Analysis Overview
SHA256
6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5
Threat Level: Known bad
The file 6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5 was found to be: Known bad.
Malicious Activity Summary
UPX dump on OEP (original entry point)
Detects executables containing possible sandbox analysis VM usernames
UPX dump on OEP (original entry point)
Reads user/profile data of web browsers
Checks computer location settings
UPX packed file
Adds Run key to start application
Enumerates connected drives
Drops file in System32 directory
Drops file in Windows directory
Drops file in Program Files directory
Unsigned PE
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-06 21:50
Signatures
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-06 21:50
Reported
2024-04-06 21:53
Platform
win7-20240319-en
Max time kernel
150s
Max time network
152s
Command Line
Signatures
Detects executables containing possible sandbox analysis VM usernames
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\config\systemprofile\animal horse big .rar.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\american beastiality several models 40+ .mpg.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\russian nude kicking [bangbus] castration .mpg.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\russian horse [bangbus] nipples .mpg.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\american hardcore girls vagina .mpg.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\african nude [bangbus] .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\shared\spanish beast porn [bangbus] cock 40+ .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Windows\System32\LogFiles\Fax\Incoming\german nude kicking [free] leather .rar.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\russian gay porn hot (!) .avi.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\shared\canadian sperm full movie .avi.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Google\Temp\black beastiality fucking hidden .zip.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\german trambling kicking hot (!) (Janette).mpg.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\italian lingerie lesbian titts hotel (Jenna,Gina).rar.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\german handjob trambling several models fishy .avi.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\xxx xxx big boobs .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\danish blowjob cum girls boobs sm .zip.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\handjob [milf] circumcision (Janette).rar.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\microsoft shared\action hardcore [bangbus] lady .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\bukkake catfight 50+ .avi.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\italian horse fucking hidden hotel .zip.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Program Files\Windows Journal\Templates\french gay uncut .mpg.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Shared Gadgets\malaysia handjob voyeur .mpg.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\Download\kicking cum public .mpg.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Program Files\DVD Maker\Shared\swedish cumshot nude voyeur glans (Sonja,Sylvia).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\asian kicking gay public granny .zip.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\tyrkish gang bang hidden hole .rar.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_en-us_00f45b041e1e8fd3\asian hardcore lesbian titts castration (Tatjana,Sonja).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_39c9d74ef2ad6c7b\lesbian girls balls .rar.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_9498b282333b64ec\russian lesbian hidden legs .rar.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_657d9a203abeb154\russian bukkake masturbation .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_it-it_18a6fde3093acac7\action handjob sleeping cock bondage (Curtney).mpg.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Windows\winsxs\InstallTemp\french kicking voyeur blondie .mpg.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_aea650787d30ed8a\swedish horse beastiality [free] glans 40+ .avi.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\african animal gay catfight YEâPSè& .zip.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\indian handjob fucking [free] latex (Sonja).rar.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\american xxx kicking uncut (Liz,Ashley).rar.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_2e7f079c3208e549\kicking beastiality [bangbus] glans wifey (Anniston).mpg.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Windows\winsxs\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_79642285ffd2a388\spanish animal lesbian hidden shower .mpg.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Windows\SoftwareDistribution\Download\cum beastiality [free] pregnant .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_94828572f7ddbf0f\swedish blowjob [free] (Jade,Karin).mpg.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_es-es_00bfb7e81e458178\chinese lesbian sleeping .zip.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2fc4a33adb648f33\tyrkish lesbian catfight nipples .rar.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_bacc7ceffc55dca2\swedish fetish action hidden boobs circumcision (Christine).mpg.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_6.1.7600.16385_none_af6f98ff87b0e3cc\brasilian horse xxx uncut .avi.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ac16749b75335680\xxx sleeping castration (Sonja,Sandy).rar.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_7f84cd98a7a56fd8\bukkake [bangbus] stockings .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\swedish beastiality animal uncut 40+ .rar.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_99b74194b7347cab\japanese animal lesbian girls glans .zip.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5d6ada54ed6d35a2\horse gang bang voyeur stockings .zip.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\porn hidden mature (Sandy,Britney).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b4aea777fe683838\gang bang full movie stockings .rar.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_6f0f7833cb71e18d\norwegian beastiality sperm uncut glans mature .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_7bfdfb15e7184c41\german sperm full movie .avi.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\malaysia trambling masturbation pregnant .mpg.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\beastiality licking leather (Sylvia).avi.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_4fe2107fd06efdd8\american handjob catfight titts ejaculation .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ad7c61fb28607522\nude horse licking hole beautyfull .zip.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\british porn xxx masturbation .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\Downloads\horse kicking lesbian bedroom .avi.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_65b23d3c3a97bfaf\handjob kicking voyeur shoes (Sylvia,Britney).zip.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ea4a469ab7713182\horse lesbian titts .mpg.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_60c2504d62fd4f0e\swedish sperm licking feet redhair (Anniston,Janette).zip.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_6.1.7600.16385_none_a727eb798dcfb185\malaysia handjob masturbation .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_cd2006602e5ee22e\african bukkake nude [free] legs bondage .rar.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_f3c374fc18118ca2\tyrkish kicking hot (!) .avi.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\canadian trambling licking vagina .avi.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\russian xxx licking .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Windows\assembly\temp\spanish kicking catfight sweet (Sandy,Karin).rar.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_6.1.7600.16385_none_6377027f0030a06a\indian horse lesbian girls girly (Britney).rar.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_963e6ae24c653bfe\japanese beast [milf] (Jade,Jenna).mpg.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_515dc677700303ec\porn action hidden cock penetration .avi.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_ddab3bcb3a4ffb45\russian porn lesbian licking (Ashley,Samantha).zip.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_b7f38afb92de484f\lesbian xxx girls (Samantha).zip.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05\asian fetish porn girls .rar.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_00225053e03f4c04\beastiality lesbian [milf] nipples blondie .avi.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_6.1.7600.16385_none_5499606faffb3f9f\asian xxx horse big feet gorgeoushorny .mpg.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_3863e9ef3f804dd9\norwegian fucking uncut black hairunshaved .mpg.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5d9f7d70ed4643fd\danish trambling handjob full movie .zip.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_34400a5790d1d336\porn sleeping mature .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a3772de7111797da\german porn hot (!) feet shower .mpg.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_664dbffec8693dfe\horse nude sleeping circumcision (Tatjana,Kathrin).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Windows\winsxs\Temp\gay fucking [free] nipples hotel .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_095efe9c8261401e\lesbian trambling catfight mature (Janette).mpg.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\british gay action masturbation .avi.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\asian fetish [bangbus] latex (Tatjana,Karin).rar.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_3c93ac15fd731acf\spanish sperm girls swallow .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_4d274741486b900c\danish cumshot lesbian .rar.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\spanish kicking horse sleeping .rar.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Windows\security\templates\lesbian animal sleeping vagina .mpg.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe
"C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe"
C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe
"C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe"
C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe
"C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 98.138.55.42.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.84.47.77.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.173.4.123.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 214.82.51.1.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 190.97.217.232.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.203.153.127.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.100.227.207.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.213.18.63.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 153.72.23.33.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.212.139.109.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 85.197.17.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.50.181.130.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.60.36.86.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.83.194.255.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.118.181.25.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.241.126.190.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.89.75.33.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.241.42.202.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.39.81.121.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.221.53.15.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.38.227.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.193.142.102.in-addr.arpa | udp |
Files
memory/1640-0-0x0000000000400000-0x000000000041E000-memory.dmp
C:\Program Files\Windows Sidebar\Shared Gadgets\malaysia handjob voyeur .mpg.exe
| MD5 | fb7e10306f1f575b3bfe1623e1539d6f |
| SHA1 | 256e2de7eba6c9674b4cad093009faee708342e7 |
| SHA256 | 3b969436bd581966344b8fe175b06077f8f87e4c4f528d1e54363dac68be018f |
| SHA512 | b12f5acadb3fa5aa72f15ca6213acc05b0eece2ebf31b6f92d1b3f2134ae35f95fdb330cb3d4b7edab2cd2777b598f44bc8ec32988c35179b971ef7f9a553f9e |
memory/2580-20-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2580-59-0x0000000004920000-0x000000000493E000-memory.dmp
memory/2976-62-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1640-90-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2580-91-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2976-92-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1640-93-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1640-95-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1640-98-0x0000000002200000-0x000000000221E000-memory.dmp
memory/2580-99-0x0000000004920000-0x000000000493E000-memory.dmp
memory/1640-100-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1640-113-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1640-116-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1640-119-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1640-122-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1640-125-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1640-130-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1640-133-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1640-136-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1640-139-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1640-142-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1640-145-0x0000000000400000-0x000000000041E000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-06 21:50
Reported
2024-04-06 21:53
Platform
win10v2004-20240226-en
Max time kernel
151s
Max time network
155s
Command Line
Signatures
Detects executables containing possible sandbox analysis VM usernames
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\System32\DriverStore\Temp\asian kicking animal [free] latex (Tatjana).zip.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\SHARED\spanish fetish cum full movie beautyfull (Sandy).zip.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\beast horse big vagina .avi.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\indian horse sleeping pregnant .zip.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\asian gang bang hot (!) shower .rar.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\black action full movie hole leather .mpg.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\hardcore lesbian balls .zip.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\american fetish sleeping nipples .avi.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Windows\System32\LogFiles\Fax\Incoming\german beast hot (!) (Karin).avi.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\SHARED\canadian lingerie blowjob full movie .avi.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\african kicking lesbian masturbation ash shoes .avi.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\tyrkish trambling blowjob uncut .avi.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\norwegian action licking vagina young .rar.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\norwegian lesbian animal hidden .zip.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Microsoft Shared\black animal big mature (Sandy).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\gay uncut glans (Ashley).rar.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\Download\american cumshot cum catfight black hairunshaved (Gina,Sonja).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\indian horse porn voyeur boobs latex .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Shared Gadgets\indian gang bang beast [bangbus] femdom .avi.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\african beast uncut (Janette,Sylvia).zip.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Program Files\Microsoft Office\Updates\Download\beast uncut beautyfull .mpg.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\asian handjob cum hidden vagina boots .avi.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\EU5927.tmp\bukkake [bangbus] beautyfull .zip.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\african lesbian uncut ash .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\porn hidden .avi.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Templates\swedish hardcore masturbation ash hotel .zip.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\hardcore hot (!) nipples .mpg.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\kicking gang bang [milf] hairy .avi.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\gang bang lingerie hot (!) .rar.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Program Files\dotnet\shared\blowjob licking sm .avi.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\brasilian sperm [milf] .rar.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_cb389cf57d74d691\chinese gay several models high heels .zip.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_10.0.19041.1_none_8c0b126c198fcf70\danish fetish masturbation (Gina).zip.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_67a96afcfa248327\asian lesbian animal [milf] ash blondie (Sandy).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Windows\WinSxS\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_10.0.19041.1_none_15ba23b7f1e2b81b\danish lesbian several models .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\bukkake [free] nipples .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-a..gement-uevtemplates_31bf3856ad364e35_10.0.19041.1_none_0d66b54875835a49\black cum several models .avi.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_es-es_64c107d8bb3ade94\fucking [milf] young .zip.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.746_none_96167fa49059f7a3\fetish handjob licking redhair .avi.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_f8d34ba1b1eb00de\nude gang bang licking titts .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_3058d81cfd5218f2\lesbian cumshot hidden beautyfull (Jenna,Kathrin).avi.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_en-us_310bfb76047869ad\russian porn porn hot (!) .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_9aa486d790131d4e\black trambling catfight ash .avi.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.746_none_b53f8b98f2b3a373\cumshot hot (!) boobs mistress .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Windows\WinSxS\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_10.0.19041.1_none_c049dbdb4e15bdd2\danish sperm horse big cock swallow .zip.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_4c786ae2f508e6d5\horse gay hidden vagina penetration (Janette).avi.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_it-it_72a319bf8ee74a9b\black animal big nipples .zip.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.746_none_a06b29f6c4bab99e\norwegian animal kicking [bangbus] lady (Britney,Karin).zip.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1288_none_ca3007304990b2ea\norwegian bukkake fetish uncut beautyfull .avi.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.1_none_f42978969c79336a\gay catfight titts bedroom .mpg.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_10.0.19041.1_none_a3d9a07cf2290837\french action [milf] legs .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1_none_a23e6a858fad9595\indian nude fetish voyeur .zip.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_it-it_bdb6c49fcea35732\norwegian hardcore public vagina 50+ (Sandy,Britney).zip.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.1_none_b6514808f7d87b1a\brasilian lingerie gay sleeping sm (Sonja).avi.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_10.0.19041.1_none_de1581e9a275faf8\italian horse masturbation vagina pregnant .mpg.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.84_none_cee95e04c201c860\porn animal sleeping lady .zip.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\Downloads\asian cumshot public legs .avi.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_de-de_bc04d4fbcc35e12a\animal bukkake [milf] YEâPSè& (Sonja,Jenna).avi.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedpc-sharedpccsp_31bf3856ad364e35_10.0.19041.1_none_24f622f1fc5a3f3c\blowjob lesbian femdom .zip.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_10.0.19041.1_none_91025638be651781\gang bang voyeur ash boots .zip.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_10.0.19041.1_none_965fbcbe4df0916b\brasilian gay beast hidden sweet .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_14c898cc82025c76\fetish beast uncut .zip.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Windows\WinSxS\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_10.0.19041.1_none_4ab14109a3e1e067\french cum nude full movie vagina (Melissa).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_f07d4fae3e8e883f\swedish horse lingerie hidden cock mistress (Karin).rar.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_en-us_e5f85095c4bc5d16\asian porn [bangbus] .mpg.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_10.0.19041.1_none_096bb4dc0d5d63a0\asian beast licking 50+ .zip.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_es-es_8da1621e0a800290\handjob fetish [free] ejaculation .rar.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_621728fcd3c9d5f6\brasilian porn cumshot licking Ôï .rar.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_10.0.19041.1_none_bd731e5b85dd203e\italian trambling gay hidden swallow .mpg.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_10.0.19041.1_none_4ac6500cab2b2113\british blowjob animal big boots .mpg.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_de-de_e4e52f411b7b0526\black lingerie bukkake licking .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_fe0807c37141be7a\tyrkish bukkake uncut .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_10.0.19041.1_none_551afa5edf8be30e\swedish horse catfight (Sarah).mpg.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Windows\SoftwareDistribution\Download\SharedFileCache\cum voyeur boots (Karin).rar.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_1bbb9ab9fc52bac9\horse blowjob masturbation lady (Tatjana).zip.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.1_none_a80cea873b2a6772\tyrkish gay lingerie [milf] redhair .rar.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_19d22204a1f3fcaf\black nude beast public pregnant .zip.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_5abbd3c4a3f2014c\german hardcore catfight femdom .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedpc-sharedpccsp_31bf3856ad364e35_10.0.19041.746_none_4cfe603abbcbfd86\lesbian fucking big (Jade,Jade).zip.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx-aspnet-sharedcomponents_b03f5f7f11d50a3a_4.0.19041.1_none_47ca94859da20b28\american sperm horse public titts .avi.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_211cf1c632a13851\kicking licking ash stockings .zip.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_2fe79eae2833b9b1\bukkake masturbation shower .zip.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1288_none_56c05939711f0938\danish kicking [free] .avi.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_bfae5918c0443f83\trambling sperm lesbian titts .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_es-es_bf79b5fcc06b3128\russian horse hot (!) .avi.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.964_none_1c1a193f5bfcf136\cumshot hardcore full movie .avi.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_a4f93129c473df49\hardcore action hot (!) young (Curtney,Samantha).zip.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Windows\mssrv.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.1_none_fa09f84703cb02c5\horse voyeur titts (Melissa).zip.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-m..ineshared.resources_31bf3856ad364e35_10.0.19041.1_en-us_99ddc8ce8d3d6dac\norwegian animal horse full movie nipples .mpg.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.1_none_7862ecae0548fb54\tyrkish porn voyeur .avi.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_833abdc06c68d338\handjob horse public penetration .zip.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_de-de_3d077a9cd5de5151\malaysia fucking xxx catfight penetration .rar.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_10.0.19041.746_none_e2c6a972a81b8d2c\canadian beastiality licking Ôï .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.1_none_6e0e425bd0e83959\japanese horse lesbian titts (Sonja,Ashley).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe
"C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe"
C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe
"C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe"
C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe
"C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe"
C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe
"C:\Users\Admin\AppData\Local\Temp\6715970a118dfe41a9979e17c6462dbffd77b8bd7d04e42a16dc412cc8d718f5.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.71.91.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 153.249.149.231.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.244.31.226.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.72.247.57.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.46.145.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.55.60.231.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.105.131.156.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.89.176.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.105.186.182.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.184.179.101.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 141.140.247.241.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.133.120.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 188.138.46.139.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.70.220.137.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.145.85.253.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 223.23.156.244.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.168.133.41.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.204.173.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.116.212.7.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 12.215.95.198.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.224.54.236.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.57.124.97.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.193.240.208.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 186.157.9.221.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.2.30.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 120.255.89.122.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.144.31.107.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 93.61.108.85.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.239.135.164.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.70.184.245.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.126.119.245.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.226.32.239.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.207.215.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.154.103.244.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.228.5.254.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 60.243.186.120.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 143.244.244.170.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.239.76.100.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 236.194.67.222.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.79.177.16.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 214.48.96.240.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.216.59.49.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 87.217.235.50.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 93.221.115.253.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 207.237.246.85.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.157.46.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.54.108.249.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 120.236.28.22.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.6.155.110.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.75.88.225.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.157.5.241.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.214.156.68.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.229.138.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.33.33.114.in-addr.arpa | udp |
Files
memory/1940-0-0x0000000000400000-0x000000000041E000-memory.dmp
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\porn hidden .avi.exe
| MD5 | 4148e33b4131372a9f2990aff8c821ae |
| SHA1 | bfe666bd481504e6a3ee3c64cd21591dc9f4b544 |
| SHA256 | 7fa7f5845e2c2bf948e497fb3491dbb9c046a24d2660986356194f93cc134cc4 |
| SHA512 | 686a99b78860c6cbd8bfd33f1915084cddc10020f86e0f2274299c6f4a1300e60c24c88660bc98baafd518f856e6288d3b4ff6973569f977eef579acbda7fc50 |
memory/3640-34-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1940-168-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1848-187-0x0000000000400000-0x000000000041E000-memory.dmp
memory/4556-188-0x0000000000400000-0x000000000041E000-memory.dmp
memory/3640-189-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1940-190-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1940-191-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1940-195-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1940-199-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1940-204-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1940-208-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1940-214-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1940-224-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1940-228-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1940-232-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1940-236-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1940-241-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1940-245-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1940-249-0x0000000000400000-0x000000000041E000-memory.dmp