Analysis Overview
SHA256
c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a
Threat Level: Known bad
The file c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a was found to be: Known bad.
Malicious Activity Summary
UPX dump on OEP (original entry point)
UPX dump on OEP (original entry point)
Detects executables containing possible sandbox analysis VM usernames
Checks computer location settings
UPX packed file
Reads user/profile data of web browsers
Adds Run key to start application
Enumerates connected drives
Drops file in System32 directory
Drops file in Program Files directory
Drops file in Windows directory
Enumerates physical storage devices
Unsigned PE
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-08 01:11
Signatures
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-08 01:11
Reported
2024-04-08 01:13
Platform
win7-20240221-en
Max time kernel
150s
Max time network
153s
Command Line
Signatures
Detects executables containing possible sandbox analysis VM usernames
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\System32\LogFiles\Fax\Incoming\trambling girls cock .avi.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\danish cumshot lesbian sleeping mistress .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\russian cum xxx lesbian .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\shared\horse voyeur leather .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\bukkake full movie cock leather .avi.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\black handjob hardcore hot (!) glans (Sonja,Curtney).mpg.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\canadian fucking [bangbus] glans penetration (Curtney).rar.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\shared\american handjob beast uncut .rar.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\american horse xxx masturbation balls .avi.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\american horse gay licking titts redhair (Janette).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Google\Update\Download\american animal horse full movie (Janette).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\tyrkish cumshot lingerie full movie hole (Sonja,Liz).rar.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\tyrkish nude gay public feet .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\indian cum horse [free] traffic .zip.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\trambling [milf] (Karin).zip.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Program Files\DVD Maker\Shared\xxx voyeur balls .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Shared Gadgets\swedish gang bang blowjob girls swallow (Britney,Janette).zip.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\indian gang bang beast lesbian granny .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\xxx big .avi.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\microsoft shared\danish gang bang fucking sleeping (Karin).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\brasilian kicking beast public .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\swedish handjob hardcore sleeping (Karin).mpg.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\sperm licking femdom .avi.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Program Files\Windows Journal\Templates\lesbian licking (Sylvia).mpg.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\japanese action horse uncut cock penetration .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_97a45841ff925aa0\lingerie [bangbus] blondie .avi.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_16a2bb1dbab1c595\danish horse sperm hidden hole ash .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Windows\winsxs\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_6b16fa9f975e1109\british hardcore masturbation (Janette).mpg.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_095efe9c8261401e\italian cum hardcore girls (Curtney).mpg.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\Downloads\lingerie masturbation blondie .rar.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\tyrkish handjob bukkake hot (!) boots (Ashley,Karin).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_00225053e03f4c04\asian lesbian hidden (Sylvia).mpg.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_34400a5790d1d336\xxx sleeping (Liz).zip.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_es-es_00bfb7e81e458178\beastiality blowjob big titts redhair (Sarah).zip.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\russian cum beast catfight titts bedroom .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\italian handjob lesbian hidden .zip.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\danish action gay lesbian cock gorgeoushorny (Melissa).zip.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b4aea777fe683838\beast [bangbus] hole bondage .rar.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\brasilian porn trambling big swallow .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Windows\Downloaded Program Files\black horse lesbian licking leather .zip.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_7bfdfb15e7184c41\spanish blowjob catfight swallow .rar.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_dd18b2a07d49aa11\canadian lesbian uncut .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\gay hidden .rar.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0ac4ebfc358e5ec0\lingerie masturbation gorgeoushorny .avi.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Windows\PLA\Templates\tyrkish cum gay several models ìï .avi.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_b7f38afb92de484f\kicking fucking hidden mature (Anniston,Karin).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_387a16fe7addf3b6\malaysia xxx sleeping penetration .rar.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_664dbffec8693dfe\norwegian lesbian licking (Tatjana).mpg.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\gay big (Liz).rar.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\Downloads\japanese cumshot xxx girls .rar.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05\german lingerie public (Tatjana).zip.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_6.1.7600.16385_none_af6f98ff87b0e3cc\american action lesbian voyeur .zip.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_6.1.7600.16385_none_a727eb798dcfb185\brasilian horse fucking sleeping titts high heels .rar.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_39374e2435a71b47\norwegian bukkake [milf] hairy .avi.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_5e4ff1f4cf2dee9b\norwegian trambling hidden glans .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2fc4a33adb648f33\animal beast uncut glans shower (Janette).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\russian kicking bukkake [milf] penetration .zip.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\beast hidden .zip.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_4fe2107fd06efdd8\fetish horse [milf] cock .avi.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_en-us_00f45b041e1e8fd3\horse horse big titts (Britney,Sarah).rar.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\sperm hidden hole .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_963e6ae24c653bfe\lesbian public titts (Kathrin,Sylvia).mpg.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_6f0f7833cb71e18d\tyrkish cumshot lesbian masturbation hole .zip.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_bacc7ceffc55dca2\french trambling licking hole .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_515dc677700303ec\xxx [free] ash .rar.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\japanese beastiality lesbian uncut pregnant .avi.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_99b74194b7347cab\asian xxx hot (!) (Tatjana).zip.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8bc7919d3f36cee7\russian animal trambling [free] shoes (Anniston,Sylvia).mpg.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Windows\winsxs\InstallTemp\fucking several models glans .avi.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Windows\mssrv.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\danish handjob gay [free] cock young .avi.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\tyrkish gang bang xxx [free] shower .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\indian kicking blowjob big titts boots .zip.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Windows\security\templates\xxx voyeur (Curtney).mpg.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_d81c96999f75bd77\african trambling voyeur .zip.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a3772de7111797da\french beast big stockings .zip.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_4d274741486b900c\french blowjob uncut .avi.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_293ea1e3e6bc5364\japanese porn lingerie hot (!) cock ash .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_bcc167434bb9b3ea\handjob horse voyeur blondie .rar.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_6.1.7600.16385_none_49dd84a06c7c8863\bukkake girls glans .rar.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8bfc34b93f0fdd42\norwegian xxx hidden 40+ .zip.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Windows\assembly\tmp\xxx full movie blondie .avi.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_65b23d3c3a97bfaf\lingerie hot (!) femdom (Sonja,Tatjana).zip.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\bukkake voyeur hairy .rar.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_94ab98ac6d213009\swedish gang bang gay uncut .rar.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0835101f2d90c7b6\french gay catfight .zip.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f25d066604c2ad34\canadian hardcore voyeur .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_de-de_5803850b2f40840e\kicking beast licking (Curtney).avi.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_dba3691c6002e10e\animal trambling [bangbus] balls (Gina,Jade).zip.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe
"C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe"
C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe
"C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe"
C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe
"C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe"
C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe
"C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 24.135.101.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 139.156.107.98.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.246.226.75.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 45.24.65.200.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.109.72.102.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 168.209.60.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.87.1.16.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.236.70.55.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.182.146.191.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 124.11.31.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.103.79.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.189.152.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.145.65.61.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.86.137.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 188.146.154.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.160.236.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.21.30.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.111.75.26.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.22.181.26.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.219.222.112.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 116.78.177.201.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.76.9.240.in-addr.arpa | udp |
Files
memory/1300-0-0x0000000000400000-0x000000000041E000-memory.dmp
C:\Program Files\Windows Sidebar\Shared Gadgets\swedish gang bang blowjob girls swallow (Britney,Janette).zip.exe
| MD5 | d987965ef008841436979c55df6d054c |
| SHA1 | 5fb95b4b9d17b845b454796fa97fafd7af288450 |
| SHA256 | c73c400b207e9c40d3dcb973bb4543301943dfac38beda1e1ccc070f072d5d85 |
| SHA512 | 6b31179b1453e41e2e250dccd13b11a7a31973699f39e046f7f0da0e1820704b4e3b2a633747adee555abe44e98ea10a9b33022c09fa33fa68e918ff6e1adf7b |
memory/1300-48-0x0000000004B50000-0x0000000004B6E000-memory.dmp
memory/2400-49-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1300-86-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1696-87-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2940-88-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2400-89-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1300-90-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1300-91-0x0000000004B50000-0x0000000004B6E000-memory.dmp
memory/1300-92-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1300-97-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1300-111-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1300-115-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1300-119-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1300-123-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1300-127-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1300-133-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1300-137-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1300-141-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1300-145-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1300-149-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1300-153-0x0000000000400000-0x000000000041E000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-08 01:11
Reported
2024-04-08 01:13
Platform
win10v2004-20240226-en
Max time kernel
150s
Max time network
152s
Command Line
Signatures
Detects executables containing possible sandbox analysis VM usernames
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\IME\SHARED\xxx public blondie .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\japanese cumshot beast full movie cock penetration (Curtney).rar.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\tyrkish action trambling big .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\bukkake [milf] feet .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\black action hardcore [milf] glans ash .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\russian action fucking several models titts 40+ .zip.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\horse licking leather (Britney,Tatjana).mpg.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\hardcore [bangbus] .rar.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\russian handjob lingerie voyeur hole bedroom .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\danish kicking blowjob voyeur high heels .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\SHARED\danish action trambling big .rar.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Windows\System32\LogFiles\Fax\Incoming\gay voyeur hole lady (Jade).mpg.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\dotnet\shared\danish fetish fucking hidden titts high heels .zip.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\trambling licking glans .zip.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\horse public beautyfull .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\japanese handjob fucking [bangbus] glans .zip.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\japanese cum xxx girls titts fishy .avi.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\sperm licking pregnant .zip.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\blowjob sleeping cock ejaculation (Curtney).mpg.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\Download\lesbian girls (Tatjana).zip.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\danish action bukkake hidden cock .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Templates\bukkake lesbian feet .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Microsoft Shared\bukkake hot (!) feet latex .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\american cum blowjob masturbation .avi.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\beast sleeping upskirt (Anniston,Karin).zip.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\xxx [bangbus] femdom (Sonja,Tatjana).mpg.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\tyrkish porn horse lesbian hole (Gina,Sylvia).mpg.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\indian gang bang lingerie hidden glans redhair .avi.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Program Files\Microsoft Office\Updates\Download\fucking hidden cock .zip.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Shared Gadgets\russian cum beast hidden young .zip.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_f8d34ba1b1eb00de\malaysia bukkake [bangbus] penetration .avi.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Windows\mssrv.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_1bbb9ab9fc52bac9\cumshot beast sleeping sweet .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.572_none_d9e58b774d1b6e80\french lingerie catfight .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx4-_dataperfcou.._shared12_neutral_h_b03f5f7f11d50a3a_4.0.15805.0_none_24ed4511dcc3019e\trambling masturbation glans .avi.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_adfc5e0bfca53431\lingerie hot (!) glans shower (Jade).zip.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_a4f93129c473df49\british horse catfight titts 40+ .zip.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.1_none_c6da8048542fddc7\bukkake licking glans .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_de-de_e4e52f411b7b0526\danish porn fucking uncut sweet .rar.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.746_none_2212358fc33cc10f\action beast hidden titts .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.153_none_e23c926e32d07dc1\russian handjob lesbian catfight cock shoes .avi.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_fe0807c37141be7a\action gay [free] Ôï .avi.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Windows\SoftwareDistribution\Download\asian hardcore voyeur feet girly (Samantha).mpg.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-update-upshared_31bf3856ad364e35_10.0.19041.1151_none_025296d718a7b3a8\african sperm girls .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_2fe79eae2833b9b1\gang bang gay [free] mistress (Christine,Janette).avi.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.789_en-us_58ebf9ecc407e3c0\xxx sleeping .zip.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.1_none_a80cea873b2a6772\american porn lesbian full movie beautyfull .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_en-us_310bfb76047869ad\cumshot hardcore big black hairunshaved (Anniston,Liz).rar.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.1_none_f42978969c79336a\american nude hardcore girls hotel (Kathrin,Curtney).zip.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_es-es_e5c3ad79c4e34ebb\malaysia sperm uncut leather .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_07787dd7ae0cf4f6\french trambling [bangbus] titts (Christine,Sylvia).zip.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-w..acejoin-gptemplates_31bf3856ad364e35_10.0.19041.1_none_609f27436445f4da\swedish fetish trambling hot (!) fishy .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\brasilian handjob beast masturbation .avi.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Windows\PLA\Templates\italian animal blowjob sleeping cock .rar.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.84_none_81616275259e37fe\beast hidden feet traffic .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_10.0.19041.207_none_e2f2dfeea7fa44fc\french xxx full movie 50+ .avi.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\trambling girls high heels .avi.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\xxx licking glans .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Windows\WinSxS\x86_netfx4-uninstallsqlstatetemplate_sql_b03f5f7f11d50a3a_4.0.15805.0_none_231ddfc33015c6db\canadian xxx [free] castration .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.84_none_c494b3b28da10665\horse beast big (Jade).zip.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_de-de_21122d7205c6f5b9\norwegian beast licking (Jade).avi.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_it-it_f1a0741e853eda74\porn bukkake hot (!) bondage .rar.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\indian beastiality bukkake big .zip.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.928_none_33e0d5558cdd7c61\danish animal trambling licking titts .avi.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_10.0.19041.1_none_91025638be651781\handjob sperm full movie blondie .zip.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_6242879b1c08046f\gang bang bukkake several models .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Windows\Downloaded Program Files\tyrkish fetish fucking girls hole .avi.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_en-us_64f5aaf4bb13ecef\japanese action bukkake voyeur 40+ .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.1_none_b201c2e68d8dbc0d\beast hot (!) glans circumcision (Liz).rar.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.906_none_f962ab5f47e1e896\chinese beast catfight 50+ .rar.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Windows\SoftwareDistribution\Download\SharedFileCache\horse girls cock .avi.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_5b152a8d329397ec\xxx hot (!) shower .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_ee7ea14f7d8a3ee3\chinese hardcore masturbation (Liz).zip.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedpc-sharedpccsp_31bf3856ad364e35_10.0.19041.1_none_24f622f1fc5a3f3c\black beastiality sperm hidden boots .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\russian cumshot beast masturbation feet sm .rar.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\Downloads\danish horse beast catfight 40+ .rar.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_93c5f32b7859ec4f\indian cumshot gay hidden feet hotel .rar.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx-aspnet-nonwow64-shared_b03f5f7f11d50a3a_4.0.19041.1_none_d66d07dacac85e2d\trambling lesbian traffic .zip.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_de-de_16bd831fd16633be\cum sperm voyeur .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c3d467c525734eb3\handjob sperm uncut balls .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_5d54c0aac5c3c12c\blowjob hidden bondage .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\Downloads\hardcore [milf] feet ¼ë .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_10.0.19041.746_none_e2c6a972a81b8d2c\fucking catfight circumcision .avi.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_it-it_1a80ce63d483fe70\kicking gay uncut high heels .rar.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_bca64d70c79f104b\swedish beastiality lesbian hidden glans circumcision .rar.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx4-installsqlstatetemplate_sql_b03f5f7f11d50a3a_4.0.15805.0_none_7636d1cd418015c8\swedish nude bukkake [bangbus] upskirt .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.1_none_4a03fd12cb3f16c2\cumshot lesbian full movie blondie .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_8d8f6812a0c99533\canadian trambling voyeur (Sylvia).avi.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Windows\CbsTemp\italian action blowjob catfight feet fishy (Jade).avi.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_b1ffa0e7b4ed03e2\british bukkake masturbation titts (Ashley,Sylvia).zip.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Windows\WinSxS\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_10.0.19041.1_none_a723631dce180fe0\swedish action blowjob uncut (Sarah).avi.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_833abdc06c68d338\sperm uncut (Tatjana).avi.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.746_none_de598551b74a3964\french gay girls feet shower .zip.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5021dd18efc0460c\gang bang xxx voyeur cock 50+ (Samantha).rar.exe | C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe
"C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe"
C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe
"C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe"
C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe
"C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe"
C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe
"C:\Users\Admin\AppData\Local\Temp\c374f051a14d0cb045716243ec08bfe0e7709f0763b00a1c3eb14901d6f2516a.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 144.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 20.231.121.79:80 | tcp | |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 188.156.129.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.133.30.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.221.104.100.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 125.40.40.206.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.190.85.33.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.68.255.79.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.167.195.179.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.50.4.130.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.86.229.187.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 243.230.253.201.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 62.124.173.194.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.148.226.180.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 63.90.218.27.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.26.202.1.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.47.38.191.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 187.164.58.138.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.81.43.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 107.164.107.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.228.10.49.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.245.234.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 201.58.130.159.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.160.233.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 201.191.162.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 243.201.27.144.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.53.211.167.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.250.75.60.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.218.188.31.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.170.47.136.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.149.34.231.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.37.74.57.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 223.64.153.194.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 144.152.239.32.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.41.167.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.220.61.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 250.120.180.11.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 114.113.103.59.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 236.255.139.153.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.181.204.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 162.30.95.28.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 170.136.95.43.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.168.66.218.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 142.235.162.137.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 186.114.154.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 201.183.25.200.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 143.100.157.100.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 38.145.209.153.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.168.2.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.94.215.244.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.39.236.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 63.160.153.235.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.58.147.239.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.211.81.79.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.232.234.252.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.216.168.197.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.28.251.156.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.142.244.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.37.212.133.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 112.2.100.39.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.132.202.39.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.228.125.246.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 141.76.171.97.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 125.240.22.22.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 235.82.195.186.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 38.76.92.68.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.149.251.124.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 151.197.80.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 143.127.19.231.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.37.115.24.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 179.80.19.252.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.123.237.241.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 243.106.185.177.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 213.245.143.153.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 236.115.46.27.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.17.178.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 142.63.171.192.in-addr.arpa | udp |
Files
memory/4840-0-0x0000000000400000-0x000000000041E000-memory.dmp
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\japanese cum xxx girls titts fishy .avi.exe
| MD5 | 4d2a95865e195d79498f00d7682ccda2 |
| SHA1 | 91825bc15659fe62a54231a3c343e03dd6f514c1 |
| SHA256 | e9780d76cb448fc857fb9e77583114cd86e39ef4b6600ad1bf80d57a86c8bea6 |
| SHA512 | 45a423a04bbac1cbb6e29b94a7f571251fb942210e83cad8592f59e8699aa278bd996692511e523377b5eaed6dd6c0ae2140a6b085d8898183a94687e2a266f6 |
memory/4864-32-0x0000000000400000-0x000000000041E000-memory.dmp
memory/5036-161-0x0000000000400000-0x000000000041E000-memory.dmp
memory/4084-162-0x0000000000400000-0x000000000041E000-memory.dmp
memory/4840-187-0x0000000000400000-0x000000000041E000-memory.dmp
memory/5036-189-0x0000000000400000-0x000000000041E000-memory.dmp
memory/4084-190-0x0000000000400000-0x000000000041E000-memory.dmp
memory/4840-192-0x0000000000400000-0x000000000041E000-memory.dmp
memory/4840-194-0x0000000000400000-0x000000000041E000-memory.dmp
memory/4840-199-0x0000000000400000-0x000000000041E000-memory.dmp
memory/4840-209-0x0000000000400000-0x000000000041E000-memory.dmp
memory/4840-213-0x0000000000400000-0x000000000041E000-memory.dmp
memory/4840-218-0x0000000000400000-0x000000000041E000-memory.dmp
memory/4840-222-0x0000000000400000-0x000000000041E000-memory.dmp
memory/4840-226-0x0000000000400000-0x000000000041E000-memory.dmp
memory/4840-230-0x0000000000400000-0x000000000041E000-memory.dmp
memory/4840-234-0x0000000000400000-0x000000000041E000-memory.dmp
memory/4840-238-0x0000000000400000-0x000000000041E000-memory.dmp
memory/4840-242-0x0000000000400000-0x000000000041E000-memory.dmp
memory/4840-246-0x0000000000400000-0x000000000041E000-memory.dmp
memory/4840-250-0x0000000000400000-0x000000000041E000-memory.dmp