Analysis Overview
SHA256
24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9
Threat Level: Known bad
The file 24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9 was found to be: Known bad.
Malicious Activity Summary
UPX dump on OEP (original entry point)
Detects executables containing possible sandbox analysis VM usernames
UPX dump on OEP (original entry point)
Checks computer location settings
Reads user/profile data of web browsers
Adds Run key to start application
Enumerates connected drives
Drops file in System32 directory
Drops file in Program Files directory
Drops file in Windows directory
Unsigned PE
Enumerates physical storage devices
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-07 19:26
Signatures
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-07 19:26
Reported
2024-04-07 19:28
Platform
win7-20231129-en
Max time kernel
150s
Max time network
148s
Command Line
Signatures
Detects executables containing possible sandbox analysis VM usernames
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\FxsTmp\porn girls .rar.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\shared\action sperm uncut .avi.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Windows\System32\LogFiles\Fax\Incoming\brasilian gay [free] bedroom .avi.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\tyrkish hardcore horse [bangbus] hairy (Kathrin).rar.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\beastiality hot (!) nipples pregnant (Ashley).mpg.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\beast handjob catfight pregnant .mpg.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\cum trambling several models mistress .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\tyrkish lingerie fetish lesbian .rar.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\shared\chinese gang bang sperm voyeur hole shower .zip.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\kicking catfight (Sandy).zip.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\brasilian blowjob lesbian voyeur balls .avi.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\lesbian action hot (!) shower (Sonja,Britney).zip.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\asian gang bang several models swallow (Anniston,Britney).rar.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\action cum girls beautyfull (Samantha).avi.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\asian handjob public nipples wifey .avi.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\danish xxx xxx masturbation .avi.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\norwegian fetish lesbian redhair (Sarah).mpg.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\xxx [bangbus] bondage .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\microsoft shared\xxx horse catfight (Curtney,Britney).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\kicking [milf] upskirt .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\Download\japanese gang bang lesbian [bangbus] (Janette,Sylvia).rar.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Program Files\DVD Maker\Shared\canadian nude horse lesbian .rar.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Program Files\Windows Journal\Templates\asian cumshot cumshot public high heels .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Shared Gadgets\porn masturbation mature .zip.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\american beast nude uncut .zip.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\Downloaded Program Files\beast trambling catfight legs circumcision .zip.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_6.1.7600.16385_none_5499606faffb3f9f\tyrkish blowjob fucking [free] girly .rar.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\african fucking horse masturbation boots .avi.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\indian kicking [free] mature (Sylvia).rar.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Windows\SoftwareDistribution\Download\malaysia sperm handjob uncut .rar.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ea4a469ab7713182\indian kicking kicking several models boobs .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2fc4a33adb648f33\african lingerie public .zip.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_3c93ac15fd731acf\lingerie full movie (Jade).rar.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\japanese kicking big ejaculation .mpg.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Windows\PLA\Templates\chinese blowjob porn licking .rar.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\fetish cumshot girls .avi.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05\cumshot animal girls glans latex .mpg.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_5e4ff1f4cf2dee9b\xxx licking (Samantha,Karin).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_es-es_00bfb7e81e458178\beast handjob sleeping (Ashley,Janette).avi.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_6208b91f46896156\malaysia gay trambling sleeping vagina fishy (Christine).mpg.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Windows\security\templates\african cum bukkake [milf] fishy .rar.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5d9f7d70ed4643fd\beast several models beautyfull .avi.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_6.1.7600.16385_none_49dd84a06c7c8863\norwegian kicking porn full movie .mpg.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8bc7919d3f36cee7\kicking nude licking hole gorgeoushorny .zip.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_bacc7ceffc55dca2\asian handjob horse [milf] .mpg.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Windows\winsxs\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_6b16fa9f975e1109\canadian fetish [milf] feet gorgeoushorny (Christine).mpg.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0993a1b8823a4e79\lesbian sperm voyeur (Melissa,Samantha).rar.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-m..-temptable-provider_31bf3856ad364e35_6.1.7600.16385_none_1dd3ce8d1e7524cd\african cumshot animal sleeping .zip.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\italian cum licking boots (Karin).avi.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\handjob action sleeping titts .rar.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_657d9a203abeb154\hardcore handjob several models (Melissa,Liz).avi.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5d6ada54ed6d35a2\lingerie horse public glans (Sarah).rar.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_7bfdfb15e7184c41\tyrkish xxx full movie sm .mpg.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_aea650787d30ed8a\beastiality lesbian [bangbus] ash .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\norwegian porn beast hot (!) latex (Gina,Anniston).rar.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\gay gay voyeur balls .zip.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Windows\assembly\temp\french beastiality uncut circumcision .rar.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_f3c374fc18118ca2\chinese trambling [free] YEâPSè& .mpg.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0835101f2d90c7b6\danish lesbian beast [bangbus] blondie .avi.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\handjob animal hot (!) nipples lady .avi.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b4aea777fe683838\norwegian cum hot (!) .zip.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_2e7f079c3208e549\african beast cum full movie legs latex .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_60c2504d62fd4f0e\nude hot (!) feet (Liz,Britney).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ac16749b75335680\norwegian hardcore animal catfight vagina traffic (Janette,Liz).rar.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_d81c96999f75bd77\russian gang bang handjob lesbian bondage (Sandy,Melissa).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_4fe2107fd06efdd8\gay cumshot big (Gina,Curtney).rar.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_de-de_5803850b2f40840e\gang bang action masturbation bedroom .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_1412267f4b3bb985\tyrkish nude gang bang [free] young .avi.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_7f84cd98a7a56fd8\brasilian handjob blowjob lesbian lady .zip.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_bcc167434bb9b3ea\hardcore licking granny .rar.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f25d066604c2ad34\russian blowjob big stockings .zip.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_6.1.7600.16385_none_6377027f0030a06a\gang bang uncut pregnant (Christine).mpg.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_963e6ae24c653bfe\hardcore girls young .rar.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\british fucking lesbian cock .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_6.1.7600.16385_none_a727eb798dcfb185\gay big feet (Gina).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_60a2cbbf935c42b4\action lingerie voyeur (Melissa,Ashley).avi.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_4d274741486b900c\blowjob [free] .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_293ea1e3e6bc5364\animal public penetration (Janette).avi.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_cd2006602e5ee22e\canadian sperm sleeping femdom (Melissa,Samantha).avi.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_b7f38afb92de484f\italian nude masturbation vagina ejaculation (Tatjana,Jade).avi.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_387a16fe7addf3b6\italian gay sperm uncut .avi.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\fetish horse public traffic .rar.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\cum lesbian [free] .mpg.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_6f0f7833cb71e18d\porn sleeping hole .rar.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_en-us_00f45b041e1e8fd3\spanish kicking catfight .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_97a45841ff925aa0\german gang bang lesbian mistress .mpg.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_99b74194b7347cab\horse lesbian girls feet upskirt .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0af98f1835676d1b\japanese kicking licking hole young .mpg.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0ac4ebfc358e5ec0\trambling girls wifey (Jade).mpg.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe
"C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe"
C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe
"C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe"
C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe
"C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 249.119.236.135.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.34.210.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 164.85.22.94.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 63.239.219.15.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 62.190.156.249.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 247.248.237.53.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 85.216.83.118.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.186.168.25.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.79.172.147.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 120.209.97.1.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.39.90.123.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 219.179.38.107.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.58.33.233.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.227.230.58.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.123.1.117.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 188.55.48.234.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.166.137.169.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 148.1.209.90.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.218.17.220.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.248.236.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 123.81.233.21.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.21.175.82.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.217.62.248.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.76.31.137.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 190.134.248.130.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 115.8.111.208.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.191.144.35.in-addr.arpa | udp |
Files
memory/912-0-0x0000000000400000-0x000000000041C000-memory.dmp
C:\Program Files\Windows Sidebar\Shared Gadgets\porn masturbation mature .zip.exe
| MD5 | 419f9c7196cdad01d73fb052a3a23c3b |
| SHA1 | 3fcb8ec664baf6f91b5b3c01c77dbe917897a143 |
| SHA256 | e23466d76e7ed65ed60d5281d3c1a538f65fc4db2b316d8d5f86765f3559837f |
| SHA512 | f86468f2fe399ad8dbf5dfdfa886fb7fb3a0f960268abf18d55af9819eca633367a6da108ba5c9ddb4e30bd426eca5aa83857a3e025c62acab0a7182a442c2fe |
memory/912-65-0x0000000004750000-0x000000000476C000-memory.dmp
memory/2480-66-0x0000000000400000-0x000000000041C000-memory.dmp
memory/2060-90-0x0000000000400000-0x000000000041C000-memory.dmp
memory/912-92-0x0000000000400000-0x000000000041C000-memory.dmp
memory/912-105-0x0000000000400000-0x000000000041C000-memory.dmp
memory/912-106-0x0000000000400000-0x000000000041C000-memory.dmp
memory/912-108-0x0000000004750000-0x000000000476C000-memory.dmp
memory/912-110-0x0000000000400000-0x000000000041C000-memory.dmp
memory/912-113-0x0000000000400000-0x000000000041C000-memory.dmp
memory/912-116-0x0000000000400000-0x000000000041C000-memory.dmp
memory/912-121-0x0000000000400000-0x000000000041C000-memory.dmp
memory/912-124-0x0000000000400000-0x000000000041C000-memory.dmp
memory/912-127-0x0000000000400000-0x000000000041C000-memory.dmp
memory/912-130-0x0000000000400000-0x000000000041C000-memory.dmp
memory/912-133-0x0000000000400000-0x000000000041C000-memory.dmp
memory/912-136-0x0000000000400000-0x000000000041C000-memory.dmp
memory/912-139-0x0000000000400000-0x000000000041C000-memory.dmp
memory/912-142-0x0000000000400000-0x000000000041C000-memory.dmp
memory/912-145-0x0000000000400000-0x000000000041C000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-07 19:26
Reported
2024-04-07 19:28
Platform
win10v2004-20240226-en
Max time kernel
160s
Max time network
157s
Command Line
Signatures
Detects executables containing possible sandbox analysis VM usernames
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\IME\SHARED\malaysia beast [bangbus] (Ashley).zip.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\trambling bukkake [milf] young (Jenna).mpg.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\animal trambling big sm .avi.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\blowjob lingerie [bangbus] lady .zip.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Windows\System32\LogFiles\Fax\Incoming\black trambling hidden girly .mpg.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\swedish animal big traffic (Samantha,Britney).mpg.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\danish horse licking hole .zip.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\norwegian hardcore blowjob hidden granny .rar.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\brasilian horse big high heels (Janette).rar.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\italian beast fetish catfight latex .avi.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\sperm handjob uncut .rar.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\SHARED\swedish porn hidden 50+ .avi.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\dotnet\shared\cum hidden nipples (Melissa).avi.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\russian trambling gay licking sweet .mpg.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\swedish fetish big ash ejaculation .zip.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Templates\american kicking big .avi.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\norwegian handjob voyeur pregnant .zip.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\african porn cum girls .avi.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Program Files\Microsoft Office\Updates\Download\american horse horse hot (!) .mpg.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\asian lingerie nude full movie nipples leather (Sonja,Jenna).rar.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\spanish hardcore gay full movie bondage (Anniston).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\tyrkish fetish beast several models shoes .zip.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Shared Gadgets\italian beastiality [bangbus] legs hairy .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\african beastiality [free] hairy .rar.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Microsoft Shared\horse horse voyeur vagina wifey (Sonja,Sandy).zip.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\hardcore trambling masturbation feet blondie .zip.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\sperm uncut .rar.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\norwegian fucking hidden sweet .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\Download\porn beastiality [bangbus] .zip.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.906_none_ef0e010d1381269b\canadian fetish nude [bangbus] feet .rar.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_887b2378b7b5651d\beast lesbian feet granny .avi.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..ces-ime-eashared-lm_31bf3856ad364e35_10.0.19041.1_none_3d0229d17c310f10\american fucking girls .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\black animal girls feet beautyfull .rar.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_en-us_310bfb76047869ad\sperm gay full movie bondage .zip.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_ab42fb092bda9182\swedish animal nude big cock .avi.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.1_none_c6da8048542fddc7\tyrkish action girls (Sarah).mpg.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Windows\assembly\tmp\brasilian beast [bangbus] .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_es-es_bf79b5fcc06b3128\italian hardcore licking traffic .rar.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_621728fcd3c9d5f6\asian sperm cumshot girls .mpg.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_10.0.19041.1_none_de1581e9a275faf8\action girls black hairunshaved .zip.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.1_none_abfc9db6c377b91f\german kicking catfight 50+ .mpg.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Windows\security\templates\bukkake beastiality uncut glans sweet (Samantha,Janette).zip.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Windows\CbsTemp\bukkake gay hidden circumcision (Sandy,Sandy).rar.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\indian hardcore cumshot [bangbus] (Christine,Jade).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_855aff45853749ef\cum [milf] YEâPSè& (Liz).zip.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_f07d4fae3e8e883f\chinese gay horse several models (Sylvia).rar.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_es-es_30d7585a049f5b52\indian xxx girls (Melissa,Sylvia).zip.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-composable-sharepicker_31bf3856ad364e35_10.0.19041.1_none_c87e96327faffd0e\asian horse fetish big .mpg.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_it-it_bdb6c49fcea35732\chinese gang bang fetish sleeping boots .mpg.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-a..gement-uevtemplates_31bf3856ad364e35_10.0.19041.1_none_0d66b54875835a49\russian cumshot several models (Sylvia,Jade).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..s-ime-eashared-ihds_31bf3856ad364e35_10.0.19041.1_none_e8996b7d3512363f\tyrkish horse horse voyeur (Christine).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_10.0.19041.1_none_bd731e5b85dd203e\hardcore gang bang [free] bedroom (Sarah,Anniston).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\horse gay masturbation .avi.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..se-shared-datafiles_31bf3856ad364e35_10.0.19041.1_none_2f5f00d280dce9f6\danish fetish horse voyeur boobs .zip.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_bfae5918c0443f83\horse voyeur (Liz).mpg.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_it-it_72a319bf8ee74a9b\beast gay lesbian ejaculation (Christine,Karin).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.844_none_67b5915b5651dd8a\american sperm [milf] .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_de-de_881b257d159a5de8\hardcore beast sleeping 40+ (Sonja).zip.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_adfc5e0bfca53431\danish blowjob hidden 40+ .zip.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_89c0bf1761110f07\british horse full movie sm .rar.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\danish fetish gang bang several models (Jenna).avi.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Windows\SoftwareDistribution\Download\british hardcore lesbian traffic .avi.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.746_none_2212358fc33cc10f\american hardcore fucking catfight young .avi.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.746_none_d404daff82e97769\african beastiality sleeping .zip.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_b1ffa0e7b4ed03e2\animal girls lady .rar.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\indian gay fetish big glans .mpg.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\Downloads\cum animal [milf] traffic .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_5abbd3c4a3f2014c\african handjob licking bondage .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_en-us_e5f85095c4bc5d16\horse xxx masturbation hairy .zip.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\canadian bukkake hot (!) girly .zip.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_10.0.19041.1_none_ae957c4c35a7bf73\horse fucking licking YEâPSè& .avi.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.867_none_c29826784f9429f8\beastiality [bangbus] circumcision .zip.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Windows\InputMethod\SHARED\beast hot (!) feet mature (Liz,Samantha).rar.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.84_none_81616275259e37fe\black blowjob sleeping glans YEâPSè& .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_ee7ea14f7d8a3ee3\norwegian lingerie bukkake catfight .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Windows\Downloaded Program Files\porn porn full movie shower .zip.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_215194e2327a46ac\cum lesbian circumcision .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d38ece58f77171b4\indian beastiality [milf] swallow (Karin).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.789_en-us_58ebf9ecc407e3c0\blowjob porn licking glans penetration (Sonja).zip.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_de-de_16bd831fd16633be\action nude hot (!) wifey .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.1266_none_7916f7558927ae23\norwegian cum full movie wifey .mpg.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_10.0.19041.1_none_8c0b126c198fcf70\action sleeping (Curtney).avi.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Windows\SystemResources\Windows.ShellCommon.SharedResources\asian sperm public circumcision .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.1_none_fa09f84703cb02c5\trambling big legs Ôï .rar.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1_none_3cfd44d351b1a8ab\norwegian fucking horse girls .zip.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.964_none_1c1a193f5bfcf136\cumshot fucking hidden ejaculation .mpg.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\templates\british animal uncut (Melissa).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5021dd18efc0460c\indian nude big .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_cb389cf57d74d691\indian cumshot bukkake girls beautyfull .avi.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_1bbb9ab9fc52bac9\italian beast blowjob [free] ash .zip.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_62312bfbb33d478a\nude horse girls femdom .zip.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_it-it_4c5922428a6f2d08\italian porn handjob catfight (Jenna).avi.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_5af076e0a3cb0fa7\american bukkake xxx masturbation glans traffic .mpg.exe | C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe
"C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe"
C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe
"C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe"
C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe
"C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe"
C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe
"C:\Users\Admin\AppData\Local\Temp\24bdb0309390e68f7beed1d333369ff9fded2c0d6b8092fb5a81459b0242efc9.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 159.113.53.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.171.91.138.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.118.77.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 7.173.189.20.in-addr.arpa | udp |
Files
memory/4076-0-0x0000000000400000-0x000000000041C000-memory.dmp
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\norwegian handjob voyeur pregnant .zip.exe
| MD5 | 8ba1b535041231c3dde2ade1858e4d33 |
| SHA1 | 581179bf5afc0eec424f8018bc8e84cef0bbcfc9 |
| SHA256 | db26d3506440ffcea2918798a3479bd5d54299c6b4af08361a7ff32b6e0fe3e2 |
| SHA512 | a5777d43c75f60052101999ac1d797b97328f32d436e9dc3b50b032ec526012dc1f25f51b0b0852d3999beeed15069dd1806254bcb5688f8894c12985c0a82c3 |
memory/768-11-0x0000000000400000-0x000000000041C000-memory.dmp
memory/4076-24-0x0000000000400000-0x000000000041C000-memory.dmp
memory/4792-124-0x0000000000400000-0x000000000041C000-memory.dmp
memory/4592-149-0x0000000000400000-0x000000000041C000-memory.dmp
memory/768-150-0x0000000000400000-0x000000000041C000-memory.dmp
memory/4076-163-0x0000000000400000-0x000000000041C000-memory.dmp
memory/4076-164-0x0000000000400000-0x000000000041C000-memory.dmp
memory/4076-194-0x0000000000400000-0x000000000041C000-memory.dmp
memory/4076-214-0x0000000000400000-0x000000000041C000-memory.dmp
memory/4076-222-0x0000000000400000-0x000000000041C000-memory.dmp
memory/4076-226-0x0000000000400000-0x000000000041C000-memory.dmp
memory/4076-230-0x0000000000400000-0x000000000041C000-memory.dmp
memory/4076-234-0x0000000000400000-0x000000000041C000-memory.dmp
memory/4076-238-0x0000000000400000-0x000000000041C000-memory.dmp
memory/4076-242-0x0000000000400000-0x000000000041C000-memory.dmp