagina castration (Curtney).rar.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.546_none_cd016aa683e5a345\bukkake porn big .rar.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedrealitysvc_31bf3856ad364e35_10.0.19041.746_none_822bf1ada1526fa8\african hardcore big boobs Ôï .avi.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.1_none_fa09f84703cb02c5\trambling gay uncut bondage .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1288_none_56c05939711f0938\malaysia gang bang sperm sleeping 40+ (Sandy).mpg.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.1_none_6e0e425bd0e83959\japanese blowjob girls Ôï (Melissa,Samantha).rar.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.746_none_96167fa49059f7a3\spanish handjob handjob hidden latex .rar.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_b597a55b603b537d\cumshot public fishy (Jenna,Sandy).zip.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_14c898cc82025c76\blowjob handjob full movie titts .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.867_en-us_49453482f1fb5356\hardcore several models gorgeoushorny .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_10.0.19041.1_none_de1581e9a275faf8\danish hardcore lingerie full movie blondie .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.746_none_d01527cffa9c25bc\lesbian xxx catfight (Gina,Sylvia).mpg.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx-aspnet-nonwow64-shared_b03f5f7f11d50a3a_4.0.19041.1_none_d66d07dacac85e2d\asian horse licking mistress (Sonja,Ashley).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1288_none_6115038ba57fcb33\gang bang voyeur hole latex .avi.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.84_none_cee95e04c201c860\tyrkish lesbian [milf] .rar.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\gang bang sperm several models young .avi.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Windows\PLA\Templates\horse uncut fishy .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.572_none_d9e58b774d1b6e80\cum uncut (Ashley,Melissa).avi.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Windows\SoftwareDistribution\Download\SharedFileCache\african kicking porn [milf] balls .avi.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_e79b400a6df5fd2c\danish gay action girls (Curtney).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Windows\WinSxS\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_10.0.19041.1_none_4ab14109a3e1e067\spanish trambling hot (!) feet wifey .zip.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\Downloads\tyrkish xxx sleeping hole circumcision .avi.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_211cf1c632a13851\italian nude lesbian sm .zip.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_833abdc06c68d338\asian xxx hidden titts pregnant .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_2610450c30b37cc4\handjob porn voyeur .avi.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_es-es_c9ce604ef4cbf323\action animal big redhair .avi.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\danish hardcore uncut hairy .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_adfc5e0bfca53431\norwegian porn cum girls balls .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-u..tyvm-sysprep-shared_31bf3856ad364e35_10.0.19041.1_none_3ba048793ab5eb3f\japanese cumshot hot (!) vagina .avi.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_10.0.19041.1_none_91025638be651781\african gay several models titts (Sarah,Sarah).rar.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_67a96afcfa248327\african beast public granny .avi.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\lesbian lingerie [free] hole young .zip.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_ee7ea14f7d8a3ee3\canadian beastiality fucking full movie shower (Tatjana,Melissa).avi.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_10.0.19041.1_none_01240756137c3159\nude catfight vagina upskirt (Christine,Kathrin).avi.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.153_none_e23c926e32d07dc1\italian hardcore gay catfight redhair .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.1_none_c6da8048542fddc7\fucking sperm licking boobs mature .rar.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_es-es_e5c3ad79c4e34ebb\danish action cumshot hot (!) fishy (Karin,Christine).mpg.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_93c5f32b7859ec4f\xxx girls .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\british action kicking masturbation stockings .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_6c85d64de79e0985\italian horse sperm sleeping .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\horse big .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1202_none_d8a1416ab7cccdcf\japanese bukkake animal licking lady .avi.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_10.0.19041.1_none_965fbcbe4df0916b\german bukkake lesbian .rar.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_10.0.19041.1_none_551afa5edf8be30e\blowjob lingerie several models .zip.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-m..ineshared.resources_31bf3856ad364e35_10.0.19041.1_en-us_99ddc8ce8d3d6dac\spanish cum horse public ash high heels (Gina).avi.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_6c6bd34f082a97f1\horse hardcore [bangbus] glans pregnant .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Windows\WinSxS\msil_microsoft.powershel..filedownloadmanager_31bf3856ad364e35_10.0.19041.1_none_cb69bad627df9263\blowjob hot (!) fishy .avi.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.928_none_33e0d5558cdd7c61\spanish kicking nude several models .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_5d54c0aac5c3c12c\lingerie catfight bondage (Samantha).zip.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1_none_3cfd44d351b1a8ab\sperm full movie redhair .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_it-it_72a319bf8ee74a9b\nude girls gorgeoushorny (Sylvia,Melissa).avi.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-t..ervices-tsfairshare_31bf3856ad364e35_10.0.19041.746_none_0b33a1c93a22de1c\danish kicking girls femdom (Liz).avi.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..s-ime-eashared-ihds_31bf3856ad364e35_10.0.19041.1_none_e8996b7d3512363f\indian handjob bukkake public balls .zip.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_19d22204a1f3fcaf\indian gang bang girls stockings (Karin,Sonja).zip.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx-aspnet-sharedcomponents_b03f5f7f11d50a3a_4.0.19041.1_none_47ca94859da20b28\asian action uncut nipples (Britney,Gina).avi.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.1_none_4a03fd12cb3f16c2\malaysia hardcore lingerie several models .zip.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Windows\security\templates\japanese action hot (!) boobs redhair .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_215194e2327a46ac\german bukkake cum girls feet mature .zip.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedpc-sharedpccsp_31bf3856ad364e35_10.0.19041.1_none_24f622f1fc5a3f3c\indian blowjob trambling [free] .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-t..ervices-tsfairshare_31bf3856ad364e35_10.0.19041.1_none_e32b64807ab11fd2\action handjob several models feet .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe
"C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe"
C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe
"C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe"
C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe
"C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe"
C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe
"C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.171.91.138.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.65.18.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.194.109.28.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.192.247.144.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 93.232.33.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 159.113.53.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 204.38.158.106.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 181.45.119.62.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 126.163.68.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.163.153.70.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 51.57.24.14.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.136.100.183.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.6.17.98.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.129.223.107.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.56.20.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.44.226.227.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.57.166.160.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 39.242.211.70.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.240.95.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 60.203.75.41.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 224.148.183.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 120.182.29.144.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.165.53.58.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.220.53.109.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 96.189.20.239.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.170.86.60.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 135.124.40.232.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.168.98.48.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.239.13.218.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 112.13.159.120.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 126.136.76.6.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 153.33.17.210.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 201.225.85.237.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.48.94.223.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.188.81.211.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.197.78.177.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 185.96.144.233.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 122.229.180.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.104.16.161.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.126.173.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.1.136.187.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 62.249.40.7.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.125.203.231.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 85.85.55.144.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 213.126.167.61.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 7.242.243.60.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.161.53.197.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.67.108.19.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.145.248.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.208.20.5.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 96.179.38.56.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.13.84.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.184.47.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 204.3.171.240.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.207.65.114.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 167.129.61.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 211.233.235.147.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.51.38.61.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 102.242.75.26.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.232.1.191.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.166.200.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.152.212.125.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.61.92.122.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.30.100.225.in-addr.arpa | udp |
Files
memory/912-0-0x0000000000400000-0x000000000041E000-memory.dmp
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\trambling nude big castration .mpg.exe
| MD5 | cc7b7f5ef0a7d455a474f3fb1edccdd0 |
| SHA1 | ab04df604840f23440af4b123b343a74641c903d |
| SHA256 | 7860fb802b515ec690fe024d241b28f83d3ddf9abff192d44ece049e58b6f2ac |
| SHA512 | d7addab7175e43343bddfe683b9651036d4086498db2f6a73ed3f237c2c48442c50b357041f82b3095ca79f6af27f78ba182f2ffbcb825d8c2a8ac9cf9ea2c1a |
memory/4544-154-0x0000000000400000-0x000000000041E000-memory.dmp
memory/3308-155-0x0000000000400000-0x000000000041E000-memory.dmp
memory/912-180-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1640-181-0x0000000000400000-0x000000000041E000-memory.dmp
memory/912-185-0x0000000000400000-0x000000000041E000-memory.dmp
memory/912-191-0x0000000000400000-0x000000000041E000-memory.dmp
memory/912-192-0x0000000000400000-0x000000000041E000-memory.dmp
memory/912-202-0x0000000000400000-0x000000000041E000-memory.dmp
memory/912-206-0x0000000000400000-0x000000000041E000-memory.dmp
memory/912-211-0x0000000000400000-0x000000000041E000-memory.dmp
memory/912-215-0x0000000000400000-0x000000000041E000-memory.dmp
memory/912-219-0x0000000000400000-0x000000000041E000-memory.dmp
memory/912-223-0x0000000000400000-0x000000000041E000-memory.dmp
memory/912-227-0x0000000000400000-0x000000000041E000-memory.dmp
memory/912-231-0x0000000000400000-0x000000000041E000-memory.dmp
memory/912-235-0x0000000000400000-0x000000000041E000-memory.dmp
memory/912-239-0x0000000000400000-0x000000000041E000-memory.dmp
memory/912-243-0x0000000000400000-0x000000000041E000-memory.dmp
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-08 01:05
Reported
2024-04-08 01:08
Platform
win7-20240221-en
Max time kernel
150s
Max time network
153s
Command Line
Signatures
Detects executables containing possible sandbox analysis VM usernames
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\nude action big cock .avi.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Windows\System32\LogFiles\Fax\Incoming\african fucking full movie hotel .rar.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\shared\black lesbian cum lesbian shower .avi.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\tyrkish horse gay lesbian (Sandy,Sandy).avi.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\animal gay hot (!) YEâPSè& .zip.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\japanese lesbian sleeping mistress .avi.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\animal kicking hot (!) ejaculation (Jade,Sonja).zip.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\italian horse [milf] .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\shared\italian gang bang action [bangbus] .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\gay uncut (Liz,Sonja).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\Windows Sidebar\Shared Gadgets\african blowjob sleeping nipples .zip.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\malaysia trambling licking .rar.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\danish nude lingerie masturbation .rar.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\brasilian beastiality nude uncut .avi.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Program Files\DVD Maker\Shared\lingerie public boobs (Sarah).avi.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\Download\asian xxx [free] YEâPSè& .avi.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\british beastiality bukkake hidden titts ash .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\chinese cumshot fetish masturbation (Samantha,Kathrin).avi.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Program Files\Windows Journal\Templates\beast lingerie full movie .rar.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\microsoft shared\german porn animal sleeping .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\american hardcore beastiality girls boots (Christine).rar.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\gay public blondie .rar.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\cum [milf] traffic (Melissa,Melissa).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\russian lingerie [bangbus] (Sandy).zip.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\japanese bukkake gang bang big shoes (Sylvia).avi.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\winsxs\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_664dbffec8693dfe\tyrkish lingerie fetish [bangbus] young (Christine,Sarah).zip.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_6.1.7600.16385_none_af6f98ff87b0e3cc\american handjob gang bang big .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Windows\winsxs\Temp\american horse several models (Janette).mpg.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_d81c96999f75bd77\blowjob porn licking ash .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ea4a469ab7713182\fetish full movie 50+ .zip.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_cd2006602e5ee22e\indian cumshot full movie black hairunshaved (Jade,Britney).rar.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_94ab98ac6d213009\italian cum several models .rar.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_60c2504d62fd4f0e\swedish bukkake masturbation girly .rar.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_9498b282333b64ec\malaysia cum big legs (Curtney).avi.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Windows\mssrv.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_965db382b6fef5cb\lesbian lesbian ejaculation (Gina,Melissa).avi.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Windows\assembly\temp\american porn big nipples castration (Anniston,Sandy).mpg.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_65b23d3c3a97bfaf\italian cumshot [free] upskirt (Kathrin).rar.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\beastiality nude hot (!) latex .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05\asian fetish animal full movie mistress .rar.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2fc4a33adb648f33\russian sperm full movie bondage .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_b7f38afb92de484f\italian nude horse [milf] .zip.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\fucking big fishy .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\brasilian sperm horse girls .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8d9f242de8497d58\cum uncut high heels .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e30b5ec05031d17d\malaysia trambling uncut .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_60a2cbbf935c42b4\brasilian kicking uncut cock upskirt (Tatjana,Sonja).avi.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_f27c4f066f5c6701\american lingerie blowjob full movie legs fishy (Samantha,Sonja).avi.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5d9f7d70ed4643fd\canadian cum several models beautyfull .rar.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_34400a5790d1d336\nude beastiality [milf] feet ìï .zip.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8bfc34b93f0fdd42\asian cum kicking [milf] .rar.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_es-es_00bfb7e81e458178\brasilian action blowjob [milf] (Sarah).avi.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\tyrkish lingerie sleeping .rar.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\german beast girls .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f25d066604c2ad34\tyrkish cum [milf] leather (Ashley,Samantha).zip.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_05ea1d9b8e2bf020\tyrkish blowjob horse hot (!) (Anniston,Samantha).mpg.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\sperm gang bang masturbation boobs swallow .avi.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8c6fc5a7aa8c435d\handjob action big .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a3772de7111797da\fetish hidden (Christine).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\cum lesbian uncut upskirt .rar.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Windows\assembly\tmp\gay lingerie voyeur .zip.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_1412267f4b3bb985\japanese porn animal public lady (Curtney).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Windows\winsxs\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_6b16fa9f975e1109\tyrkish gay voyeur pregnant .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_de-de_5803850b2f40840e\kicking full movie glans .rar.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_6.1.7600.16385_none_5499606faffb3f9f\malaysia trambling hidden legs granny .avi.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ad7c61fb28607522\indian fucking [free] (Ashley,Jade).avi.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8bc7919d3f36cee7\japanese hardcore blowjob [bangbus] .zip.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_39c9d74ef2ad6c7b\lingerie xxx voyeur gorgeoushorny .avi.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_16a2bb1dbab1c595\horse xxx big femdom .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_7bfdfb15e7184c41\gay blowjob full movie 40+ .rar.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\beastiality gang bang hidden nipples fishy .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_00225053e03f4c04\chinese beastiality cum full movie granny (Sonja).zip.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0ac4ebfc358e5ec0\african fucking several models .avi.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_dba3691c6002e10e\italian nude catfight YEâPSè& (Tatjana,Anniston).zip.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_3863e9ef3f804dd9\gang bang cum voyeur .rar.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-m..-temptable-provider_31bf3856ad364e35_6.1.7600.16385_none_1dd3ce8d1e7524cd\norwegian fetish [bangbus] vagina (Melissa,Sarah).rar.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_aedaf3947d09fbe5\american animal trambling licking latex .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\Downloads\kicking several models mistress (Sandy).mpg.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_6f0f7833cb71e18d\german gang bang masturbation high heels (Kathrin).mpg.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_6.1.7600.16385_none_6377027f0030a06a\lingerie action hot (!) .rar.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_39374e2435a71b47\cumshot horse girls sm (Jade,Karin).avi.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_3c93ac15fd731acf\african hardcore several models lady (Britney,Sarah).zip.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\tyrkish gay [bangbus] (Tatjana,Gina).avi.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_293ea1e3e6bc5364\russian handjob licking upskirt .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_aea650787d30ed8a\cumshot hot (!) .avi.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Windows\PLA\Templates\porn [milf] ash sweet .rar.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_d8216ed3d8746200\british action hidden .rar.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\italian horse hidden bondage .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_97a45841ff925aa0\danish horse several models hotel .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe
"C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe"
C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe
"C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe"
C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe
"C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe"
C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe
"C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 229.62.92.229.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.155.202.207.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 215.143.159.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.161.152.116.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.139.97.161.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 181.206.238.203.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.205.194.240.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.88.46.202.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.171.206.228.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 207.107.225.63.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 231.226.205.156.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.16.41.120.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.68.248.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 219.186.23.36.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 116.40.218.73.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 12.107.225.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 93.27.87.29.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 243.242.160.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.139.220.33.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 159.152.5.12.in-addr.arpa | udp |
Files
memory/1340-0-0x0000000000400000-0x000000000041E000-memory.dmp
C:\Program Files\Windows Sidebar\Shared Gadgets\african blowjob sleeping nipples .zip.exe
| MD5 | 4751f209ebbd0d0b3a3f95df61332ef9 |
| SHA1 | d5d59de348d15bb2b9eabd14fbadcecfd9f0a57e |
| SHA256 | b9b64e403ccac273d04b7a99faa8dc264ffa272199064736bcf72c4522e0dee2 |
| SHA512 | 60bfeec3bb728107e45ed3c1feef462d7baba623b02e99087315b1a78c0723a1531e1e638f24ab1afb42a9ab1eb0ebb291c7460b9fa112b26d281bcc78f17bc5 |
memory/1340-9-0x0000000004B20000-0x0000000004B3E000-memory.dmp
memory/1340-54-0x0000000005090000-0x00000000050AE000-memory.dmp
memory/2496-57-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2624-56-0x0000000004920000-0x000000000493E000-memory.dmp
memory/2456-55-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1340-90-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2624-91-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2456-92-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2496-93-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1340-94-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1340-95-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1340-99-0x0000000005090000-0x00000000050AE000-memory.dmp
memory/1340-101-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1340-105-0x0000000000400000-0x000000000041E000-memory.dmp
C:\debug.txt
| MD5 | e6bb19d12dcfe95ab7083465653e0b2b |
| SHA1 | 0626c65657722a3dd0684f212f48c54aa5124df4 |
| SHA256 | b6544e8ba1ea56e7eeb112041d9a7f944483a72198f9eb8e8fe158456801f705 |
| SHA512 | 9d9d14f17113e19cd69c76779af0e7445f9c9603d5d83bb793aaa61720c3d7b6a64def3b07aa4870f5f3a668bc1259f3ed25ec5f79f4259129bfaf1f3a5b0a80 |
memory/1340-119-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1340-123-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1340-127-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1340-131-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1340-137-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1340-141-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1340-145-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1340-149-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1340-153-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1340-157-0x0000000000400000-0x000000000041E000-memory.dmp