Analysis Overview
SHA256
06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933
Threat Level: Known bad
The file 06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933 was found to be: Known bad.
Malicious Activity Summary
UPX dump on OEP (original entry point)
Detects executables containing possible sandbox analysis VM usernames
UPX dump on OEP (original entry point)
Reads user/profile data of web browsers
Checks computer location settings
Enumerates connected drives
Adds Run key to start application
Drops file in System32 directory
Drops file in Program Files directory
Drops file in Windows directory
Enumerates physical storage devices
Unsigned PE
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-07 18:19
Signatures
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-07 18:19
Reported
2024-04-07 18:21
Platform
win7-20240221-en
Max time kernel
150s
Max time network
152s
Command Line
Signatures
Detects executables containing possible sandbox analysis VM usernames
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\System32\DriverStore\Temp\sperm public shoes (Ashley,Melissa).rar.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\british sperm uncut cock boots .zip.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\shared\fucking public titts sm .avi.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\russian porn bukkake hidden .mpg.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\swedish beastiality hardcore [bangbus] hole 40+ .rar.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Windows\System32\LogFiles\Fax\Incoming\danish animal lesbian catfight fishy .rar.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\xxx [milf] titts .mpg.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\indian cumshot lesbian hot (!) black hairunshaved .avi.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\shared\danish porn gay several models wifey .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\blowjob licking 50+ .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\russian nude hardcore sleeping glans circumcision .zip.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\Download\american gang bang lesbian [bangbus] .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\xxx lesbian shoes .rar.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\fucking [milf] leather .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\russian kicking lesbian sleeping feet .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\xxx uncut bedroom .zip.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\beast [milf] girly .avi.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\lesbian licking castration .zip.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Program Files\DVD Maker\Shared\russian kicking fucking licking 40+ .rar.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Program Files\Windows Journal\Templates\danish gang bang beast licking cock 40+ .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\black gang bang sperm sleeping .rar.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\fucking voyeur hotel .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Shared Gadgets\tyrkish cumshot lingerie sleeping .zip.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\microsoft shared\swedish fetish sperm full movie hole castration .zip.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\black gang bang blowjob hidden (Janette).zip.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\russian cumshot xxx [milf] .rar.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_d81c96999f75bd77\bukkake licking titts .avi.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\brasilian beastiality gay sleeping pregnant (Sandy,Sylvia).avi.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_bcc167434bb9b3ea\black nude xxx [free] glans .zip.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_39c9d74ef2ad6c7b\german horse lesbian leather .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_05ea1d9b8e2bf020\tyrkish handjob lingerie full movie .avi.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Windows\Downloaded Program Files\blowjob hot (!) shower .avi.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_it-it_18a6fde3093acac7\cum fucking several models (Karin).mpg.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_7f84cd98a7a56fd8\lingerie public glans ìï .mpg.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Windows\PLA\Templates\fucking sleeping feet (Ashley,Sarah).zip.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_en-us_00f45b041e1e8fd3\asian lingerie full movie titts circumcision .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_7bfdfb15e7184c41\norwegian lesbian hidden (Samantha).mpg.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_bacc7ceffc55dca2\african blowjob girls wifey (Jenna,Janette).avi.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_60c2504d62fd4f0e\fucking uncut sm .rar.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_f0ca3430257ea13f\british lingerie [milf] glans mistress (Curtney).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_a945e2c500c90142\russian action lingerie [milf] ejaculation .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_4d274741486b900c\spanish sperm lesbian (Curtney).zip.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_d8216ed3d8746200\malaysia beast licking titts .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0ac4ebfc358e5ec0\trambling full movie hole mature .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0993a1b8823a4e79\norwegian horse sleeping hole black hairunshaved .rar.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\Downloads\blowjob girls (Karin).zip.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\lesbian public castration .rar.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_aea650787d30ed8a\tyrkish horse gay lesbian glans young .zip.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_515dc677700303ec\fetish blowjob full movie fishy .rar.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_94828572f7ddbf0f\asian lingerie sleeping blondie .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ea4a469ab7713182\swedish beastiality trambling big titts traffic .avi.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_34400a5790d1d336\tyrkish cumshot fucking [milf] feet stockings (Liz).zip.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ad7c61fb28607522\norwegian hardcore lesbian granny .rar.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\american action blowjob public .mpg.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8c6fc5a7aa8c435d\norwegian xxx uncut (Sylvia).avi.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_6.1.7600.16385_none_49dd84a06c7c8863\beastiality blowjob uncut cock .avi.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_6.1.7600.16385_none_a727eb798dcfb185\norwegian lesbian [free] .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\hardcore big hotel (Gina,Tatjana).avi.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\brasilian animal lingerie licking (Samantha).avi.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_f27c4f066f5c6701\french horse hidden ash .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_3d98a610fed70b75\german lesbian several models cock latex (Karin).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_095efe9c8261401e\action lingerie public cock .mpg.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_ddab3bcb3a4ffb45\danish gang bang xxx public (Jade).avi.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\italian fetish horse big ash .mpg.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Windows\assembly\tmp\horse girls feet penetration .zip.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-m..-temptable-provider_31bf3856ad364e35_6.1.7600.16385_none_1dd3ce8d1e7524cd\black fetish xxx catfight young .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_3b85bcbe4734e96a\japanese gang bang lingerie hot (!) granny .mpg.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\american action beast sleeping titts shoes .mpg.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_es-es_00bfb7e81e458178\action gay sleeping hole .avi.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Windows\winsxs\Temp\lesbian [bangbus] stockings .zip.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_963e6ae24c653bfe\spanish blowjob full movie (Sarah).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_664dbffec8693dfe\porn trambling full movie shoes .zip.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_293ea1e3e6bc5364\danish horse blowjob public glans ash .rar.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2fc4a33adb648f33\canadian sperm masturbation sweet .rar.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Windows\assembly\temp\danish handjob lesbian big girly .rar.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_657d9a203abeb154\kicking sperm [free] wifey .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f25d066604c2ad34\spanish xxx voyeur circumcision (Sonja,Jade).avi.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Windows\winsxs\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_6b16fa9f975e1109\fucking licking black hairunshaved .rar.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_387a16fe7addf3b6\swedish fetish blowjob big cock redhair (Samantha).zip.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_94ab98ac6d213009\canadian lingerie hidden glans girly .zip.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\gay girls titts .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e30b5ec05031d17d\lesbian big (Sarah).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b4aea777fe683838\brasilian horse trambling [milf] .avi.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0af98f1835676d1b\russian gang bang hardcore licking titts .avi.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5d6ada54ed6d35a2\malaysia lesbian public .mpg.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_de-de_5803850b2f40840e\french lingerie catfight .mpg.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_f3c374fc18118ca2\british beast [bangbus] .rar.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_b7f38afb92de484f\kicking lesbian catfight mature .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\sperm public glans 40+ .rar.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe
"C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe"
C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe
"C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe"
C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe
"C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe"
C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe
"C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 157.49.133.218.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 122.206.74.29.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.109.235.118.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.121.56.158.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.220.229.138.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.124.32.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.50.222.212.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.72.81.32.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 176.247.210.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.145.168.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.142.124.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.214.26.180.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.134.128.49.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 248.221.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 93.86.143.208.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 127.151.96.242.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 144.220.131.26.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 112.180.136.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.145.62.21.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 165.243.34.36.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.115.254.218.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 142.116.114.192.in-addr.arpa | udp |
Files
memory/1736-0-0x0000000000400000-0x000000000041C000-memory.dmp
C:\Program Files\Windows Sidebar\Shared Gadgets\tyrkish cumshot lingerie sleeping .zip.exe
| MD5 | a7c3d83ae4b1c82290acae3a4a0cefc7 |
| SHA1 | 8e90e0fb222e3da0475bb90938e81e161f8965a0 |
| SHA256 | a552a8dd576fa36714256c59bf36ef288b18193a8580d2c4df9ff7c1ef7fc856 |
| SHA512 | 0b5b3a603dfd10344e269be291fa0472b41e1415723401694fc79d2d794ff0c8fcab18092bbd6a7c47672d920fcdf64211c53ffff54779ede889a4203b7510ec |
memory/1736-13-0x0000000004E10000-0x0000000004E2C000-memory.dmp
memory/2144-61-0x0000000001E80000-0x0000000001E9C000-memory.dmp
memory/2484-62-0x0000000000400000-0x000000000041C000-memory.dmp
memory/2436-63-0x0000000000400000-0x000000000041C000-memory.dmp
memory/1736-64-0x0000000004F90000-0x0000000004FAC000-memory.dmp
memory/1736-89-0x0000000000400000-0x000000000041C000-memory.dmp
memory/2144-90-0x0000000000400000-0x000000000041C000-memory.dmp
memory/2436-92-0x0000000000400000-0x000000000041C000-memory.dmp
memory/1736-93-0x0000000000400000-0x000000000041C000-memory.dmp
memory/1736-94-0x0000000000400000-0x000000000041C000-memory.dmp
memory/1736-95-0x0000000004E10000-0x0000000004E2C000-memory.dmp
memory/2144-98-0x0000000001E80000-0x0000000001E9C000-memory.dmp
memory/1736-101-0x0000000000400000-0x000000000041C000-memory.dmp
memory/1736-115-0x0000000000400000-0x000000000041C000-memory.dmp
memory/1736-119-0x0000000000400000-0x000000000041C000-memory.dmp
memory/1736-123-0x0000000000400000-0x000000000041C000-memory.dmp
memory/1736-127-0x0000000000400000-0x000000000041C000-memory.dmp
memory/1736-131-0x0000000000400000-0x000000000041C000-memory.dmp
memory/1736-137-0x0000000000400000-0x000000000041C000-memory.dmp
memory/1736-141-0x0000000000400000-0x000000000041C000-memory.dmp
memory/1736-145-0x0000000000400000-0x000000000041C000-memory.dmp
memory/1736-149-0x0000000000400000-0x000000000041C000-memory.dmp
memory/1736-153-0x0000000000400000-0x000000000041C000-memory.dmp
memory/1736-157-0x0000000000400000-0x000000000041C000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-07 18:19
Reported
2024-04-07 18:21
Platform
win10v2004-20240226-en
Max time kernel
150s
Max time network
152s
Command Line
Signatures
Detects executables containing possible sandbox analysis VM usernames
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\lingerie hardcore full movie castration .avi.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\german action xxx big lady .rar.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\SHARED\danish trambling [milf] femdom (Gina).mpg.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Windows\System32\LogFiles\Fax\Incoming\horse bukkake masturbation hairy (Tatjana).rar.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\sperm licking .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\german horse big .mpg.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\indian kicking masturbation vagina (Samantha,Gina).avi.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\SHARED\swedish cumshot handjob public (Sandy,Sylvia).rar.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\cumshot [milf] ash YEâPSè& .rar.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\russian lesbian hidden gorgeoushorny .avi.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\lingerie catfight legs .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\action [milf] (Ashley).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\dotnet\shared\swedish lesbian kicking hidden (Melissa,Ashley).rar.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\norwegian cumshot blowjob uncut black hairunshaved .avi.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\brasilian handjob blowjob uncut mature .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\beastiality uncut swallow .avi.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Templates\brasilian xxx fucking catfight bedroom .zip.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\animal hot (!) ash hairy .mpg.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\action nude hidden .rar.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\beast [milf] titts blondie .mpg.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\chinese cumshot [milf] vagina shoes (Ashley,Sylvia).avi.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\german action girls blondie .mpg.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Program Files\Microsoft Office\Updates\Download\kicking gang bang [bangbus] .avi.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Shared Gadgets\spanish handjob lesbian uncut beautyfull (Curtney,Sarah).mpg.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\british lesbian trambling [free] sm (Sonja,Christine).mpg.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\american trambling public hotel (Ashley).rar.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\african gay xxx hidden (Sonja).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Microsoft Shared\trambling voyeur granny .zip.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\Download\canadian hardcore licking (Ashley).zip.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\cum nude public bedroom (Anniston).mpg.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.906_none_f962ab5f47e1e896\action uncut .rar.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5021dd18efc0460c\japanese fucking full movie sweet .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_2fe79eae2833b9b1\french lingerie fetish [milf] castration (Jenna).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_10.0.19041.1_none_ee94ce5eb8e7e4c0\trambling gay sleeping bedroom .avi.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_f3b35d713ce0fc7f\horse hardcore masturbation balls .rar.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_es-es_bf79b5fcc06b3128\brasilian fucking cum [free] gorgeoushorny .mpg.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedpc-sharedpccsp_31bf3856ad364e35_10.0.19041.746_none_4cfe603abbcbfd86\cum xxx sleeping glans shower .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedrealitysvc_31bf3856ad364e35_10.0.19041.1_none_5a23b464e1e0b15e\beast [milf] mistress .avi.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-t..ervices-tsfairshare_31bf3856ad364e35_10.0.19041.1_none_e32b64807ab11fd2\indian animal lesbian (Britney,Kathrin).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_d58d4747b1d5988c\bukkake kicking girls bondage .zip.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Windows\WinSxS\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_10.0.19041.1_none_15ba23b7f1e2b81b\canadian gay fetish uncut sweet .avi.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Windows\CbsTemp\beast [bangbus] (Christine,Sylvia).rar.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_211cf1c632a13851\indian bukkake uncut .mpg.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_07787dd7ae0cf4f6\american gay xxx sleeping ejaculation .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.84_none_81616275259e37fe\xxx public shower (Kathrin,Sandy).mpg.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_14c898cc82025c76\blowjob hidden nipples .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-update-upshared_31bf3856ad364e35_10.0.19041.1151_none_025296d718a7b3a8\lesbian [free] .rar.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-t..ervices-tsfairshare_31bf3856ad364e35_10.0.19041.746_none_0b33a1c93a22de1c\african blowjob handjob hot (!) ash .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.1_none_0bc0f3d4cd7dc8fd\british horse sleeping ash .zip.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.746_none_aaeae146be52e178\lesbian masturbation ejaculation .mpg.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_855aff45853749ef\russian sperm catfight black hairunshaved (Sandy).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_e79b400a6df5fd2c\trambling masturbation titts 50+ .rar.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx4-_dataoraclec.._shared12_neutral_h_b03f5f7f11d50a3a_4.0.15805.0_none_3b8d4dacc2ea6b71\malaysia bukkake girls cock .mpg.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_en-us_e5f85095c4bc5d16\black horse [free] (Karin).rar.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_b597a55b603b537d\american horse public nipples sweet (Sarah,Sylvia).mpg.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_2610450c30b37cc4\swedish gang bang hot (!) .rar.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_es-es_e5c3ad79c4e34ebb\brasilian gay xxx hot (!) sm .rar.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_10.0.19041.1_none_551afa5edf8be30e\indian lesbian public bedroom .mpg.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Windows\SystemResources\Windows.UI.ShellCommon\SharePickerUI\malaysia action public (Kathrin,Gina).zip.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_b1ffa0e7b4ed03e2\black animal porn girls shoes .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_67a96afcfa248327\gang bang hidden .zip.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_it-it_1a80ce63d483fe70\sperm girls leather .rar.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\Downloads\canadian hardcore beastiality [bangbus] boobs 40+ (Christine).avi.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_5abbd3c4a3f2014c\beastiality [free] glans bedroom .zip.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_10.0.19041.1_none_bd731e5b85dd203e\fetish nude girls cock .zip.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.746_none_d01527cffa9c25bc\gang bang uncut latex .zip.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_de-de_3d077a9cd5de5151\british lingerie public (Jenna,Liz).mpg.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Windows\WinSxS\x86_netfx4-installsqlstatetemplate_sql_b03f5f7f11d50a3a_4.0.15805.0_none_bde408a455fc3ece\gang bang public YEâPSè& .mpg.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_10.0.19041.1_none_c513167c1d0a90dd\indian action public .avi.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.1266_none_7916f7558927ae23\hardcore gay public ash .rar.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.1_none_6e0e425bd0e83959\blowjob handjob hot (!) (Jenna).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_es-es_8da1621e0a800290\porn lesbian boobs swallow (Britney,Melissa).zip.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\cum lesbian (Gina,Samantha).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Windows\PLA\Templates\american lesbian animal licking glans stockings .mpg.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_de-de_21122d7205c6f5b9\chinese xxx gang bang masturbation vagina leather (Kathrin,Anniston).avi.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_887b2378b7b5651d\horse lingerie full movie .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_10.0.19041.746_none_e2c6a972a81b8d2c\fucking full movie sweet .mpg.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_a4f93129c473df49\blowjob xxx full movie cock .avi.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_10.0.19041.1_none_965fbcbe4df0916b\african cum public ash .avi.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Windows\WinSxS\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_10.0.19041.1_none_a723631dce180fe0\chinese horse hidden .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_it-it_bdb6c49fcea35732\xxx lesbian hidden ejaculation .zip.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_833abdc06c68d338\fetish lingerie voyeur wifey .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.746_none_2212358fc33cc10f\italian fetish porn hot (!) blondie (Christine).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_f8d34ba1b1eb00de\porn [milf] (Jenna,Sandy).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\tyrkish animal voyeur sm .rar.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\xxx fetish voyeur legs .zip.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_19d22204a1f3fcaf\cumshot beast lesbian beautyfull (Curtney,Anniston).rar.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_57eddd48e7a74274\american animal animal [free] .avi.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1151_none_fbdc4c5f677dc2ec\swedish beastiality [milf] latex .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_it-it_72a319bf8ee74a9b\norwegian porn fetish masturbation wifey .mpg.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_10.0.19041.746_none_292c449ed2edefa3\black bukkake lesbian nipples swallow (Kathrin,Gina).zip.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_10.0.19041.1_none_91025638be651781\handjob action catfight (Gina).mpg.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Windows\assembly\tmp\kicking hardcore hidden (Jenna,Kathrin).zip.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_es-es_30d7585a049f5b52\kicking hidden glans (Sonja,Sylvia).avi.exe | C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe
"C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe"
C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe
"C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe"
C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe
"C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe"
C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe
"C:\Users\Admin\AppData\Local\Temp\06bc4562cc0ff8934c4fb6c249ee297a1859125d9d04829a6232cc62e4118933.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.143.109.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.132.205.189.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.82.164.112.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 246.60.70.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 176.253.75.219.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.177.192.55.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 51.253.220.147.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 144.234.227.207.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 188.120.195.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 164.254.150.179.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 221.173.53.26.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 93.122.18.21.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 147.129.71.71.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 218.17.3.182.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.239.69.183.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.97.101.118.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 204.97.197.147.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.126.17.149.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 207.109.202.48.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 252.64.250.29.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 39.67.145.171.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 165.60.198.82.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.199.246.14.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 153.141.79.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 144.214.217.28.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 159.205.207.138.in-addr.arpa | udp |
Files
memory/4584-0-0x0000000000400000-0x000000000041C000-memory.dmp
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\american trambling public hotel (Ashley).rar.exe
| MD5 | c8280e3db8d02b6d2f472b682543a5c3 |
| SHA1 | 142d4f1ab4c90ea3027a148fa806a00cb8f4aff0 |
| SHA256 | a5c124e7629f616ceee1e14518208a6475009aaead736699a8f69c556a479409 |
| SHA512 | 9c01e1989c5731872462489a84d85f37daacc726614b27d66835ded0d67ea064a979448ad6d2024e23a5878583534897bc9f3e6b0c7930419c7893cdd41e6b2d |
memory/2512-56-0x0000000000400000-0x000000000041C000-memory.dmp
memory/4584-149-0x0000000000400000-0x000000000041C000-memory.dmp
memory/2892-150-0x0000000000400000-0x000000000041C000-memory.dmp
memory/2100-186-0x0000000000400000-0x000000000041C000-memory.dmp
memory/2512-187-0x0000000000400000-0x000000000041C000-memory.dmp
memory/4584-188-0x0000000000400000-0x000000000041C000-memory.dmp
memory/4584-189-0x0000000000400000-0x000000000041C000-memory.dmp
memory/4584-197-0x0000000000400000-0x000000000041C000-memory.dmp
memory/4584-201-0x0000000000400000-0x000000000041C000-memory.dmp
memory/4584-205-0x0000000000400000-0x000000000041C000-memory.dmp
memory/4584-209-0x0000000000400000-0x000000000041C000-memory.dmp
memory/4584-214-0x0000000000400000-0x000000000041C000-memory.dmp
memory/4584-220-0x0000000000400000-0x000000000041C000-memory.dmp
memory/4584-234-0x0000000000400000-0x000000000041C000-memory.dmp
memory/4584-239-0x0000000000400000-0x000000000041C000-memory.dmp
memory/4584-243-0x0000000000400000-0x000000000041C000-memory.dmp
memory/4584-247-0x0000000000400000-0x000000000041C000-memory.dmp