Analysis Overview
SHA256
249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1
Threat Level: Known bad
The file 249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1 was found to be: Known bad.
Malicious Activity Summary
Detects executables containing possible sandbox analysis VM usernames
Detects executables containing possible sandbox analysis VM usernames
Checks computer location settings
Reads user/profile data of web browsers
Enumerates connected drives
Adds Run key to start application
Drops file in System32 directory
Drops file in Program Files directory
Drops file in Windows directory
Enumerates physical storage devices
Unsigned PE
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-07 19:25
Signatures
Detects executables containing possible sandbox analysis VM usernames
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-07 19:25
Reported
2024-04-07 19:28
Platform
win7-20240221-en
Max time kernel
149s
Max time network
144s
Command Line
Signatures
Detects executables containing possible sandbox analysis VM usernames
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\config\systemprofile\american lesbian lesbian latex .zip.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\nude blowjob voyeur redhair .avi.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\fetish hardcore [bangbus] .rar.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\cumshot hot (!) sweet .mpg.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\chinese kicking hot (!) (Anniston).rar.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\shared\canadian cumshot xxx [milf] (Gina,Janette).mpg.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\lesbian nude public .zip.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\shared\hardcore [milf] .avi.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Windows\System32\LogFiles\Fax\Incoming\british kicking girls ash high heels .zip.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\african gay action hot (!) glans hairy .zip.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\Common Files\Microsoft Shared\chinese action cumshot lesbian fishy (Ashley).mpg.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Shared Gadgets\asian fucking xxx public balls .avi.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\brasilian porn [bangbus] glans .mpg.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\norwegian horse licking ¤ã .zip.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\asian nude masturbation .mpg.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\Download\danish lingerie kicking uncut vagina .zip.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\porn public redhair .avi.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\cumshot full movie (Karin,Janette).zip.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Program Files\Windows Journal\Templates\fucking xxx girls .mpg.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\brasilian horse blowjob hidden glans 40+ .rar.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\microsoft shared\chinese fetish action sleeping cock .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Program Files\DVD Maker\Shared\blowjob handjob hidden ash swallow (Kathrin).mpg.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\tyrkish beastiality licking hole .mpg.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\swedish beast porn public (Kathrin,Sonja).mpg.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\horse [free] ash .rar.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\assembly\temp\italian porn cum catfight circumcision .avi.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b4aea777fe683838\bukkake porn hidden hotel .rar.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Windows\winsxs\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_79642285ffd2a388\trambling public gorgeoushorny .mpg.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_dba3691c6002e10e\gay porn [free] castration .avi.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_7f84cd98a7a56fd8\british gay [free] feet upskirt .mpg.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\Downloads\brasilian sperm lesbian penetration .mpg.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\Downloads\fetish xxx hot (!) cock mistress .mpg.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_6.1.7600.16385_none_a727eb798dcfb185\beast lesbian castration .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Windows\Downloaded Program Files\chinese trambling [free] .mpg.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_6.1.7600.16385_none_af6f98ff87b0e3cc\gang bang public .zip.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_664dbffec8693dfe\tyrkish sperm masturbation 50+ .avi.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8bc7919d3f36cee7\italian blowjob licking feet ìï .mpg.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_f0ca3430257ea13f\cum [bangbus] penetration .zip.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_bcc167434bb9b3ea\beastiality licking .mpg.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_2e7f079c3208e549\african handjob horse sleeping circumcision (Christine).zip.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_6.1.7600.16385_none_5499606faffb3f9f\tyrkish bukkake licking black hairunshaved .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ad7c61fb28607522\xxx uncut legs .mpg.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_f3c374fc18118ca2\tyrkish action beast public glans ash (Tatjana,Karin).avi.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_b7f38afb92de484f\blowjob [free] (Curtney).rar.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\chinese gang bang gay catfight stockings .rar.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\chinese blowjob girls hole boots (Sonja,Sylvia).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_94828572f7ddbf0f\tyrkish beast beastiality [free] sm (Janette).zip.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_6f0f7833cb71e18d\danish cumshot porn public 40+ .rar.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_a945e2c500c90142\chinese handjob licking .mpg.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0993a1b8823a4e79\gay horse [milf] redhair .zip.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_aedaf3947d09fbe5\fetish sleeping vagina .mpg.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\japanese nude several models shower (Anniston,Tatjana).mpg.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_d81c96999f75bd77\trambling uncut glans bedroom .mpg.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8c6fc5a7aa8c435d\danish horse nude hot (!) mature (Jenna,Christine).avi.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\brasilian lingerie bukkake sleeping .rar.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05\indian handjob blowjob [bangbus] beautyfull .mpg.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\tyrkish hardcore public titts .zip.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\malaysia horse licking ash traffic (Liz,Tatjana).mpg.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\italian cum girls nipples gorgeoushorny .zip.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_1412267f4b3bb985\kicking big (Samantha,Sylvia).zip.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Windows\winsxs\Temp\cum beastiality sleeping black hairunshaved .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Windows\SoftwareDistribution\Download\cum sleeping ash .zip.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_65b23d3c3a97bfaf\horse beastiality catfight .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_6208b91f46896156\swedish trambling hot (!) bedroom .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\russian beastiality hot (!) lady (Jenna,Anniston).zip.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_3c93ac15fd731acf\cumshot cum public (Jade,Curtney).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_3d98a610fed70b75\sperm several models cock redhair .zip.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_6.1.7600.16385_none_2958d4a31d2ec64f\british cumshot [free] glans (Sylvia,Sarah).zip.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\blowjob lesbian [bangbus] .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_39c9d74ef2ad6c7b\blowjob gay hidden .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Windows\winsxs\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_6b16fa9f975e1109\xxx [bangbus] balls .mpg.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Windows\mssrv.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\blowjob horse uncut boobs bedroom .rar.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_dd18b2a07d49aa11\xxx licking 50+ .zip.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Windows\assembly\tmp\french trambling uncut traffic (Sylvia,Christine).mpg.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Windows\PLA\Templates\nude uncut mistress .rar.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_6.1.7600.16385_none_6377027f0030a06a\tyrkish horse gang bang big circumcision .avi.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-m..-temptable-provider_31bf3856ad364e35_6.1.7600.16385_none_1dd3ce8d1e7524cd\blowjob handjob full movie pregnant .avi.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_5e4ff1f4cf2dee9b\swedish trambling action sleeping nipples (Liz,Liz).avi.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_f27c4f066f5c6701\german hardcore hot (!) (Sonja).rar.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_en-us_00f45b041e1e8fd3\beastiality horse catfight ash .rar.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_16a2bb1dbab1c595\horse uncut young .avi.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\horse full movie glans hotel .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8bfc34b93f0fdd42\fetish licking vagina girly (Anniston).avi.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\xxx uncut .rar.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\handjob handjob hot (!) (Christine,Christine).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5d9f7d70ed4643fd\sperm uncut hole .rar.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_de-de_5803850b2f40840e\german porn sperm full movie mistress .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_6.1.7600.16385_none_49dd84a06c7c8863\african xxx lesbian ash .zip.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe
"C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe"
C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe
"C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe"
C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe
"C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 38.58.58.202.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.239.28.211.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 160.222.113.53.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 61.11.132.212.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 253.4.209.80.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.251.161.230.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 230.102.46.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.176.245.167.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.151.208.188.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.200.169.210.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.94.165.16.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.199.235.7.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.15.119.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.83.103.197.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 38.46.13.109.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 135.222.133.147.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 207.95.58.50.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 93.83.211.254.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 115.112.190.17.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 111.42.65.101.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.130.199.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 107.204.148.136.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 191.121.9.60.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.10.86.169.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.16.196.146.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 153.8.169.174.in-addr.arpa | udp |
Files
C:\Program Files\Windows Sidebar\Shared Gadgets\asian fucking xxx public balls .avi.exe
| MD5 | 741d1d9099dc8c36202dd3b5e1308cbd |
| SHA1 | 05a9ffac1021738bfcc8f8c2bd09342153e71512 |
| SHA256 | 6ed8a3827a67faa95c2fde09b845fa71f2a353c3ac1e2efdc7cabb0980d1ce12 |
| SHA512 | d1a686ea1f72bbcc4d331761be633233a7a1a942d4d596b9b7fa95e9d52e892b6804906d3a203a03d7a7913b0d05c546f835bad5e025a23a4250cc88e96505d6 |
C:\debug.txt
| MD5 | fc1b25acc90daa65f01e4e08a3e07b22 |
| SHA1 | 07398d8339c9fa169ef3edbeb68d7d40fa88f791 |
| SHA256 | c2a29a6be316e922d24821946cb312f7e8c9f32993c4b8be3ef256f7880a6ab7 |
| SHA512 | 4424fd956e969c485efba3175f38e8f4b1ac94c7a913bc302ba073e8de471c978f95c3c8e35c270de9f89a6c609565e45130574ad78f62ba2c2f85a38def5e0f |
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-07 19:25
Reported
2024-04-07 19:28
Platform
win10v2004-20240226-en
Max time kernel
150s
Max time network
156s
Command Line
Signatures
Detects executables containing possible sandbox analysis VM usernames
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\danish kicking big feet (Melissa).avi.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\sperm public sm .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\fetish catfight bondage .rar.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Windows\System32\LogFiles\Fax\Incoming\fetish cum licking .avi.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\chinese lesbian voyeur glans shower (Anniston).avi.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\lesbian girls shoes .zip.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\SHARED\lingerie full movie hotel .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\lingerie cum hot (!) feet latex (Gina).mpg.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\african blowjob [milf] black hairunshaved .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\SHARED\indian kicking trambling voyeur (Karin,Jade).rar.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\canadian porn sperm masturbation .rar.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\kicking handjob hidden .avi.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\animal gang bang [milf] black hairunshaved (Sonja,Curtney).rar.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\tyrkish fucking licking blondie (Jenna,Jenna).mpg.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\british cumshot [free] .mpg.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\american action sleeping wifey (Karin,Anniston).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Microsoft Shared\american handjob animal lesbian glans femdom .rar.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Program Files\dotnet\shared\porn horse hot (!) girly .zip.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Templates\beast horse public hotel (Samantha).rar.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Program Files\Microsoft Office\Updates\Download\russian bukkake [bangbus] .mpg.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\japanese sperm uncut cock YEâPSè& (Samantha,Sarah).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\nude cum sleeping beautyfull .rar.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\Download\lesbian uncut boobs .avi.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\spanish trambling lesbian .zip.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\african lingerie hot (!) sweet (Sarah,Melissa).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\indian fucking masturbation ash shoes .avi.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Shared Gadgets\animal horse big sm .zip.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\malaysia cumshot masturbation ash .zip.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\fucking hardcore girls (Karin,Britney).mpg.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\black xxx horse hot (!) vagina shoes .mpg.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d38ece58f77171b4\african lingerie kicking uncut glans blondie .avi.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_cb389cf57d74d691\british action cumshot uncut redhair .avi.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.1_none_fa09f84703cb02c5\german horse uncut sweet .zip.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1_none_0b596e2a33be7d4c\norwegian cum blowjob voyeur .mpg.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Windows\InputMethod\SHARED\bukkake trambling hot (!) hole .avi.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_10.0.19041.1_none_de1581e9a275faf8\canadian nude beast hot (!) ash balls (Jenna,Tatjana).avi.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..se-shared-datafiles_31bf3856ad364e35_10.0.19041.1_none_2f5f00d280dce9f6\spanish cum xxx public castration .rar.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_bfae5918c0443f83\german sperm kicking several models .zip.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.1266_none_7916f7558927ae23\tyrkish cum gang bang [free] feet .zip.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.153_none_e23c926e32d07dc1\swedish lingerie xxx hot (!) black hairunshaved .zip.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_en-us_64f5aaf4bb13ecef\tyrkish cum gang bang voyeur boobs (Janette,Janette).avi.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_10.0.19041.746_none_e2c6a972a81b8d2c\black lesbian sleeping .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\african lesbian cum full movie legs castration .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_es-es_30d7585a049f5b52\horse big YEâPSè& .zip.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_855aff45853749ef\japanese fucking xxx [milf] .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_9aa486d790131d4e\spanish nude beast licking high heels (Ashley,Christine).rar.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.1_none_6e0e425bd0e83959\french cumshot girls sm .zip.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedpc-sharedpccsp_31bf3856ad364e35_10.0.19041.1_none_24f622f1fc5a3f3c\bukkake blowjob catfight stockings .avi.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-t..ervices-tsfairshare_31bf3856ad364e35_10.0.19041.1_none_e32b64807ab11fd2\japanese gay beastiality big bedroom (Melissa).avi.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_adfc5e0bfca53431\italian blowjob sperm hidden feet .rar.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Windows\PLA\Templates\action lingerie public .mpg.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Windows\SoftwareDistribution\Download\SharedFileCache\french blowjob horse uncut (Sonja).avi.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_7860bee9439c3ae7\gay lesbian catfight YEâPSè& (Tatjana).mpg.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.1_none_0bc0f3d4cd7dc8fd\gang bang [free] .rar.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5fdc43acc1be690d\japanese fetish sperm catfight 40+ .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_e79b400a6df5fd2c\lingerie blowjob full movie leather (Samantha,Sandy).rar.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_en-us_e5f85095c4bc5d16\danish hardcore beastiality full movie shower (Karin).avi.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Windows\assembly\tmp\black beastiality full movie vagina .mpg.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.1_none_c6da8048542fddc7\african horse full movie castration .zip.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedrealitysvc_31bf3856ad364e35_10.0.19041.1_none_5a23b464e1e0b15e\italian cumshot hidden stockings .avi.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.1_none_a7ad1894592cfa12\chinese nude handjob [milf] high heels (Christine).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\templates\cumshot handjob girls ash .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Windows\SystemResources\Windows.UI.ShellCommon\SharePickerUI\action horse big granny .rar.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-composable-sharepicker_31bf3856ad364e35_10.0.19041.1_none_c87e96327faffd0e\japanese xxx hidden bedroom (Ashley).avi.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_it-it_bdb6c49fcea35732\asian porn gay uncut 50+ .rar.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-s..mon-sharedresources_31bf3856ad364e35_10.0.19041.1_none_5417ea1f38dbb76b\beast hardcore voyeur .mpg.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedrealitysvc_31bf3856ad364e35_10.0.19041.746_none_822bf1ada1526fa8\russian horse cumshot masturbation traffic (Kathrin,Tatjana).rar.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\german fucking fucking full movie (Jade).mpg.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-a..gement-uevtemplates_31bf3856ad364e35_10.0.19041.1_none_0d66b54875835a49\indian trambling beast several models 50+ .zip.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_57eddd48e7a74274\japanese porn sperm masturbation feet (Britney,Britney).zip.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Windows\security\templates\black kicking animal masturbation hole YEâPSè& .zip.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_215194e2327a46ac\tyrkish trambling beastiality licking high heels .mpg.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_f07d4fae3e8e883f\bukkake uncut (Gina,Kathrin).avi.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1151_none_fbdc4c5f677dc2ec\american lingerie fetish hot (!) nipples .avi.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Windows\mssrv.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_211cf1c632a13851\russian beast beast big feet high heels .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_it-it_72a319bf8ee74a9b\black fetish licking redhair (Tatjana).rar.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_10.0.19041.1_none_096bb4dc0d5d63a0\italian fucking sleeping femdom .avi.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\danish hardcore beastiality hot (!) ash (Liz).avi.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_it-it_4c5922428a6f2d08\lingerie hot (!) bondage (Samantha).mpg.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_10.0.19041.1_none_a3d9a07cf2290837\british bukkake [free] cock mistress .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Windows\CbsTemp\norwegian nude catfight femdom .avi.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Windows\SystemResources\Windows.ShellCommon.SharedResources\german nude full movie nipples black hairunshaved .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.928_none_33e0d5558cdd7c61\animal fucking [free] legs upskirt .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.789_en-us_58ebf9ecc407e3c0\xxx fetish uncut YEâPSè& .avi.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.906_none_ef0e010d1381269b\trambling sperm public .mpg.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Windows\assembly\temp\animal [free] .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_833abdc06c68d338\norwegian gay kicking [free] lady .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.1_none_a80cea873b2a6772\indian cum fucking licking .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..s-ime-eashared-ihds_31bf3856ad364e35_10.0.19041.1_none_e8996b7d3512363f\spanish animal full movie (Karin).mpg.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.867_en-us_49453482f1fb5356\hardcore fetish public traffic .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_89c0bf1761110f07\black fetish fetish lesbian .zip.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1288_none_56c05939711f0938\fucking bukkake [free] young .zip.exe | C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe
"C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe"
C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe
"C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe"
C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe
"C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe"
C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe
"C:\Users\Admin\AppData\Local\Temp\249db0644c747dd9bd92e002e70519e61fc72fd9b37b882fb70461838dfe04c1.exe"
Network
| Country | Destination | Domain | Proto |
| GB | 23.44.234.16:80 | tcp | |
| US | 8.8.8.8:53 | 79.121.231.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 159.113.53.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.118.77.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.173.189.20.in-addr.arpa | udp |
Files
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\indian fucking masturbation ash shoes .avi.exe
| MD5 | a6eb3622a0a7ae3f281958920c768710 |
| SHA1 | b78e6980d843f7a2f4e506fbebfb4f1a725858ed |
| SHA256 | 82c28577ae11fa76775d787ae6832a88102d18198dce7308bb19967274a393fe |
| SHA512 | d8f68b740b27994208da51ffb6d6271a20c18506434ea98f26bf490de4f5a4724e2f0d5d69e3614e802fe771dae24f175baa5d1278f92ab2d457ce1ee4d38322 |