Analysis Overview
SHA256
c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7
Threat Level: Known bad
The file c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7 was found to be: Known bad.
Malicious Activity Summary
UPX dump on OEP (original entry point)
Detects executables containing possible sandbox analysis VM usernames
UPX dump on OEP (original entry point)
Checks computer location settings
Reads user/profile data of web browsers
UPX packed file
Adds Run key to start application
Enumerates connected drives
Drops file in System32 directory
Drops file in Windows directory
Drops file in Program Files directory
Enumerates physical storage devices
Unsigned PE
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-08 01:22
Signatures
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-08 01:22
Reported
2024-04-08 01:24
Platform
win7-20240319-en
Max time kernel
150s
Max time network
152s
Command Line
Signatures
Detects executables containing possible sandbox analysis VM usernames
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\FxsTmp\japanese lesbian masturbation ìï .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\lesbian gay catfight feet leather .avi.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\german handjob bukkake hidden (Anniston).mpg.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\french fetish horse several models .zip.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\shared\malaysia xxx horse licking Ôë (Samantha).rar.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Windows\System32\LogFiles\Fax\Incoming\trambling lesbian sm (Karin,Sylvia).zip.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\nude several models .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\chinese hardcore lesbian girls ash .rar.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\shared\japanese lingerie full movie boobs high heels (Ashley).rar.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\cum lesbian titts balls .avi.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\gay handjob hidden .rar.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\asian fucking uncut hole (Sonja).mpg.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Program Files\DVD Maker\Shared\british bukkake lesbian redhair .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\microsoft shared\horse fucking public .zip.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\lesbian gay masturbation feet hairy .rar.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\canadian gay masturbation boobs penetration (Jenna).mpg.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\russian nude fucking public .rar.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\malaysia fetish bukkake [milf] boobs (Gina,Tatjana).rar.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\tyrkish lesbian action voyeur swallow .rar.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\norwegian sperm beastiality [free] .avi.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Program Files\Windows Journal\Templates\swedish beast kicking sleeping feet .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Shared Gadgets\gay [bangbus] sm (Christine,Christine).avi.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\french beastiality hidden legs .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\Download\swedish blowjob hardcore licking blondie .rar.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\action gay hot (!) nipples (Tatjana).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\malaysia cumshot lingerie [milf] glans .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_65b23d3c3a97bfaf\tyrkish lesbian lingerie girls lady .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_97a45841ff925aa0\danish xxx catfight granny (Ashley).avi.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_39c9d74ef2ad6c7b\italian xxx xxx hot (!) (Sylvia).mpg.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_1412267f4b3bb985\british trambling [free] .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_657d9a203abeb154\xxx sleeping glans sweet (Karin).avi.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_bacc7ceffc55dca2\japanese animal voyeur latex .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_39374e2435a71b47\african horse licking cock .rar.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\horse lesbian several models .rar.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Windows\security\templates\trambling uncut traffic .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_aea650787d30ed8a\cum horse girls ash .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Windows\Downloaded Program Files\danish cum several models boobs penetration .rar.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_4fe2107fd06efdd8\beast porn uncut mature .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_it-it_18a6fde3093acac7\hardcore several models granny .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_387a16fe7addf3b6\african horse beastiality licking leather .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_6.1.7600.16385_none_2958d4a31d2ec64f\indian fetish girls hotel (Jenna).rar.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_94828572f7ddbf0f\nude sleeping bondage .rar.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_34400a5790d1d336\italian lesbian sleeping cock 50+ .zip.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a3772de7111797da\british sperm porn girls cock 50+ .avi.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_9498b282333b64ec\brasilian horse horse several models black hairunshaved (Jade,Jenna).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Windows\winsxs\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_6b16fa9f975e1109\french cumshot xxx masturbation girly .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_965db382b6fef5cb\cumshot trambling licking glans shoes .rar.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\swedish cumshot [milf] vagina ¼ç (Sylvia).rar.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_de-de_5803850b2f40840e\japanese beast fetish full movie nipples mature .rar.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e30b5ec05031d17d\lingerie sperm [free] young .rar.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_3c93ac15fd731acf\sperm several models (Karin,Sarah).avi.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Windows\mssrv.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\animal big feet .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_f3c374fc18118ca2\brasilian cumshot [bangbus] (Liz).avi.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\trambling kicking licking redhair .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0af98f1835676d1b\spanish beast [free] ìï .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_d8216ed3d8746200\indian beast girls (Jade,Sonja).avi.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_dd18b2a07d49aa11\fetish big (Sonja).rar.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_664dbffec8693dfe\canadian porn lesbian .zip.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\german fetish [bangbus] nipples granny .rar.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Windows\winsxs\Temp\trambling [bangbus] .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_6.1.7600.16385_none_af6f98ff87b0e3cc\asian action masturbation vagina 40+ .rar.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_ddab3bcb3a4ffb45\swedish cum uncut shoes .avi.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_94ab98ac6d213009\action sleeping feet boots (Curtney,Samantha).mpg.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\british xxx bukkake uncut mature (Melissa,Sandy).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\gang bang lesbian gorgeoushorny .avi.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\horse full movie vagina .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_cd2006602e5ee22e\canadian beast action licking redhair .zip.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\Downloads\russian gay sperm [free] .avi.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_6208b91f46896156\fetish beastiality catfight .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ad7c61fb28607522\italian horse [bangbus] glans .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_f0ca3430257ea13f\sperm beast public .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_aedaf3947d09fbe5\japanese beastiality porn lesbian ash .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_3b85bcbe4734e96a\chinese blowjob [free] .rar.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\british animal big blondie .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Windows\SoftwareDistribution\Download\german fucking hardcore full movie vagina .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_bcc167434bb9b3ea\blowjob [bangbus] vagina sm (Janette,Britney).zip.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_00225053e03f4c04\brasilian handjob uncut .rar.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8c6fc5a7aa8c435d\malaysia gay full movie .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_2e7f079c3208e549\asian handjob horse masturbation sweet (Ashley,Kathrin).zip.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\russian action public gorgeoushorny .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8bfc34b93f0fdd42\norwegian beastiality porn several models castration .zip.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Windows\PLA\Templates\african xxx porn [milf] ejaculation .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_293ea1e3e6bc5364\gang bang handjob hidden .zip.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_99b74194b7347cab\indian fucking full movie fishy .avi.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8d9f242de8497d58\horse blowjob masturbation (Jade).zip.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_963e6ae24c653bfe\xxx handjob hidden nipples bedroom (Samantha).rar.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_4d274741486b900c\cumshot [milf] .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\gang bang horse hidden legs bondage (Curtney).mpg.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe
"C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe"
C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe
"C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe"
C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe
"C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe"
C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe
"C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 183.31.6.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.76.130.97.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.63.17.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.76.159.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.230.37.202.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.3.146.212.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.240.170.124.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 128.197.215.245.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.21.178.100.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.227.188.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.246.86.113.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.196.226.201.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.241.115.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.241.194.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.196.150.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 102.52.63.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.223.255.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.184.217.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 123.243.118.161.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.74.172.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 187.209.29.203.in-addr.arpa | udp |
| US | 8.8.8.8:53 | udp |
Files
memory/2880-0-0x0000000000400000-0x0000000000420000-memory.dmp
C:\Program Files\Windows Sidebar\Shared Gadgets\gay [bangbus] sm (Christine,Christine).avi.exe
| MD5 | 62730f1a96f002e76fa412c1c0f5cabc |
| SHA1 | 9c31226ab832da6640e870097089f854d9b36313 |
| SHA256 | 7dde0ddb48c507e99415b857e9947f7e1c9b61b67edfe31a141a2bc920085172 |
| SHA512 | a52565f474e0d2592e7acd46a318765ba95c649ee7448374c4ffc494eb58459a1a3e48c2f33491fd2bf412acfeb13491a72b0bfea60c8db0c6ba71e092888b4a |
memory/2880-25-0x00000000049D0000-0x00000000049F0000-memory.dmp
memory/1316-27-0x0000000000400000-0x0000000000420000-memory.dmp
memory/1316-61-0x0000000004900000-0x0000000004920000-memory.dmp
memory/2880-62-0x0000000004C30000-0x0000000004C50000-memory.dmp
memory/2680-63-0x0000000000400000-0x0000000000420000-memory.dmp
memory/2456-64-0x0000000000400000-0x0000000000420000-memory.dmp
memory/2880-95-0x0000000000400000-0x0000000000420000-memory.dmp
memory/2880-97-0x00000000049D0000-0x00000000049F0000-memory.dmp
memory/1316-98-0x0000000000400000-0x0000000000420000-memory.dmp
memory/1316-99-0x0000000004900000-0x0000000004920000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-08 01:22
Reported
2024-04-08 01:24
Platform
win10v2004-20240226-en
Max time kernel
150s
Max time network
152s
Command Line
Signatures
Detects executables containing possible sandbox analysis VM usernames
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\config\systemprofile\cum cumshot lesbian legs .zip.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\american trambling uncut penetration .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\chinese horse gang bang [free] feet shoes .avi.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\horse horse public .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\hardcore masturbation .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Windows\System32\LogFiles\Fax\Incoming\brasilian xxx fucking voyeur girly .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\black porn lingerie licking sm .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\african xxx handjob full movie vagina redhair .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\cumshot voyeur titts 40+ .zip.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\german bukkake licking (Curtney,Sarah).mpg.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\SHARED\malaysia animal [milf] circumcision (Karin,Jade).rar.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\SHARED\american kicking action hidden .avi.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\Microsoft Office\root\Templates\swedish beast kicking sleeping feet .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\lesbian gay masturbation feet hairy .rar.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\Download\animal girls glans (Anniston,Karin).mpg.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\norwegian sperm beastiality [free] .avi.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\gay [bangbus] sm (Christine,Christine).avi.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\gay handjob hidden .rar.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\african lingerie uncut vagina .avi.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\xxx big .avi.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\chinese animal [bangbus] nipples castration (Karin,Kathrin).avi.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Program Files\dotnet\shared\british bukkake lesbian redhair .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\french beastiality hidden legs .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Program Files\Microsoft Office\Updates\Download\swedish blowjob hardcore licking blondie .rar.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\japanese nude licking ash mature .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\spanish bukkake sperm masturbation (Sarah).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\horse fucking hot (!) young (Janette,Jenna).mpg.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\horse fucking public .zip.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Shared Gadgets\canadian gay masturbation boobs penetration (Jenna).mpg.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Microsoft Shared\animal porn [bangbus] .rar.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SystemResources\Windows.ShellCommon.SharedResources\horse cumshot full movie (Karin).mpg.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\Downloads\american blowjob gang bang sleeping (Sandy,Janette).rar.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..se-shared-datafiles_31bf3856ad364e35_10.0.19041.1_none_2f5f00d280dce9f6\swedish xxx full movie ash stockings .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\asian blowjob animal [free] (Gina).zip.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-sx-shared_31bf3856ad364e35_10.0.19041.1_none_f8e978b0ed48a6bb\horse uncut (Jade,Karin).mpg.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\canadian cumshot porn hidden .avi.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Windows\WinSxS\x86_netfx4-uninstallsqlstatetemplate_sql_b03f5f7f11d50a3a_4.0.15805.0_none_231ddfc33015c6db\german fucking [free] .zip.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..ces-ime-eashared-lm_31bf3856ad364e35_10.0.19041.1_none_4756d423b091d10b\blowjob blowjob [milf] (Sandy,Christine).zip.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-security-ntlmshared_31bf3856ad364e35_10.0.19041.1_none_7d9dab4e456449b1\nude bukkake hot (!) .rar.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_5af076e0a3cb0fa7\handjob action girls hotel .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedpc-sharedpccsp_31bf3856ad364e35_10.0.19041.1_none_24f622f1fc5a3f3c\american handjob uncut ejaculation .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-w..acejoin-gptemplates_31bf3856ad364e35_10.0.19041.1_none_609f27436445f4da\tyrkish fucking gang bang [milf] glans shower .rar.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_10.0.19041.1_none_359f84f8e5af60e2\american sperm horse public nipples .avi.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx4-_dataoraclec.._shared12_neutral_h_b03f5f7f11d50a3a_4.0.15805.0_none_3b8d4dacc2ea6b71\spanish blowjob gay voyeur beautyfull .zip.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\templates\british cumshot hot (!) mistress .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_en-us_310bfb76047869ad\british handjob uncut mature (Gina).mpg.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_de-de_bc04d4fbcc35e12a\nude licking circumcision (Gina).avi.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_ca03036af4a5017e\beast hardcore several models mature .rar.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Windows\CbsTemp\swedish lesbian cumshot [free] hairy (Curtney).rar.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_9aa486d790131d4e\black trambling fetish big boobs (Curtney).avi.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_89c0bf1761110f07\lingerie bukkake sleeping boobs (Sandy).avi.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_10.0.19041.1_none_096bb4dc0d5d63a0\african horse catfight nipples stockings .zip.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_ee7ea14f7d8a3ee3\gay big femdom .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedpc-sharedpccsp_31bf3856ad364e35_10.0.19041.746_none_4cfe603abbcbfd86\norwegian porn catfight nipples .avi.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-u..ell-sharedutilities_31bf3856ad364e35_10.0.19041.546_none_a93e4a2569276206\british hardcore lesbian lady .zip.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.84_none_cee95e04c201c860\russian sperm [milf] .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_a4f93129c473df49\nude masturbation cock 40+ .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.153_none_e23c926e32d07dc1\chinese horse voyeur young .rar.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_b1ffa0e7b4ed03e2\italian cumshot hardcore big latex (Janette,Janette).mpg.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_it-it_72a319bf8ee74a9b\gay handjob masturbation black hairunshaved .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.1_none_6e0e425bd0e83959\lesbian catfight vagina castration .rar.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_8d8f6812a0c99533\african beastiality horse big hole traffic .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_67a96afcfa248327\horse lesbian catfight young .avi.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_es-es_c9ce604ef4cbf323\german kicking gay girls sweet .zip.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_10.0.19041.1_none_965fbcbe4df0916b\hardcore uncut titts .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Windows\WinSxS\x86_microsoft-windows-m..-temptable-provider_31bf3856ad364e35_10.0.19041.1_none_77cfea69a421a4a1\fetish hot (!) beautyfull .zip.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_7860bee9439c3ae7\norwegian cumshot hidden .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx4-installsqlstatetemplate_sql_b03f5f7f11d50a3a_4.0.15805.0_none_7636d1cd418015c8\danish horse handjob catfight .zip.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-composable-sharepicker_31bf3856ad364e35_10.0.19041.1_none_c87e96327faffd0e\swedish blowjob fetish big (Jade,Jenna).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.746_none_d404daff82e97769\malaysia gay lesbian masturbation mature (Gina).rar.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_en-us_64f5aaf4bb13ecef\xxx catfight .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedrealitysvc_31bf3856ad364e35_10.0.19041.746_none_822bf1ada1526fa8\sperm girls .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_211cf1c632a13851\cum trambling catfight feet hairy .zip.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_14c898cc82025c76\fucking lingerie uncut gorgeoushorny (Christine,Sonja).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_2426cc56d654beaa\brasilian xxx uncut .zip.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\italian fetish catfight castration .zip.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.1_none_0bc0f3d4cd7dc8fd\canadian fucking hot (!) cock .avi.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_ab42fb092bda9182\norwegian handjob handjob hidden glans (Kathrin).rar.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_10.0.19041.207_none_e2f2dfeea7fa44fc\italian handjob sperm public swallow .avi.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Windows\assembly\tmp\russian sperm lesbian hidden Ôï .avi.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-s..-kf-commondownloads_31bf3856ad364e35_10.0.19041.1_none_a914e3e3f19ceda1\gang bang lesbian hot (!) granny .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1288_none_56c05939711f0938\chinese horse lesbian ash (Samantha).zip.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-security-ntlmshared_31bf3856ad364e35_10.0.19041.1_none_734900fc110387b6\cumshot hidden glans sm (Karin).mpg.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_10.0.19041.1_none_03040a328f65b761\african lingerie nude catfight .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_en-us_8dd6053a0a5910eb\fucking beast voyeur legs mistress .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1202_none_e2f5ebbcec2d8fca\french fucking animal catfight boobs .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\nude action girls boots .avi.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_de-de_881b257d159a5de8\canadian action masturbation shoes (Sonja,Kathrin).rar.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1_none_3cfd44d351b1a8ab\sperm fucking licking fishy .rar.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_e79b400a6df5fd2c\black lesbian licking ash .zip.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_es-es_64c107d8bb3ade94\norwegian lesbian horse full movie .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.84_none_81616275259e37fe\tyrkish lingerie beast masturbation femdom (Sandy).avi.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_07787dd7ae0cf4f6\kicking beast hidden cock (Sonja,Kathrin).avi.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.746_none_96167fa49059f7a3\spanish porn lesbian glans (Ashley).mpg.exe | C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe
"C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe"
C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe
"C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe"
C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe
"C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe"
C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe
"C:\Users\Admin\AppData\Local\Temp\c7efe52e3729714c024f3a75ae41b1dc6323ffdbde856e5604022795ce4f8eb7.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 159.113.53.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.223.142.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.95.144.39.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 250.52.59.113.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.160.62.120.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 223.31.90.112.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.208.238.145.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.64.69.68.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 142.251.152.63.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.166.125.6.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 245.130.162.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 144.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.6.20.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.217.157.238.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 63.214.165.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.74.126.80.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.181.193.124.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 44.154.14.153.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.245.196.124.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 126.94.216.212.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.67.29.119.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.111.102.226.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 177.36.197.9.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.142.113.126.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.19.181.167.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.198.149.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 164.24.105.122.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 230.8.168.161.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.102.151.107.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.232.148.210.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 208.252.29.102.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.133.111.90.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.23.223.166.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.151.88.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 170.87.59.218.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.34.233.132.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.69.132.206.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.26.185.232.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.17.243.197.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.21.133.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.58.205.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.235.82.171.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.158.163.32.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 189.212.177.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 144.34.236.149.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 124.251.5.76.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.176.96.122.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 220.99.20.200.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.38.136.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 167.96.250.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.189.57.194.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 251.193.198.250.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 235.174.158.254.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.240.122.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.215.189.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.211.191.148.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.43.119.224.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 231.18.73.76.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.21.80.171.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.33.184.242.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 94.172.176.39.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 39.33.206.164.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.22.53.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.28.128.36.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.199.106.126.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 120.150.79.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.184.178.54.in-addr.arpa | udp |
Files
memory/2856-0-0x0000000000400000-0x0000000000420000-memory.dmp
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\gay [bangbus] sm (Christine,Christine).avi.exe
| MD5 | 62730f1a96f002e76fa412c1c0f5cabc |
| SHA1 | 9c31226ab832da6640e870097089f854d9b36313 |
| SHA256 | 7dde0ddb48c507e99415b857e9947f7e1c9b61b67edfe31a141a2bc920085172 |
| SHA512 | a52565f474e0d2592e7acd46a318765ba95c649ee7448374c4ffc494eb58459a1a3e48c2f33491fd2bf412acfeb13491a72b0bfea60c8db0c6ba71e092888b4a |
memory/4256-33-0x0000000000400000-0x0000000000420000-memory.dmp
memory/2624-147-0x0000000000400000-0x0000000000420000-memory.dmp
memory/3120-148-0x0000000000400000-0x0000000000420000-memory.dmp
memory/2856-192-0x0000000000400000-0x0000000000420000-memory.dmp
memory/4256-197-0x0000000000400000-0x0000000000420000-memory.dmp
memory/2624-198-0x0000000000400000-0x0000000000420000-memory.dmp
memory/3120-200-0x0000000000400000-0x0000000000420000-memory.dmp