Analysis Overview
SHA256
246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7
Threat Level: Known bad
The file 246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7 was found to be: Known bad.
Malicious Activity Summary
UPX dump on OEP (original entry point)
UPX dump on OEP (original entry point)
Detects executables containing possible sandbox analysis VM usernames
UPX packed file
Checks computer location settings
Reads user/profile data of web browsers
Adds Run key to start application
Enumerates connected drives
Drops file in System32 directory
Drops file in Windows directory
Drops file in Program Files directory
Enumerates physical storage devices
Unsigned PE
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-07 19:25
Signatures
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-07 19:25
Reported
2024-04-07 19:27
Platform
win7-20240221-en
Max time kernel
150s
Max time network
153s
Command Line
Signatures
Detects executables containing possible sandbox analysis VM usernames
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\System32\DriverStore\Temp\lingerie sleeping titts pregnant .mpg.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Windows\System32\LogFiles\Fax\Incoming\gay full movie feet (Sonja,Liz).rar.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\gay [milf] sm .mpg.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\indian cumshot lesbian licking feet bedroom (Melissa).zip.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\shared\danish kicking hardcore [free] titts .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\american action blowjob [bangbus] titts lady .zip.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\fucking [free] .rar.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\french xxx [milf] titts (Ashley,Melissa).mpg.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\shared\gay catfight sweet .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\swedish cumshot xxx [milf] shoes .avi.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\Windows Journal\Templates\indian cum trambling [milf] (Sylvia).avi.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Shared Gadgets\japanese action xxx masturbation glans .avi.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\xxx hidden cock young (Sarah).zip.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\sperm uncut gorgeoushorny .rar.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\black action beast public (Curtney).zip.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\japanese animal fucking licking .mpg.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\microsoft shared\lingerie sleeping titts swallow .mpg.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\swedish action beast uncut lady .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\italian animal xxx lesbian high heels .zip.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Program Files\DVD Maker\Shared\bukkake licking glans circumcision .zip.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\Download\horse uncut mistress (Sonja,Jade).avi.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\danish nude beast big glans ash .zip.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\brasilian animal horse [free] shoes .mpg.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\lingerie hidden titts granny .zip.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\hardcore several models .zip.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\assembly\tmp\tyrkish action xxx several models feet mistress (Janette).avi.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_en-us_00f45b041e1e8fd3\african bukkake lesbian .mpg.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Windows\SoftwareDistribution\Download\blowjob full movie lady .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_cd2006602e5ee22e\chinese gay lesbian boots .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_3863e9ef3f804dd9\norwegian blowjob sleeping (Melissa).mpg.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b4aea777fe683838\trambling sleeping feet stockings .zip.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5d9f7d70ed4643fd\kicking lingerie hidden YEâPSè& .rar.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_97a45841ff925aa0\kicking hardcore [free] pregnant .rar.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_6.1.7600.16385_none_a727eb798dcfb185\horse blowjob several models young (Sonja,Melissa).rar.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Windows\mssrv.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\indian cum lesbian [bangbus] sweet .rar.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_d81c96999f75bd77\tyrkish porn xxx hidden .zip.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_965db382b6fef5cb\italian beastiality sperm uncut cock castration .rar.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_f3c374fc18118ca2\fetish horse uncut .zip.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\danish handjob gay girls (Karin).mpg.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Windows\Downloaded Program Files\swedish porn lesbian voyeur shoes .rar.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\brasilian nude sperm [free] high heels (Sonja,Liz).mpg.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_f27c4f066f5c6701\hardcore several models feet ìï .mpg.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_7bfdfb15e7184c41\fetish horse licking .mpg.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0ac4ebfc358e5ec0\cum sperm hidden blondie .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\swedish horse fucking voyeur .zip.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05\american porn sperm full movie glans .rar.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_2e7f079c3208e549\canadian lingerie masturbation .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_94828572f7ddbf0f\cum xxx masturbation beautyfull .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_6.1.7600.16385_none_af6f98ff87b0e3cc\blowjob masturbation cock shower .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_bcc167434bb9b3ea\beastiality hardcore hot (!) granny (Christine,Sylvia).rar.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_de-de_5803850b2f40840e\asian beast catfight (Janette).zip.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_1412267f4b3bb985\norwegian trambling full movie titts YEâPSè& .zip.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e30b5ec05031d17d\fucking several models beautyfull (Ashley,Tatjana).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Windows\winsxs\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_79642285ffd2a388\brasilian kicking horse hot (!) .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_7f84cd98a7a56fd8\japanese handjob lingerie hidden hole black hairunshaved .avi.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_4fe2107fd06efdd8\swedish action xxx several models latex .mpg.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_00225053e03f4c04\french lingerie big cock ash .zip.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ea4a469ab7713182\chinese fucking big glans .avi.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8c6fc5a7aa8c435d\japanese gang bang beast lesbian (Liz).zip.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8bfc34b93f0fdd42\animal bukkake lesbian (Sylvia).zip.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_aea650787d30ed8a\norwegian sperm uncut (Karin).zip.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_6.1.7600.16385_none_49dd84a06c7c8863\action trambling catfight feet .mpg.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_9498b282333b64ec\cumshot beast public mistress .zip.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_c26c5b8280c6af34\malaysia blowjob big sweet (Sandy,Janette).avi.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_657d9a203abeb154\brasilian action lingerie [bangbus] titts .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f25d066604c2ad34\canadian fucking full movie (Liz).avi.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_39374e2435a71b47\fetish lesbian full movie lady .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_4d274741486b900c\malaysia hardcore masturbation .mpg.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_16a2bb1dbab1c595\lingerie big glans (Jenna,Curtney).avi.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\italian porn sperm girls mistress .zip.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\indian handjob lingerie hot (!) titts bedroom .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\italian fetish horse [bangbus] lady .zip.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_60c2504d62fd4f0e\brasilian fetish bukkake [bangbus] hole .mpg.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2fc4a33adb648f33\action lingerie voyeur .mpg.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8bc7919d3f36cee7\french lingerie [free] glans stockings .rar.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_it-it_18a6fde3093acac7\action hardcore [bangbus] penetration .mpg.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\lingerie hot (!) YEâPSè& (Jenna,Sylvia).avi.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8d9f242de8497d58\lesbian [milf] ìï (Sandy,Tatjana).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_dba3691c6002e10e\german lingerie sleeping gorgeoushorny .mpg.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_b7f38afb92de484f\spanish beast public feet femdom .zip.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_60a2cbbf935c42b4\cumshot sperm several models traffic .zip.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_095efe9c8261401e\cum bukkake uncut balls .zip.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_3b85bcbe4734e96a\kicking lesbian hidden titts latex .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_293ea1e3e6bc5364\canadian sperm [free] traffic (Britney,Sarah).zip.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_94ab98ac6d213009\italian horse fucking [milf] (Jade).mpg.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_99b74194b7347cab\french lingerie hidden hairy .zip.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_a945e2c500c90142\russian porn trambling several models .mpg.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_3d98a610fed70b75\swedish animal blowjob [milf] titts .mpg.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe
"C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe"
C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe
"C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe"
C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe
"C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe"
C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe
"C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 104.90.54.171.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.204.124.191.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.195.166.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 199.64.247.60.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.149.185.43.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 159.165.68.218.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.175.51.33.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 219.11.189.130.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 54.169.187.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.201.104.146.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 96.136.3.248.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 39.158.31.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 185.104.83.79.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 242.236.136.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.255.131.124.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.30.249.220.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.175.140.120.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.2.87.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 120.63.240.36.in-addr.arpa | udp |
Files
memory/2696-0-0x0000000000400000-0x000000000041E000-memory.dmp
C:\Program Files\Windows Sidebar\Shared Gadgets\japanese action xxx masturbation glans .avi.exe
| MD5 | 4ab8763ff25f82a70e163e70c6908c4e |
| SHA1 | e7f53c8e5a40d188ddea30f267b3ee812aa1df7d |
| SHA256 | e95eb0b7ea40b0b6be7c4185266dc69de762cdc66ff8b6878f749d240a7988be |
| SHA512 | 1ec387c2753ff665b2cb0185bf4c4373410cec59931636083cce6e52fdf741ec4dd75a5906bbb1afffc807501b934122a11e4321db3186e3c0be1d8faf0b93ea |
memory/2696-51-0x00000000044B0000-0x00000000044CE000-memory.dmp
memory/2444-52-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2744-53-0x00000000044A0000-0x00000000044BE000-memory.dmp
memory/2524-54-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2696-89-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2744-90-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2444-91-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2524-92-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2696-93-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2696-97-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2696-102-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2696-108-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2696-120-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2696-124-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2696-128-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2696-134-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2696-138-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2696-142-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2696-146-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2696-150-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2696-154-0x0000000000400000-0x000000000041E000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-07 19:25
Reported
2024-04-07 19:27
Platform
win10v2004-20240319-en
Max time kernel
150s
Max time network
156s
Command Line
Signatures
Detects executables containing possible sandbox analysis VM usernames
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\config\systemprofile\japanese kicking xxx catfight leather .zip.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\swedish fetish gay full movie castration .mpg.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\SHARED\blowjob [bangbus] (Sarah).mpg.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\japanese cum gay hidden feet ash .mpg.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\sperm uncut .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\SHARED\japanese cumshot hardcore public titts .mpg.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Windows\System32\LogFiles\Fax\Incoming\fucking lesbian penetration (Anniston,Sylvia).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\italian cum fucking [free] titts balls .mpg.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\brasilian cumshot bukkake lesbian glans bondage .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\tyrkish handjob lingerie public titts shower (Liz).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\trambling girls sweet .zip.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\indian handjob lesbian girls high heels .rar.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\dotnet\shared\trambling lesbian 40+ .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\italian cum xxx several models young .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Program Files\Microsoft Office\Updates\Download\italian fetish horse [milf] cock .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\brasilian action blowjob girls ,Ó .rar.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\Download\fucking licking cock circumcision .mpg.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\horse voyeur hole bondage (Janette).zip.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\gay [free] .zip.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Shared Gadgets\american nude bukkake uncut cock lady (Melissa).zip.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\indian porn sperm [milf] bondage .rar.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\lingerie voyeur feet balls .mpg.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\japanese cumshot sperm voyeur feet 50+ (Curtney).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\fucking hidden feet balls (Sylvia).rar.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\british lingerie [milf] .zip.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Microsoft Shared\xxx catfight hole stockings .avi.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Install\{D3EA2F86-0081-495C-8439-1E64CA71F999}\EDGEMITMP_57EE5.tmp\black kicking gay several models swallow .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\gay lesbian .rar.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Templates\blowjob [free] glans .mpg.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\swedish fetish xxx uncut titts .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\horse uncut .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_ab42fb092bda9182\african trambling catfight feet .avi.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Windows\WinSxS\msil_microsoft.powershel..filedownloadmanager_31bf3856ad364e35_10.0.19041.1_none_cb69bad627df9263\gay voyeur feet .rar.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Windows\SoftwareDistribution\Download\SharedFileCache\xxx several models gorgeoushorny .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_855aff45853749ef\xxx [free] feet lady (Janette).zip.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_de-de_3d077a9cd5de5151\beastiality horse big hole YEâPSè& .avi.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\beastiality horse full movie titts bondage (Tatjana).mpg.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Windows\CbsTemp\black kicking sperm voyeur titts .avi.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_es-es_8da1621e0a800290\german hardcore [free] feet .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_10.0.19041.1_none_965fbcbe4df0916b\sperm uncut castration (Jenna,Sylvia).avi.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_10.0.19041.1_none_551afa5edf8be30e\kicking lesbian hidden feet bedroom .mpg.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5fdc43acc1be690d\beastiality blowjob lesbian YEâPSè& .rar.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_14c898cc82025c76\blowjob voyeur YEâPSè& (Sonja,Janette).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.546_none_cd016aa683e5a345\italian nude horse hot (!) titts granny .avi.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_9aa486d790131d4e\kicking gay girls penetration (Ashley,Sarah).mpg.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\templates\danish horse sperm uncut hole (Kathrin,Curtney).mpg.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_ee7ea14f7d8a3ee3\horse beast big (Samantha).rar.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\japanese horse sperm licking boots .rar.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx4-installsqlstatetemplate_sql_b03f5f7f11d50a3a_4.0.15805.0_none_7636d1cd418015c8\lesbian sleeping (Samantha).zip.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_6c85d64de79e0985\spanish lingerie lesbian .zip.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..s-ime-eashared-ihds_31bf3856ad364e35_10.0.19041.1_none_e8996b7d3512363f\swedish action bukkake masturbation titts black hairunshaved .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1288_none_ca3007304990b2ea\american porn trambling full movie (Sarah).mpg.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_10.0.19041.1_none_096bb4dc0d5d63a0\german horse hot (!) (Liz).zip.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.746_none_b53f8b98f2b3a373\beastiality horse girls .rar.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Windows\WinSxS\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_10.0.19041.1_none_c049dbdb4e15bdd2\russian handjob hardcore lesbian shower .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\swedish horse sperm lesbian feet high heels (Sylvia).rar.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.1266_none_7916f7558927ae23\chinese bukkake public ash .zip.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.906_none_ef0e010d1381269b\danish cumshot bukkake catfight hole Ôï (Liz).avi.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_b1ffa0e7b4ed03e2\canadian beast girls (Melissa).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_89c0bf1761110f07\cumshot beast hidden hole .rar.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_en-us_e5f85095c4bc5d16\spanish lingerie full movie cock .rar.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_de-de_bc04d4fbcc35e12a\norwegian horse voyeur feet penetration .avi.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_es-es_c9ce604ef4cbf323\spanish beast [milf] .mpg.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\black animal lingerie hot (!) glans sweet .rar.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.572_none_d9e58b774d1b6e80\danish kicking horse licking boots .avi.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_19d22204a1f3fcaf\bukkake uncut feet redhair (Samantha).rar.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx4-_dataperfcou.._shared12_neutral_h_b03f5f7f11d50a3a_4.0.15805.0_none_24ed4511dcc3019e\indian cum fucking full movie .mpg.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\black fetish blowjob voyeur bedroom .mpg.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_10.0.19041.1_none_0341fea186758116\japanese horse gay hidden wifey (Anniston,Tatjana).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_10.0.19041.746_none_e2c6a972a81b8d2c\chinese horse [free] (Samantha).mpg.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_10.0.19041.1_none_359f84f8e5af60e2\chinese lesbian several models sweet .avi.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_8fafa997b9980bea\black gang bang trambling voyeur pregnant .mpg.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.746_none_a06b29f6c4bab99e\asian blowjob girls titts sm (Sarah).mpg.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_de-de_881b257d159a5de8\porn bukkake licking lady (Gina,Karin).avi.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_fd7349c396c417ae\gay sleeping .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-s..-kf-commondownloads_31bf3856ad364e35_10.0.19041.1_none_a914e3e3f19ceda1\black horse lingerie catfight girly .avi.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_f07d4fae3e8e883f\canadian trambling [milf] ash .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-u..ell-sharedutilities_31bf3856ad364e35_10.0.19041.546_none_a93e4a2569276206\beast licking stockings (Jenna,Jade).mpg.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_it-it_1a80ce63d483fe70\british xxx several models granny .rar.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx-shared_registry_whidbey_31bf3856ad364e35_10.0.19041.1_none_1c68775f06732f08\beastiality lesbian several models 50+ .avi.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_8d8f6812a0c99533\norwegian lesbian [bangbus] hole (Britney,Curtney).zip.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..ces-ime-eashared-lm_31bf3856ad364e35_10.0.19041.1_none_4756d423b091d10b\american handjob bukkake big titts fishy .avi.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\templates\bukkake masturbation (Liz).rar.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_4c786ae2f508e6d5\horse hardcore big shower .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.1_none_abfc9db6c377b91f\hardcore several models titts .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_adfc5e0bfca53431\cum lingerie several models .mpg.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.1_none_a80cea873b2a6772\beastiality horse licking bondage .avi.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_b597a55b603b537d\spanish bukkake sleeping feet mistress (Melissa).rar.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.844_none_67b5915b5651dd8a\chinese fucking hidden .rar.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.867_en-us_49453482f1fb5356\indian handjob horse licking cock .zip.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_it-it_f1a0741e853eda74\fetish sperm big 50+ .zip.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_6242879b1c08046f\british lesbian several models mistress .mpg.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\Downloads\russian horse trambling licking .rar.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\horse sleeping titts beautyfull (Curtney).zip.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_887b2378b7b5651d\asian trambling lesbian hole .rar.exe | C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe
"C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe"
C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe
"C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe"
C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe
"C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe"
C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe
"C:\Users\Admin\AppData\Local\Temp\246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3980 --field-trial-handle=3408,i,16599691418790971742,134777455365707676,262144 --variations-seed-version /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 140.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.154.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.114.53.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.173.246.72.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.110.54.20.in-addr.arpa | udp |
| GB | 13.105.221.15:443 | tcp | |
| US | 8.8.8.8:53 | 121.118.77.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.204.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| NL | 142.251.36.42:443 | tcp | |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.82.163.22.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 213.232.36.14.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.206.91.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 221.68.3.221.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.70.201.243.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.158.116.90.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.75.66.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.63.201.236.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 124.176.188.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 96.85.47.253.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.38.196.146.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.31.226.167.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 118.188.64.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.150.145.97.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.125.100.6.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 102.1.157.206.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 204.43.212.75.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 212.201.148.22.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.210.123.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.192.221.27.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.183.235.248.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.81.21.17.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 153.191.189.58.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 160.73.119.205.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.249.27.80.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.116.59.38.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.115.128.146.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 115.180.168.156.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 112.163.30.80.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.240.249.100.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 179.173.48.247.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 165.22.65.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.99.251.149.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.226.69.165.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.108.225.197.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.192.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.90.194.182.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.125.50.71.in-addr.arpa | udp |
Files
memory/4364-0-0x0000000000400000-0x000000000041E000-memory.dmp
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\lingerie voyeur feet balls .mpg.exe
| MD5 | b7932c5670111fb4ec6921c0d66e5a80 |
| SHA1 | b1beda92b4a5723dd06dd9e4ea95d654c993d819 |
| SHA256 | e9910186cd9d4e0cfe9eb8aa8cd48f02427d54abcf63609214ddfc44e9eb8df6 |
| SHA512 | 36b5966f5b8d773c62eede86cb2af86316a4f8f6da0ab5a697c161f79b5c5ce4c7b0491297c8f717bc26b6322c3eb156740a6995821e8ec0f6d6d63e161b5d49 |
memory/4212-38-0x0000000000400000-0x000000000041E000-memory.dmp
memory/4364-150-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1528-165-0x0000000000400000-0x000000000041E000-memory.dmp
memory/4212-174-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1356-185-0x0000000000400000-0x000000000041E000-memory.dmp
memory/4364-186-0x0000000000400000-0x000000000041E000-memory.dmp
memory/4364-187-0x0000000000400000-0x000000000041E000-memory.dmp
memory/4364-191-0x0000000000400000-0x000000000041E000-memory.dmp
memory/4364-195-0x0000000000400000-0x000000000041E000-memory.dmp
memory/4364-199-0x0000000000400000-0x000000000041E000-memory.dmp
memory/4364-204-0x0000000000400000-0x000000000041E000-memory.dmp
memory/4364-210-0x0000000000400000-0x000000000041E000-memory.dmp
memory/4364-220-0x0000000000400000-0x000000000041E000-memory.dmp
memory/4364-224-0x0000000000400000-0x000000000041E000-memory.dmp
memory/4364-228-0x0000000000400000-0x000000000041E000-memory.dmp
memory/4364-232-0x0000000000400000-0x000000000041E000-memory.dmp
memory/4364-237-0x0000000000400000-0x000000000041E000-memory.dmp
memory/4364-241-0x0000000000400000-0x000000000041E000-memory.dmp
memory/4364-245-0x0000000000400000-0x000000000041E000-memory.dmp