Analysis Overview
SHA256
c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600
Threat Level: Known bad
The file c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600 was found to be: Known bad.
Malicious Activity Summary
UPX dump on OEP (original entry point)
Detects executables containing possible sandbox analysis VM usernames
UPX dump on OEP (original entry point)
UPX packed file
Reads user/profile data of web browsers
Checks computer location settings
Adds Run key to start application
Enumerates connected drives
Drops file in System32 directory
Drops file in Program Files directory
Drops file in Windows directory
Enumerates physical storage devices
Unsigned PE
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-08 01:20
Signatures
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-08 01:20
Reported
2024-04-08 01:23
Platform
win7-20240221-en
Max time kernel
150s
Max time network
150s
Command Line
Signatures
Detects executables containing possible sandbox analysis VM usernames
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\System32\DriverStore\Temp\fucking uncut Ôë .avi.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Windows\System32\LogFiles\Fax\Incoming\lingerie lesbian hole .zip.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\xxx catfight hole 40+ .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\shared\tyrkish cumshot lingerie masturbation boots .zip.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\indian handjob horse girls upskirt .zip.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\swedish action bukkake sleeping titts .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\trambling girls mature (Anniston,Tatjana).avi.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\italian kicking sperm uncut feet mature .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\russian cum trambling lesbian .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\shared\american fetish hardcore masturbation titts bedroom .zip.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\black action hardcore sleeping ìï .zip.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\lesbian public latex (Sonja,Karin).mpg.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Program Files\DVD Maker\Shared\brasilian horse xxx [bangbus] balls .rar.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\Download\beast catfight .avi.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\hardcore [bangbus] ¤ã .zip.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Shared Gadgets\beast sleeping high heels .rar.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\blowjob lesbian feet .zip.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\american action xxx girls feet 50+ (Sarah).rar.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\indian cum lingerie [bangbus] .avi.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Program Files\Windows Journal\Templates\swedish horse sperm full movie cock young (Tatjana).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\indian fetish bukkake sleeping glans .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\microsoft shared\beast sleeping ash .zip.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\gay catfight (Tatjana).rar.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\lingerie big glans femdom .zip.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\xxx several models titts penetration (Sylvia).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_515dc677700303ec\malaysia xxx big leather .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Windows\Downloaded Program Files\tyrkish porn trambling uncut cock .rar.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\Downloads\japanese cumshot lingerie public titts mature (Samantha).mpg.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_65b23d3c3a97bfaf\malaysia beast several models cock .rar.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_2e7f079c3208e549\swedish cum hardcore voyeur bondage .avi.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0ac4ebfc358e5ec0\canadian gay licking feet .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_dd18b2a07d49aa11\handjob beast catfight circumcision (Ashley,Curtney).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\sperm lesbian titts leather .avi.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\gay [bangbus] titts girly .avi.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a3772de7111797da\canadian xxx [milf] .rar.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_6.1.7600.16385_none_49dd84a06c7c8863\animal trambling voyeur shower .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_bcc167434bb9b3ea\bukkake public .zip.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\italian cum hardcore [milf] sweet .zip.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_6.1.7600.16385_none_6377027f0030a06a\gang bang sperm [free] upskirt (Sandy,Curtney).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_7f84cd98a7a56fd8\italian horse lesbian public cock hotel (Janette).avi.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_a945e2c500c90142\gang bang gay public .avi.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_aedaf3947d09fbe5\british lesbian girls .avi.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_f0ca3430257ea13f\danish cumshot lesbian voyeur shower .zip.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_6.1.7600.16385_none_a727eb798dcfb185\japanese beastiality hardcore [bangbus] .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_f3c374fc18118ca2\british xxx hidden .rar.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Windows\winsxs\Temp\danish handjob xxx sleeping balls .avi.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_cd2006602e5ee22e\norwegian sperm [free] .rar.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_095efe9c8261401e\american horse horse catfight shower .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\danish cumshot horse hot (!) glans .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2fc4a33adb648f33\porn hardcore hot (!) (Sarah).rar.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_6.1.7600.16385_none_5499606faffb3f9f\nude xxx big hole .avi.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_1412267f4b3bb985\cum lesbian several models granny .zip.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_60a2cbbf935c42b4\norwegian sperm hidden feet .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Windows\assembly\tmp\russian beastiality bukkake sleeping .zip.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_657d9a203abeb154\japanese nude lingerie [milf] cock ash (Liz).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_4fe2107fd06efdd8\french sperm girls feet .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_bacc7ceffc55dca2\gang bang trambling voyeur glans (Britney,Melissa).zip.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\indian cum sperm girls glans hotel (Tatjana).avi.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0993a1b8823a4e79\trambling big cock .zip.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Windows\security\templates\tyrkish porn beast [milf] ìï .avi.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_94828572f7ddbf0f\animal gay sleeping (Melissa).mpg.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_7bfdfb15e7184c41\nude horse voyeur feet high heels .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ea4a469ab7713182\bukkake big wifey .rar.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8bfc34b93f0fdd42\british fucking [bangbus] mistress (Sandy,Melissa).avi.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-m..-temptable-provider_31bf3856ad364e35_6.1.7600.16385_none_1dd3ce8d1e7524cd\trambling [bangbus] cock (Anniston,Melissa).avi.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\japanese action fucking hot (!) (Janette).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\lesbian big cock fishy (Sylvia).rar.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_3c93ac15fd731acf\british sperm [free] feet (Kathrin,Samantha).avi.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_97a45841ff925aa0\brasilian action xxx hot (!) feet gorgeoushorny .zip.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_d8216ed3d8746200\nude beast public hole .rar.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\bukkake [bangbus] swallow (Sonja,Jade).zip.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\japanese horse trambling uncut titts girly (Melissa).zip.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\horse full movie cock penetration .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_6208b91f46896156\swedish kicking bukkake [bangbus] .avi.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\italian nude horse girls castration .zip.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8bc7919d3f36cee7\porn hardcore uncut cock .rar.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_3d98a610fed70b75\canadian trambling big cock girly .rar.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\fucking uncut cock .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_ddab3bcb3a4ffb45\black porn lesbian sleeping feet latex .avi.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_6.1.7600.16385_none_2958d4a31d2ec64f\horse hot (!) balls .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_16a2bb1dbab1c595\canadian fucking voyeur (Curtney).zip.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\fucking masturbation .avi.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f25d066604c2ad34\chinese blowjob public .zip.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_00225053e03f4c04\cum trambling [free] granny .rar.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8d9f242de8497d58\handjob hardcore lesbian cock high heels (Jade).avi.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Windows\winsxs\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_79642285ffd2a388\black cumshot hardcore several models stockings .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_664dbffec8693dfe\african beast [bangbus] cock stockings .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05\japanese porn hardcore uncut hole shoes .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0835101f2d90c7b6\horse hardcore [milf] feet ejaculation (Melissa).mpg.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe
"C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe"
C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe
"C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe"
C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe
"C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe"
C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe
"C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 213.200.35.17.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.143.224.189.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 201.24.95.55.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.25.123.240.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.67.111.121.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.211.211.62.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.67.4.76.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.47.66.183.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 63.209.182.235.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 112.166.226.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 94.74.151.115.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.110.222.70.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.196.67.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 231.59.244.135.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.87.141.83.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.38.179.196.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.149.91.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.209.105.248.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.102.182.160.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.30.42.136.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 201.59.38.85.in-addr.arpa | udp |
Files
memory/1656-0-0x0000000000400000-0x000000000041C000-memory.dmp
C:\Program Files\Windows Sidebar\Shared Gadgets\beast sleeping high heels .rar.exe
| MD5 | 03cc7ee36f2b249ef9cd099d07c2029b |
| SHA1 | 901df7143444f76eaaeeec0998695c2df27ee05a |
| SHA256 | 35cc0d839cec355317131dcc43bd81fa98d21a5da3a33ef4cbd548d51f1d4dd3 |
| SHA512 | baf1760bf3d2ce9820eedb71714a645f00b0ecf96b93db4e77de5726d959e8bafbfe83e7715eb2024b6b4c38e85c9a82413adf67d2b652779d3ba4b38101164d |
memory/1656-14-0x0000000005040000-0x000000000505C000-memory.dmp
memory/2500-15-0x0000000000400000-0x000000000041C000-memory.dmp
memory/2700-53-0x0000000000400000-0x000000000041C000-memory.dmp
memory/2500-54-0x0000000004A40000-0x0000000004A5C000-memory.dmp
memory/1656-88-0x0000000000400000-0x000000000041C000-memory.dmp
memory/2500-89-0x0000000000400000-0x000000000041C000-memory.dmp
memory/1656-90-0x0000000000400000-0x000000000041C000-memory.dmp
memory/2700-91-0x0000000000400000-0x000000000041C000-memory.dmp
memory/2476-92-0x0000000000400000-0x000000000041C000-memory.dmp
memory/1656-93-0x0000000000400000-0x000000000041C000-memory.dmp
memory/1656-94-0x0000000005040000-0x000000000505C000-memory.dmp
memory/2500-96-0x0000000004A40000-0x0000000004A5C000-memory.dmp
memory/1656-100-0x0000000000400000-0x000000000041C000-memory.dmp
C:\debug.txt
| MD5 | c649f309570119bea58bc196ac6f049b |
| SHA1 | 2571b70a603079c7634ac08b0a4ce7b8a6efb10b |
| SHA256 | f4ca14c0969df574eaf3e4e25157a745273053c98f8c028bdc0697e37be5cac3 |
| SHA512 | f102136c73da1d04509057656a10d9747e4758267d688d51898cf12652a842e2e9881f7c0ca757c29acfd0ff11322e5febd7a6908c96a8b6c184346b95a6353d |
memory/1656-114-0x0000000000400000-0x000000000041C000-memory.dmp
memory/1656-118-0x0000000000400000-0x000000000041C000-memory.dmp
memory/1656-122-0x0000000000400000-0x000000000041C000-memory.dmp
memory/1656-126-0x0000000000400000-0x000000000041C000-memory.dmp
memory/1656-130-0x0000000000400000-0x000000000041C000-memory.dmp
memory/1656-136-0x0000000000400000-0x000000000041C000-memory.dmp
memory/1656-140-0x0000000000400000-0x000000000041C000-memory.dmp
memory/1656-144-0x0000000000400000-0x000000000041C000-memory.dmp
memory/1656-148-0x0000000000400000-0x000000000041C000-memory.dmp
memory/1656-152-0x0000000000400000-0x000000000041C000-memory.dmp
memory/1656-156-0x0000000000400000-0x000000000041C000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-08 01:20
Reported
2024-04-08 01:23
Platform
win10v2004-20240226-en
Max time kernel
150s
Max time network
153s
Command Line
Signatures
Detects executables containing possible sandbox analysis VM usernames
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\config\systemprofile\danish bukkake fucking [free] beautyfull .rar.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\swedish handjob sperm [free] .rar.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\kicking porn uncut vagina .rar.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\malaysia sperm lesbian [free] boobs hotel .avi.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\black trambling catfight ash girly .rar.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\SHARED\xxx several models .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\malaysia beast cumshot [free] .zip.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\SHARED\canadian horse [milf] hole sm .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Windows\System32\LogFiles\Fax\Incoming\german lesbian [bangbus] glans (Samantha,Christine).zip.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\cum full movie cock fishy .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\hardcore voyeur (Sarah,Sonja).mpg.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\danish fetish hot (!) .zip.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\spanish handjob cumshot voyeur .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\kicking several models shoes .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\handjob sleeping high heels .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Program Files\dotnet\shared\chinese lingerie [free] pregnant (Ashley).zip.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\cumshot gang bang several models granny .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Program Files\Microsoft Office\Updates\Download\italian xxx full movie 50+ .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\bukkake beast public feet .zip.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\beast nude uncut mature .rar.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Templates\african porn bukkake sleeping .avi.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\african beastiality cum public hotel .avi.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\black trambling sleeping wifey .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\lingerie licking mature .avi.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\Download\gay [milf] femdom .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\german blowjob licking .zip.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\handjob uncut cock shower (Karin,Samantha).mpg.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\beast big .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Shared Gadgets\chinese xxx licking .zip.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Microsoft Shared\beastiality trambling voyeur wifey .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_19d22204a1f3fcaf\chinese lingerie hardcore sleeping black hairunshaved .rar.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_de-de_3d077a9cd5de5151\american animal several models boobs pregnant .avi.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1288_none_56c05939711f0938\indian cumshot blowjob [milf] .zip.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_it-it_f1a0741e853eda74\hardcore [free] vagina .zip.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_855aff45853749ef\horse hidden feet castration (Janette,Tatjana).avi.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_2fe79eae2833b9b1\african gang bang [bangbus] hole penetration (Sandy,Ashley).rar.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.746_none_d404daff82e97769\swedish fucking fetish [free] boots .rar.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-security-ntlmshared_31bf3856ad364e35_10.0.19041.1_none_734900fc110387b6\malaysia blowjob lesbian [milf] vagina mistress .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1202_none_e2f5ebbcec2d8fca\lingerie animal voyeur hotel .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.867_en-us_49453482f1fb5356\canadian horse action lesbian hole lady .rar.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_10.0.19041.1_none_359f84f8e5af60e2\indian hardcore fucking [free] (Sonja,Jade).zip.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Windows\WinSxS\Temp\french animal hardcore girls sweet .avi.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_b597a55b603b537d\cumshot several models titts .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-m..ineshared.resources_31bf3856ad364e35_10.0.19041.1_en-us_99ddc8ce8d3d6dac\sperm masturbation hairy .rar.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_10.0.19041.1_none_ae957c4c35a7bf73\action hardcore full movie young .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\Downloads\hardcore hidden shower .zip.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d38ece58f77171b4\cumshot cum full movie girly .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_it-it_4c5922428a6f2d08\danish action cum licking .avi.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1202_none_d8a1416ab7cccdcf\danish bukkake hidden .zip.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\italian lingerie masturbation bondage .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5021dd18efc0460c\japanese lesbian licking high heels (Sarah,Sonja).zip.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.906_none_f962ab5f47e1e896\fetish cum uncut (Anniston).zip.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1288_none_6115038ba57fcb33\fucking lesbian [milf] hole sm (Tatjana).avi.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_es-es_30d7585a049f5b52\british handjob handjob uncut glans .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedrealitysvc_31bf3856ad364e35_10.0.19041.1_none_5a23b464e1e0b15e\danish lesbian fetish licking (Sandy,Janette).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Windows\assembly\tmp\swedish cum masturbation ejaculation .rar.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_f3b35d713ce0fc7f\action cum girls boobs .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.572_none_d9e58b774d1b6e80\canadian action porn [milf] cock mistress .rar.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.84_none_cee95e04c201c860\chinese porn beast [milf] .zip.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.867_none_c29826784f9429f8\blowjob uncut .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1288_none_ca3007304990b2ea\cum lesbian ash young .avi.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.746_none_aaeae146be52e178\black porn gang bang girls ash girly .rar.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_en-us_8dd6053a0a5910eb\italian fucking fucking full movie pregnant .avi.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_621728fcd3c9d5f6\british blowjob gay lesbian Ôï .avi.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_10.0.19041.1_none_0341fea186758116\malaysia hardcore blowjob masturbation Ôï .rar.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx4-_dataperfcou.._shared12_neutral_h_b03f5f7f11d50a3a_4.0.15805.0_none_24ed4511dcc3019e\horse big bedroom .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_it-it_56adcc94becfef03\fetish animal masturbation latex .avi.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_cb389cf57d74d691\asian bukkake girls nipples (Jenna,Gina).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_10.0.19041.1_none_03040a328f65b761\gay horse girls wifey (Ashley,Sylvia).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\fucking hardcore [free] bondage .zip.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_3a3c49005c947bac\blowjob trambling public granny (Gina).rar.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\kicking [bangbus] shoes (Karin).zip.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_4c786ae2f508e6d5\french beastiality beast [free] .avi.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_bfae5918c0443f83\lingerie [milf] boobs bedroom .rar.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-t..ervices-tsfairshare_31bf3856ad364e35_10.0.19041.746_none_0b33a1c93a22de1c\swedish nude masturbation .zip.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\templates\danish beastiality public glans (Melissa,Kathrin).rar.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-s..mon-sharedresources_31bf3856ad364e35_10.0.19041.1_none_5417ea1f38dbb76b\african xxx [free] cock .rar.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\gay nude licking .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-t..ervices-tsfairshare_31bf3856ad364e35_10.0.19041.1_none_e32b64807ab11fd2\tyrkish blowjob lesbian fishy .rar.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_2610450c30b37cc4\american horse cum sleeping black hairunshaved .avi.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_89c0bf1761110f07\beast bukkake several models mistress (Sandy).avi.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\asian beast sleeping femdom (Sylvia,Jenna).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_ab42fb092bda9182\gay several models swallow .zip.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.746_none_2212358fc33cc10f\german gay gay catfight 40+ .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.1_none_f42978969c79336a\black cum several models femdom (Sarah,Jenna).avi.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-u..ell-sharedutilities_31bf3856ad364e35_10.0.19041.546_none_a93e4a2569276206\asian gang bang gang bang sleeping glans 40+ .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Windows\WinSxS\x86_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_10.0.19041.1_none_d980e9752d51efac\american fetish [free] femdom .avi.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_56cd15352969a8d0\swedish gang bang [free] .rar.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c3d467c525734eb3\japanese fucking bukkake [free] vagina .avi.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_5b152a8d329397ec\norwegian beast girls pregnant (Kathrin,Christine).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_5af076e0a3cb0fa7\gang bang several models hole hairy (Anniston,Curtney).rar.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_10.0.19041.1_none_a3d9a07cf2290837\german fucking masturbation (Anniston,Jade).rar.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.572_none_cf90e12518baac85\french bukkake hardcore [bangbus] .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.1_none_c6da8048542fddc7\brasilian fucking hot (!) sweet .zip.exe | C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe
"C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe"
C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe
"C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe"
C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe
"C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe"
C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe
"C:\Users\Admin\AppData\Local\Temp\c796049d73eaaf2127ac3a692d5ee8246122c865db04d427a165f146abd1d600.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.139.73.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 139.34.175.251.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.208.136.148.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 179.221.10.11.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.87.189.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.49.227.5.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.195.60.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.218.161.97.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.230.120.205.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 170.197.38.254.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 215.179.13.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.105.52.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.244.21.39.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.249.68.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 224.88.146.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.7.3.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 236.45.192.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 166.202.153.233.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.102.204.197.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 223.200.92.68.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.3.208.82.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.157.209.230.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 186.177.124.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 250.128.85.115.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 231.148.105.232.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.100.232.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.124.215.110.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.97.48.71.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 253.141.4.5.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 115.37.219.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.110.183.71.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 162.227.68.32.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.212.237.205.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 252.226.207.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.168.202.6.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 167.243.226.72.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.54.38.211.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.29.71.16.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 220.35.190.207.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 177.35.33.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 114.1.175.102.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.247.224.48.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 187.185.43.31.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.49.255.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 181.163.178.71.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 223.238.198.25.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 250.45.21.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 120.213.228.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.40.204.249.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 61.135.135.111.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.65.211.190.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.43.80.1.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.165.132.100.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.15.129.105.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.42.191.82.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.189.35.59.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.122.120.221.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.87.250.203.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 61.132.98.237.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.159.249.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 45.251.33.48.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.53.29.94.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.104.167.82.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 187.46.7.48.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.84.36.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 179.129.114.63.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 168.223.188.112.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 247.105.146.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.201.49.121.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 37.94.69.253.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.144.251.32.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 141.111.102.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.170.84.160.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.201.69.98.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.193.132.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 223.149.162.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.205.64.147.in-addr.arpa | udp |
Files
memory/3952-0-0x0000000000400000-0x000000000041C000-memory.dmp
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\cumshot gang bang several models granny .mpeg.exe
| MD5 | e93ed4cd94d66909f215f83d8053582d |
| SHA1 | 3618f699a9904055be27308b03e0d98fb35ae370 |
| SHA256 | d60d2217abf459b26ce38116486671dc82ca9f2db30944a8d754c8fec1902b34 |
| SHA512 | 28bcfc24958102f54cdb5158ff3d6be7c38aad1fc225a3ec96dc90391ded3925d72796c6f19b26ac9f216c7dbb898451c543a17e73047b8af824682651453b6e |
memory/2244-43-0x0000000000400000-0x000000000041C000-memory.dmp
memory/3952-184-0x0000000000400000-0x000000000041C000-memory.dmp
memory/4452-186-0x0000000000400000-0x000000000041C000-memory.dmp
memory/4032-187-0x0000000000400000-0x000000000041C000-memory.dmp
memory/3952-188-0x0000000000400000-0x000000000041C000-memory.dmp
memory/3952-190-0x0000000000400000-0x000000000041C000-memory.dmp
memory/3952-196-0x0000000000400000-0x000000000041C000-memory.dmp
memory/3952-206-0x0000000000400000-0x000000000041C000-memory.dmp
memory/3952-210-0x0000000000400000-0x000000000041C000-memory.dmp
memory/3952-215-0x0000000000400000-0x000000000041C000-memory.dmp
memory/3952-219-0x0000000000400000-0x000000000041C000-memory.dmp
memory/3952-223-0x0000000000400000-0x000000000041C000-memory.dmp
memory/3952-227-0x0000000000400000-0x000000000041C000-memory.dmp
memory/3952-231-0x0000000000400000-0x000000000041C000-memory.dmp
memory/3952-235-0x0000000000400000-0x000000000041C000-memory.dmp
memory/3952-239-0x0000000000400000-0x000000000041C000-memory.dmp
memory/3952-243-0x0000000000400000-0x000000000041C000-memory.dmp
memory/3952-247-0x0000000000400000-0x000000000041C000-memory.dmp