Analysis Overview
SHA256
64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7
Threat Level: Known bad
The file 64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7 was found to be: Known bad.
Malicious Activity Summary
Detects executables containing possible sandbox analysis VM usernames
Detects executables containing possible sandbox analysis VM usernames
Checks computer location settings
Reads user/profile data of web browsers
Adds Run key to start application
Enumerates connected drives
Drops file in System32 directory
Drops file in Program Files directory
Drops file in Windows directory
Unsigned PE
Enumerates physical storage devices
Program crash
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-06 21:45
Signatures
Detects executables containing possible sandbox analysis VM usernames
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-06 21:45
Reported
2024-04-06 21:48
Platform
win7-20240221-en
Max time kernel
152s
Max time network
127s
Command Line
Signatures
Detects executables containing possible sandbox analysis VM usernames
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\System32\LogFiles\Fax\Incoming\trambling voyeur glans .mpg.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\shared\blowjob hidden cock .rar.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\beast hidden titts (Kathrin,Janette).rar.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\lingerie [milf] bondage .mpg.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\russian kicking blowjob several models .zip.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\shared\bukkake hidden (Jade).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\bukkake masturbation cock penetration .mpg.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\sperm voyeur glans 50+ (Sylvia).avi.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\lingerie hot (!) glans (Sandy,Liz).mpg.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\indian beastiality hardcore uncut .mpg.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\brasilian animal beast several models .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\bukkake [bangbus] feet swallow .mpg.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\microsoft shared\lingerie masturbation hole .rar.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\Download\russian action horse girls cock blondie .rar.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\brasilian beastiality hardcore hidden titts hotel (Jade).zip.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\american action gay hidden cock penetration .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Program Files\Windows Journal\Templates\russian horse blowjob voyeur .rar.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Shared Gadgets\tyrkish cum fucking sleeping (Liz).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\japanese porn sperm big upskirt .rar.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\xxx lesbian (Sarah).rar.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\lingerie sleeping .rar.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Program Files\DVD Maker\Shared\gay public YEâPSè& .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\black kicking fucking girls sweet .avi.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\brasilian animal lingerie voyeur circumcision .rar.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\tyrkish nude blowjob lesbian (Janette).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_en-us_00f45b041e1e8fd3\chinese hardcore [milf] titts .zip.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_2e7f079c3208e549\horse xxx licking boots (Kathrin,Sylvia).avi.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_6.1.7600.16385_none_a727eb798dcfb185\tyrkish cumshot hardcore licking castration (Gina,Jade).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_39374e2435a71b47\malaysia lesbian hidden .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\lesbian voyeur (Samantha).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0835101f2d90c7b6\beastiality trambling girls feet (Sonja,Sarah).mpg.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2fc4a33adb648f33\porn lesbian sleeping hole .rar.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0af98f1835676d1b\brasilian handjob trambling [bangbus] titts wifey .zip.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_9498b282333b64ec\danish porn bukkake hot (!) (Melissa).rar.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Windows\mssrv.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_6.1.7600.16385_none_49dd84a06c7c8863\gay catfight traffic (Anniston,Sarah).zip.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ad7c61fb28607522\chinese sperm sleeping hole wifey .rar.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-m..-temptable-provider_31bf3856ad364e35_6.1.7600.16385_none_1dd3ce8d1e7524cd\russian cumshot beast lesbian gorgeoushorny .avi.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\american beastiality trambling hot (!) bondage .zip.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_34400a5790d1d336\tyrkish horse bukkake masturbation glans shoes .zip.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_4d274741486b900c\black horse lingerie voyeur titts black hairunshaved .avi.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5d9f7d70ed4643fd\spanish lesbian full movie glans girly (Tatjana).zip.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_it-it_18a6fde3093acac7\porn trambling hidden (Samantha).avi.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_94ab98ac6d213009\bukkake girls blondie .rar.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_4fe2107fd06efdd8\japanese porn xxx full movie cock pregnant .rar.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_97a45841ff925aa0\canadian xxx several models 50+ (Kathrin,Karin).mpg.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\trambling [bangbus] sm (Sonja,Curtney).rar.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\italian handjob horse hidden titts young .avi.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Windows\assembly\temp\japanese animal hardcore public titts (Christine,Liz).mpg.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_99b74194b7347cab\norwegian xxx catfight hole blondie (Jade).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_d81c96999f75bd77\cumshot lesbian uncut .avi.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_94828572f7ddbf0f\cum beast public titts .zip.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_dba3691c6002e10e\malaysia fucking licking cock .rar.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_3d98a610fed70b75\american porn trambling girls titts balls (Karin).rar.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_f27c4f066f5c6701\canadian beast girls .mpg.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_65b23d3c3a97bfaf\brasilian animal beast [milf] titts .rar.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_657d9a203abeb154\italian beastiality horse [free] (Jade).zip.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_16a2bb1dbab1c595\beastiality sperm several models .rar.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_3863e9ef3f804dd9\beastiality blowjob several models feet .avi.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\swedish action bukkake sleeping cock granny (Sylvia).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\black beastiality hardcore lesbian .zip.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Windows\winsxs\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_6b16fa9f975e1109\russian nude gay masturbation titts .avi.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5d6ada54ed6d35a2\handjob xxx uncut glans (Sonja,Sarah).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_963e6ae24c653bfe\porn beast voyeur titts (Sonja,Janette).avi.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\russian cum gay public (Sarah).avi.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_aedaf3947d09fbe5\animal gay sleeping penetration (Anniston,Sarah).rar.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ea4a469ab7713182\action hardcore [bangbus] sm .zip.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_f3c374fc18118ca2\black cum horse lesbian cock young .rar.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Windows\assembly\tmp\tyrkish animal trambling hidden YEâPSè& .rar.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\sperm lesbian redhair .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_6.1.7600.16385_none_af6f98ff87b0e3cc\malaysia lingerie hidden (Melissa).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\italian handjob sperm girls titts .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Windows\security\templates\action bukkake licking upskirt (Sonja,Sylvia).mpg.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Windows\PLA\Templates\brasilian handjob fucking hidden YEâPSè& (Ashley,Melissa).mpg.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\horse [bangbus] leather .zip.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\Downloads\indian kicking horse lesbian stockings .mpg.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_de-de_5803850b2f40840e\horse trambling hidden .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8d9f242de8497d58\african lingerie [milf] hole (Sonja,Melissa).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\american porn fucking sleeping feet .rar.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\russian beastiality beast uncut (Karin).avi.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\fucking big femdom .rar.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8bc7919d3f36cee7\american horse gay big titts hairy .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_387a16fe7addf3b6\danish animal trambling [free] cock .mpg.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_664dbffec8693dfe\cum blowjob public hole beautyfull (Karin).avi.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\trambling [milf] balls .rar.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_1412267f4b3bb985\cum beast full movie pregnant .mpg.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_05ea1d9b8e2bf020\brasilian gang bang beast several models high heels (Britney,Jade).avi.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_515dc677700303ec\blowjob [bangbus] hairy (Britney,Tatjana).rar.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\swedish handjob hardcore sleeping glans circumcision .mpg.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
Enumerates physical storage devices
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe |
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe
"C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe"
C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe
"C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe"
C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe
"C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1932 -s 564
Network
Files
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\brasilian animal lingerie voyeur circumcision .rar.exe
| MD5 | 766cff4d819fcda9388119f2bd0cec38 |
| SHA1 | 1cd1d23a106299f9b6d6c243184389a10a3e61e4 |
| SHA256 | a649fb7a096031962de64bc6c3894fc37860794f22a99c96e151996bb13abfcd |
| SHA512 | 85294f93edfeec92225a6c0441c06c4d331757f48a1029de2ba600c1489f494506c72202bb7103e1ade19671ea4b4e25ef93525fff8f08755a12d832f1ac231a |
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-06 21:45
Reported
2024-04-06 21:48
Platform
win10v2004-20240226-en
Max time kernel
150s
Max time network
155s
Command Line
Signatures
Detects executables containing possible sandbox analysis VM usernames
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\config\systemprofile\beastiality catfight cock .avi.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\swedish trambling blowjob public .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Windows\System32\LogFiles\Fax\Incoming\animal horse girls .rar.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\malaysia cum lesbian several models .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\black bukkake hidden feet .mpg.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\horse lesbian mature .zip.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\SHARED\british lesbian big high heels (Sandy).mpg.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\black lingerie [milf] .zip.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\norwegian blowjob sperm uncut fishy (Liz,Janette).zip.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\brasilian lingerie full movie legs granny .avi.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\SHARED\blowjob handjob voyeur circumcision .zip.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\cumshot horse hidden vagina .mpg.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Common Files\Microsoft Shared\asian horse fucking catfight legs girly .mpg.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\hardcore lesbian stockings .avi.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\chinese lingerie fetish masturbation titts (Ashley,Janette).mpg.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Program Files\dotnet\shared\malaysia gay beastiality [bangbus] .avi.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Templates\horse beastiality public ash .mpg.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\chinese gay hidden (Liz,Samantha).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\beastiality lingerie licking boobs .avi.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\hardcore lesbian sleeping titts .rar.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\swedish xxx lingerie hidden fishy .mpg.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\american animal voyeur nipples mature .rar.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Shared Gadgets\african porn [milf] .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\black lingerie masturbation cock .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\Download\canadian action [milf] .zip.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\xxx horse uncut (Ashley).mpg.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Program Files\Microsoft Office\Updates\Download\horse [milf] titts .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\canadian action hot (!) YEâPSè& .mpg.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\beast nude [free] .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_ee7ea14f7d8a3ee3\animal big (Melissa,Melissa).mpg.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.572_none_cf90e12518baac85\spanish lingerie fucking sleeping .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.1_none_6e0e425bd0e83959\malaysia horse public .mpg.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_de-de_21122d7205c6f5b9\kicking horse [bangbus] .avi.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\bukkake blowjob full movie .rar.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Windows\Downloaded Program Files\british gang bang beastiality girls ash redhair .zip.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\swedish xxx full movie castration (Liz,Sandy).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_62312bfbb33d478a\fucking sleeping .rar.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Windows\WinSxS\x86_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_10.0.19041.1_none_34e3bab50607a64b\british gay girls swallow .rar.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\canadian handjob action [bangbus] .mpg.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.1_none_f42978969c79336a\xxx several models 40+ (Jenna,Sandy).mpg.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_de-de_e4e52f411b7b0526\norwegian blowjob hot (!) (Christine,Liz).rar.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_10.0.19041.1_none_359f84f8e5af60e2\british handjob lingerie girls (Sylvia).zip.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1_none_a23e6a858fad9595\fetish [milf] titts (Curtney).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\norwegian horse hot (!) (Jenna).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..se-shared-datafiles_31bf3856ad364e35_10.0.19041.1_none_2f5f00d280dce9f6\gang bang sleeping bondage (Janette).rar.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Windows\InputMethod\SHARED\french action public .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-w..acejoin-gptemplates_31bf3856ad364e35_10.0.19041.1_none_609f27436445f4da\trambling lesbian girls ash (Sonja,Gina).zip.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.1_none_4a03fd12cb3f16c2\handjob kicking public feet 50+ .avi.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Windows\WinSxS\x86_microsoft-windows-m..-temptable-provider_31bf3856ad364e35_10.0.19041.1_none_77cfea69a421a4a1\brasilian gay full movie upskirt .zip.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.1266_none_7916f7558927ae23\indian lingerie several models ash .zip.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-s..-kf-commondownloads_31bf3856ad364e35_10.0.19041.1_none_a914e3e3f19ceda1\american fetish uncut .mpg.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_es-es_8da1621e0a800290\american sperm full movie nipples .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.746_none_a06b29f6c4bab99e\malaysia fetish fucking voyeur titts (Britney).avi.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_de-de_bc04d4fbcc35e12a\japanese trambling cum several models vagina upskirt (Kathrin,Sarah).rar.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedrealitysvc_31bf3856ad364e35_10.0.19041.1_none_5a23b464e1e0b15e\blowjob lesbian [milf] hotel .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Windows\assembly\tmp\british action catfight black hairunshaved .avi.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.1_none_c6da8048542fddc7\spanish trambling [bangbus] redhair .rar.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_07787dd7ae0cf4f6\animal horse public black hairunshaved .mpg.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Windows\WinSxS\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_10.0.19041.1_none_a723631dce180fe0\trambling [milf] pregnant .mpg.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-m..ineshared.resources_31bf3856ad364e35_10.0.19041.1_en-us_99ddc8ce8d3d6dac\beastiality catfight (Gina).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_10.0.19041.1_none_8c0b126c198fcf70\french handjob licking traffic (Sonja).rar.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_it-it_56adcc94becfef03\japanese lingerie animal girls bondage .rar.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_10.0.19041.1_none_965fbcbe4df0916b\norwegian gang bang public .zip.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_fad1fa0072ef4a3a\american porn fucking catfight boobs leather .mpg.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.1_none_d12f2a9a88909fc2\black horse [free] bedroom (Curtney).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_10.0.19041.1_none_c513167c1d0a90dd\horse masturbation .zip.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1_none_97e9c0335b4cd39a\norwegian lingerie voyeur ejaculation (Tatjana,Janette).zip.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_2426cc56d654beaa\chinese beast lesbian masturbation (Sarah,Jade).zip.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Windows\WinSxS\x86_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_10.0.19041.1_none_d980e9752d51efac\brasilian gay girls castration (Anniston).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_f07d4fae3e8e883f\malaysia blowjob voyeur .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_adfc5e0bfca53431\horse kicking [milf] (Liz,Curtney).avi.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.746_none_2212358fc33cc10f\gay animal public .mpg.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_fd7349c396c417ae\african gay bukkake catfight .rar.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.746_none_b53f8b98f2b3a373\chinese animal catfight .zip.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Windows\security\templates\canadian beast lesbian .rar.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\templates\japanese fucking big legs granny .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_es-es_30d7585a049f5b52\indian bukkake lesbian lesbian redhair .rar.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1288_none_ca3007304990b2ea\animal public .mpg.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_5b152a8d329397ec\indian gay full movie glans hairy .zip.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_621728fcd3c9d5f6\malaysia gang bang gay voyeur latex .mpg.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Windows\WinSxS\x86_netfx4-uninstallsqlstatetemplate_sql_b03f5f7f11d50a3a_4.0.15805.0_none_231ddfc33015c6db\african nude bukkake uncut Ôï .rar.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Windows\mssrv.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_ab42fb092bda9182\fucking masturbation ash .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_2fe79eae2833b9b1\american gang bang sleeping boots (Anniston,Gina).zip.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.867_none_c29826784f9429f8\african gang bang xxx hot (!) ash .rar.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_10.0.19041.207_none_e2f2dfeea7fa44fc\malaysia trambling xxx lesbian nipples femdom (Sylvia,Britney).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.746_none_aaeae146be52e178\swedish beastiality uncut boobs granny .mpg.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_a4f93129c473df49\japanese nude handjob hidden stockings .zip.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_es-es_c9ce604ef4cbf323\danish fetish lingerie [bangbus] hotel (Christine,Anniston).avi.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_6c85d64de79e0985\indian porn uncut black hairunshaved (Melissa,Tatjana).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\tyrkish beast public titts mistress .zip.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\swedish fucking porn girls (Karin).mpg.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_19d22204a1f3fcaf\italian porn [milf] nipples swallow .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe | N/A |
Enumerates physical storage devices
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe |
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe
"C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe"
C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe
"C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe"
C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe
"C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe"
C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe
"C:\Users\Admin\AppData\Local\Temp\64f01546010d25fa18f11acae3d3c217daf2db31647f7bc0e2c346c6ddbfeeb7.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 188 -p 2108 -ip 2108
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2108 -s 1144
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 214.143.182.52.in-addr.arpa | udp |
Files
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\xxx horse uncut (Ashley).mpg.exe
| MD5 | dab7c49d7ea0b36dbc33e63523d7c61d |
| SHA1 | 89e1fdb571e2f764655cc9bff089142206f447e8 |
| SHA256 | 27dd68baa1523f8d899cf2f55689942bde32d11ca3b7b81a1426926355da9506 |
| SHA512 | 7fc3e361d31f171b2ec5e6b49ade5c6f0157c1678ad15e6fbe880c76f82bf0a121159c66290aa4b3ffdb4ce79155bdda21f19e5df0c3153ac85b8e7b7ac23df6 |