Analysis Overview
SHA256
26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0
Threat Level: Known bad
The file 26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0 was found to be: Known bad.
Malicious Activity Summary
UPX dump on OEP (original entry point)
Detects executables containing possible sandbox analysis VM usernames
UPX dump on OEP (original entry point)
Checks computer location settings
Reads user/profile data of web browsers
UPX packed file
Enumerates connected drives
Adds Run key to start application
Drops file in System32 directory
Drops file in Windows directory
Drops file in Program Files directory
Unsigned PE
Enumerates physical storage devices
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-03 19:32
Signatures
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-03 19:32
Reported
2024-04-03 19:35
Platform
win7-20240221-en
Max time kernel
150s
Max time network
146s
Command Line
Signatures
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\FxsTmp\cumshot voyeur legs sweet .avi.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\malaysia horse beastiality uncut traffic .rar.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\spanish kicking big redhair .mpg.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\shared\black bukkake uncut 40+ .zip.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\horse [milf] .avi.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\indian hardcore blowjob [milf] stockings (Melissa,Melissa).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\bukkake catfight cock .rar.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\shared\african porn hidden boobs bedroom .zip.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Windows\System32\LogFiles\Fax\Incoming\danish cum porn [free] boobs beautyfull .avi.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\swedish porn handjob [free] feet latex .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\DVD Maker\Shared\kicking porn catfight .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Program Files\Windows Journal\Templates\danish trambling hot (!) boobs .zip.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\microsoft shared\animal lesbian .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\russian fucking big swallow .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\african hardcore cumshot uncut ash upskirt .rar.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Shared Gadgets\african lingerie action uncut ejaculation (Melissa,Curtney).rar.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\spanish blowjob action voyeur lady .rar.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\bukkake horse hidden .mpg.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\danish trambling trambling full movie nipples (Christine,Ashley).rar.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\chinese bukkake horse lesbian .zip.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\bukkake beast hidden titts .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\african animal catfight .mpg.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\american action lesbian latex .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\danish horse action hidden .mpg.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\Download\canadian nude [free] titts (Sylvia,Liz).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\fucking cum lesbian femdom .zip.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_a945e2c500c90142\malaysia fucking bukkake [milf] legs .rar.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_f3c374fc18118ca2\horse kicking masturbation young .zip.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Windows\PLA\Templates\gay [bangbus] .zip.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\african horse animal uncut lady .mpg.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\japanese fucking action catfight redhair (Sandy,Jenna).rar.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5d9f7d70ed4643fd\kicking fucking several models 50+ .mpg.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_dba3691c6002e10e\american action cumshot [milf] boots .mpg.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Windows\winsxs\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_79642285ffd2a388\swedish porn hot (!) leather .avi.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_3c93ac15fd731acf\asian action licking ash (Anniston,Janette).rar.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_7f84cd98a7a56fd8\indian bukkake masturbation .rar.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\american handjob hot (!) .zip.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_dd18b2a07d49aa11\handjob gang bang hot (!) .avi.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_94828572f7ddbf0f\african bukkake blowjob [free] high heels (Melissa).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\french bukkake public boobs bondage .zip.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Windows\security\templates\german horse kicking full movie sweet .avi.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\american horse uncut legs .rar.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_1412267f4b3bb985\indian beast sleeping ìï .rar.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0993a1b8823a4e79\african gay kicking several models vagina pregnant .zip.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\trambling gay uncut cock .mpg.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05\bukkake beastiality voyeur feet wifey .zip.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_657d9a203abeb154\bukkake hot (!) (Samantha).rar.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_39c9d74ef2ad6c7b\african bukkake lesbian catfight boobs 50+ (Karin).rar.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_f27c4f066f5c6701\german cumshot lesbian balls .avi.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_095efe9c8261401e\hardcore hardcore full movie feet .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Windows\Downloaded Program Files\trambling horse several models 50+ .rar.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_05ea1d9b8e2bf020\italian beast bukkake [milf] .avi.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_6f0f7833cb71e18d\brasilian action nude hot (!) ash .avi.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f25d066604c2ad34\lingerie animal sleeping YEâPSè& (Gina,Gina).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5d6ada54ed6d35a2\danish trambling xxx uncut cock upskirt .avi.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2fc4a33adb648f33\fucking catfight feet .avi.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_bacc7ceffc55dca2\swedish cum hot (!) .rar.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\Downloads\cum voyeur legs .mpg.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_65b23d3c3a97bfaf\horse sleeping .rar.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\Downloads\british cumshot fucking hidden .mpg.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Windows\winsxs\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_6b16fa9f975e1109\nude catfight .avi.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ac16749b75335680\indian handjob catfight ash .mpg.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e30b5ec05031d17d\kicking uncut penetration (Melissa).zip.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_60a2cbbf935c42b4\horse sleeping bedroom .avi.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b4aea777fe683838\german bukkake lesbian circumcision .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_6.1.7600.16385_none_6377027f0030a06a\blowjob nude [free] titts ash .rar.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_it-it_18a6fde3093acac7\tyrkish cum cum masturbation (Janette).rar.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\norwegian gang bang uncut girly .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\norwegian bukkake [bangbus] balls .avi.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\brasilian animal girls feet (Gina,Janette).avi.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ea4a469ab7713182\spanish lesbian hidden bedroom .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_6208b91f46896156\spanish hardcore masturbation glans blondie (Tatjana).avi.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Windows\mssrv.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_99b74194b7347cab\bukkake horse girls traffic (Jenna).rar.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_bcc167434bb9b3ea\gay public .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a3772de7111797da\gang bang gang bang [milf] boobs traffic .mpg.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_6.1.7600.16385_none_2958d4a31d2ec64f\cum hardcore catfight shoes .mpg.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_664dbffec8693dfe\chinese kicking full movie .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\african trambling [milf] Ôë .mpg.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_d81c96999f75bd77\malaysia animal public granny .mpg.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_en-us_00f45b041e1e8fd3\african cumshot xxx voyeur cock castration .rar.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_6.1.7600.16385_none_5499606faffb3f9f\xxx animal several models vagina .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\tyrkish sperm bukkake catfight traffic .zip.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_2e7f079c3208e549\gay catfight (Sandy,Anniston).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_60c2504d62fd4f0e\chinese gang bang beast lesbian stockings (Ashley,Samantha).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_6.1.7600.16385_none_a727eb798dcfb185\swedish handjob animal hidden bedroom .rar.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-m..-temptable-provider_31bf3856ad364e35_6.1.7600.16385_none_1dd3ce8d1e7524cd\british porn public .rar.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Windows\SoftwareDistribution\Download\bukkake voyeur hole stockings (Tatjana,Janette).mpg.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_ddab3bcb3a4ffb45\blowjob cumshot [bangbus] titts .zip.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe
"C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe"
C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe
"C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe"
C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe
"C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 79.131.176.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.251.64.26.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 125.180.181.47.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 185.243.55.100.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.12.185.224.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 251.73.145.169.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.124.161.97.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.234.146.252.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.136.207.188.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 219.51.75.147.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 62.250.51.197.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.4.170.222.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.164.78.240.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.234.210.43.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.35.188.19.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.59.199.165.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 186.213.138.190.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 230.63.211.221.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.186.16.100.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.17.124.121.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.142.99.249.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.80.160.105.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.68.190.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.37.105.175.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.157.127.75.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.237.214.75.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.79.209.24.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 96.50.168.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.69.183.175.in-addr.arpa | udp |
Files
memory/1808-0-0x0000000000400000-0x000000000041D000-memory.dmp
C:\Program Files\Windows Sidebar\Shared Gadgets\african lingerie action uncut ejaculation (Melissa,Curtney).rar.exe
| MD5 | 606c349f9f0b8878d98d1ea3d40c2304 |
| SHA1 | 385a18795063f219195d6ffd79674b6ee43b7251 |
| SHA256 | a76a83359ac4f7fa3fb6f107bad0419e3881e378dd1210d652bc478a33b8dea3 |
| SHA512 | 52f848c302413ef9a84a078db4a49ec2fb52688193211822ed177abf0e81c8d8ef248c494a7bd34513d32d8af1c258544b864b5bca999f86a8b4125c956ca0cf |
memory/1808-76-0x0000000004C70000-0x0000000004C8D000-memory.dmp
memory/2184-77-0x0000000000400000-0x000000000041D000-memory.dmp
memory/2184-89-0x0000000004E10000-0x0000000004E2D000-memory.dmp
memory/1808-105-0x0000000000400000-0x000000000041D000-memory.dmp
memory/1808-107-0x0000000004C70000-0x0000000004C8D000-memory.dmp
memory/2184-108-0x0000000000400000-0x000000000041D000-memory.dmp
memory/2184-110-0x0000000004E10000-0x0000000004E2D000-memory.dmp
memory/1660-111-0x0000000000400000-0x000000000041D000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-03 19:32
Reported
2024-04-03 19:35
Platform
win10v2004-20240226-en
Max time kernel
151s
Max time network
150s
Command Line
Signatures
Detects executables containing possible sandbox analysis VM usernames
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\System32\DriverStore\Temp\canadian gay full movie (Samantha).zip.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\SHARED\german xxx several models femdom .avi.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Windows\System32\LogFiles\Fax\Incoming\asian nude catfight penetration .mpg.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\asian animal catfight stockings .zip.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\sperm public titts (Gina).mpg.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\trambling voyeur fishy (Curtney).rar.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\indian gay several models cock ejaculation .zip.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\beastiality trambling masturbation YEâPSè& .rar.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\SHARED\cum porn uncut ¼ë (Jade,Tatjana).rar.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\hardcore full movie shower (Gina).rar.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\african sperm big .mpg.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\french bukkake lesbian hot (!) (Anniston).zip.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Common Files\Microsoft Shared\horse horse [free] 40+ .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\cumshot nude girls .mpg.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Shared Gadgets\cumshot voyeur .rar.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\danish kicking action lesbian high heels (Sylvia).mpg.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\british action voyeur leather (Janette,Sonja).rar.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\tyrkish cumshot horse masturbation hotel .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\malaysia bukkake lesbian legs black hairunshaved .zip.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\malaysia cumshot hidden pregnant .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Templates\african cum fucking masturbation legs (Gina).avi.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\sperm girls .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Install\{A22979E4-D188-4AF0-A888-04FE21284B11}\EDGEMITMP_19EA3.tmp\american horse kicking uncut balls .rar.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\lesbian sleeping shower .rar.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\sperm fetish [bangbus] mature .mpg.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Program Files\dotnet\shared\kicking horse voyeur .zip.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Program Files\Microsoft Office\Updates\Download\lingerie licking pregnant (Kathrin).zip.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\action [free] .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\porn fucking [bangbus] castration .rar.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\Download\xxx hardcore masturbation .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\russian sperm several models titts YEâPSè& .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\swedish beast fetish girls legs .mpg.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.789_en-us_58ebf9ecc407e3c0\cum fetish [bangbus] glans high heels (Melissa,Britney).zip.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_5af076e0a3cb0fa7\blowjob [milf] ash .avi.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_5abbd3c4a3f2014c\canadian trambling lesbian cock lady (Sarah,Sonja).avi.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\swedish gay full movie traffic .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d38ece58f77171b4\trambling full movie .mpg.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5fdc43acc1be690d\japanese bukkake sperm several models feet traffic .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_7860bee9439c3ae7\horse cumshot voyeur (Anniston).rar.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_57eddd48e7a74274\american fucking sleeping titts high heels .zip.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.867_none_c29826784f9429f8\french cumshot hot (!) castration .rar.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Windows\SystemResources\Windows.ShellCommon.SharedResources\lingerie public vagina (Kathrin,Curtney).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_ab42fb092bda9182\brasilian hardcore xxx licking latex .zip.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\indian gay masturbation shower .zip.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..s-ime-eashared-ihds_31bf3856ad364e35_10.0.19041.1_none_e8996b7d3512363f\malaysia kicking licking swallow .avi.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_b1ffa0e7b4ed03e2\italian beastiality voyeur cock femdom (Sonja,Sylvia).avi.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_10.0.19041.1_none_a3d9a07cf2290837\british nude lingerie voyeur .mpg.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_19d22204a1f3fcaf\indian sperm [bangbus] vagina .mpg.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.1266_none_7916f7558927ae23\black nude animal [bangbus] young .zip.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_de-de_881b257d159a5de8\cumshot blowjob [milf] sweet .mpg.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\Downloads\bukkake horse licking .rar.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Windows\Downloaded Program Files\malaysia gay [free] lady .mpg.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_10.0.19041.1_none_de1581e9a275faf8\italian nude xxx big titts circumcision .rar.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.1_none_f42978969c79336a\asian lesbian public femdom .avi.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Windows\assembly\temp\indian lesbian cum voyeur .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\spanish bukkake fucking [milf] pregnant .avi.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_211cf1c632a13851\black beast blowjob voyeur swallow (Sandy).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_cb389cf57d74d691\chinese horse cumshot hot (!) hole shower .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.153_none_e23c926e32d07dc1\fetish blowjob masturbation hole .rar.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\swedish gay lingerie several models feet balls .zip.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\black nude gay big blondie .rar.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_833abdc06c68d338\asian cum nude public hole .avi.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..ces-ime-eashared-lm_31bf3856ad364e35_10.0.19041.1_none_3d0229d17c310f10\malaysia cumshot masturbation .zip.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_10.0.19041.1_none_8c0b126c198fcf70\african cumshot masturbation redhair (Ashley).rar.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_4c786ae2f508e6d5\handjob trambling licking titts .mpg.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_1bbb9ab9fc52bac9\french porn fucking girls titts sweet .mpg.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_9aa486d790131d4e\cum voyeur girly (Kathrin,Gina).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.1_none_abfc9db6c377b91f\german lingerie several models ash .rar.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\tyrkish kicking xxx full movie ash fishy .avi.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.1_none_fa09f84703cb02c5\handjob beastiality [milf] gorgeoushorny .rar.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_fd7349c396c417ae\gang bang several models young .zip.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_bfae5918c0443f83\malaysia fucking beastiality girls girly .mpg.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.1_none_c6da8048542fddc7\black porn cumshot [milf] (Karin,Tatjana).rar.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_it-it_72a319bf8ee74a9b\black beastiality [milf] circumcision .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_2fe79eae2833b9b1\beast porn voyeur (Liz,Karin).zip.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1_none_3cfd44d351b1a8ab\blowjob voyeur cock wifey (Sandy).rar.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Windows\SoftwareDistribution\Download\trambling licking beautyfull .avi.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_it-it_bdb6c49fcea35732\japanese sperm full movie legs (Sandy,Curtney).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_10.0.19041.1_none_ae957c4c35a7bf73\british beastiality hardcore full movie (Liz,Sonja).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Windows\security\templates\nude hot (!) .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5021dd18efc0460c\hardcore voyeur Ôï .mpg.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.746_none_d01527cffa9c25bc\asian xxx sperm hidden vagina .avi.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_10.0.19041.1_none_bd731e5b85dd203e\animal cumshot hidden vagina circumcision (Sarah,Curtney).rar.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_en-us_e5f85095c4bc5d16\canadian trambling girls pregnant .avi.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_62312bfbb33d478a\beastiality porn masturbation .zip.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_de-de_3d077a9cd5de5151\handjob uncut gorgeoushorny .rar.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_es-es_e5c3ad79c4e34ebb\african hardcore beastiality [free] shoes .rar.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Windows\CbsTemp\chinese cum full movie black hairunshaved (Karin,Britney).rar.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.1_none_a80cea873b2a6772\japanese porn voyeur wifey .rar.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_f07d4fae3e8e883f\swedish horse horse several models sweet (Liz).zip.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..se-shared-datafiles_31bf3856ad364e35_10.0.19041.1_none_2f5f00d280dce9f6\asian sperm [milf] beautyfull (Curtney).avi.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_es-es_bf79b5fcc06b3128\handjob licking (Sarah,Karin).zip.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Windows\InputMethod\SHARED\gay catfight .avi.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\templates\beast full movie redhair .zip.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1151_none_fbdc4c5f677dc2ec\beast action uncut hole circumcision .avi.exe | C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe
"C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe"
C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe
"C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe"
C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe
"C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe"
C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe
"C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4472 --field-trial-handle=2280,i,1836084024518340990,18250262151825427757,262144 --variations-seed-version /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.108.222.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| GB | 142.250.187.202:443 | tcp | |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 218.122.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.16.208.104.in-addr.arpa | udp |
Files
memory/2056-0-0x0000000000400000-0x000000000041D000-memory.dmp
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\danish kicking action lesbian high heels (Sylvia).mpg.exe
| MD5 | e3f673e2655a427733249346b5b3b3c0 |
| SHA1 | 1f8f3779b07a07bc1d7907e80c783063711db918 |
| SHA256 | 2c10fdcd79aed1a6e9b1d380e3d39e79ae3517a2aa417c7efdfa538a369b11d6 |
| SHA512 | 667cb2df244c5713e59677a0b07452c82b327940ac7dbb6b95936a780dcc85d3c56e3a1f23f3e7e9740c699e3344aa323225c7d888f1490d3eaba068961c4dfe |
memory/5444-10-0x0000000000400000-0x000000000041D000-memory.dmp
memory/5352-12-0x0000000000400000-0x000000000041D000-memory.dmp
memory/5408-13-0x0000000000400000-0x000000000041D000-memory.dmp
memory/2056-90-0x0000000000400000-0x000000000041D000-memory.dmp
memory/5444-169-0x0000000000400000-0x000000000041D000-memory.dmp
memory/5352-172-0x0000000000400000-0x000000000041D000-memory.dmp
memory/5408-180-0x0000000000400000-0x000000000041D000-memory.dmp