Analysis Overview
SHA256
266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864
Threat Level: Known bad
The file 266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864 was found to be: Known bad.
Malicious Activity Summary
UPX dump on OEP (original entry point)
UPX dump on OEP (original entry point)
Detects executables containing possible sandbox analysis VM usernames
Checks computer location settings
UPX packed file
Reads user/profile data of web browsers
Enumerates connected drives
Adds Run key to start application
Drops file in System32 directory
Drops file in Windows directory
Drops file in Program Files directory
Enumerates physical storage devices
Unsigned PE
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-07 19:30
Signatures
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-07 19:30
Reported
2024-04-07 19:33
Platform
win7-20240221-en
Max time kernel
150s
Max time network
159s
Command Line
Signatures
Detects executables containing possible sandbox analysis VM usernames
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\config\systemprofile\horse sperm [bangbus] .zip.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\bukkake [bangbus] femdom (Christine).zip.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\tyrkish porn licking blondie .rar.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\norwegian beast beastiality catfight feet castration (Christine).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\shared\fetish xxx hidden black hairunshaved .rar.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Windows\System32\LogFiles\Fax\Incoming\norwegian trambling public glans 40+ (Sandy,Curtney).avi.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\french cumshot horse licking .zip.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\cumshot girls ash .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\kicking girls stockings .mpg.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\shared\hardcore beastiality hot (!) stockings (Sonja).rar.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Common Files\microsoft shared\swedish xxx gay sleeping (Jenna,Anniston).zip.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\lesbian uncut .mpg.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\french bukkake gang bang several models circumcision .zip.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\african cumshot hot (!) .mpg.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Program Files\DVD Maker\Shared\danish horse sleeping titts .zip.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\chinese hardcore hot (!) YEâPSè& (Gina,Tatjana).zip.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\canadian cumshot masturbation titts penetration .mpg.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\black lingerie cumshot [bangbus] redhair (Anniston).avi.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Shared Gadgets\sperm lesbian lesbian upskirt (Sylvia).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\malaysia horse hardcore [bangbus] lady .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\chinese lesbian animal voyeur boobs upskirt .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\sperm gang bang full movie ¤ã .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Program Files\Windows Journal\Templates\sperm cum several models cock .zip.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\russian kicking big stockings (Liz,Sonja).avi.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\Download\horse full movie nipples (Sylvia,Curtney).mpg.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\mssrv.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5d9f7d70ed4643fd\brasilian porn girls legs wifey .zip.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_de-de_5803850b2f40840e\russian fucking xxx catfight ash hairy .avi.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-m..-temptable-provider_31bf3856ad364e35_6.1.7600.16385_none_1dd3ce8d1e7524cd\kicking xxx several models vagina 40+ .avi.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_ddab3bcb3a4ffb45\italian kicking girls .avi.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_387a16fe7addf3b6\horse uncut young .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\hardcore sperm [free] 50+ (Jenna).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\lesbian sperm full movie feet .rar.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_99b74194b7347cab\gay uncut .avi.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_bcc167434bb9b3ea\brasilian lingerie licking .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_00225053e03f4c04\norwegian trambling kicking catfight black hairunshaved .avi.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\lingerie cumshot licking pregnant .avi.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e30b5ec05031d17d\kicking [milf] .zip.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_6.1.7600.16385_none_2958d4a31d2ec64f\american horse beastiality voyeur gorgeoushorny .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\italian horse lesbian [milf] .avi.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_34400a5790d1d336\russian beast voyeur (Christine,Kathrin).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Windows\winsxs\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_79642285ffd2a388\animal voyeur boots .rar.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Windows\assembly\tmp\fetish handjob sleeping boobs leather .rar.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2fc4a33adb648f33\gay handjob girls circumcision (Anniston).avi.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_60c2504d62fd4f0e\norwegian fetish fetish [milf] (Liz).avi.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_60a2cbbf935c42b4\japanese fucking full movie boobs .zip.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Windows\winsxs\Temp\animal cum big ash gorgeoushorny .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_6f0f7833cb71e18d\porn kicking big cock traffic .avi.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_es-es_00bfb7e81e458178\japanese cumshot lesbian [bangbus] gorgeoushorny .zip.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Windows\winsxs\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_6b16fa9f975e1109\action kicking [free] (Ashley).rar.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_4d274741486b900c\horse beastiality voyeur boots .zip.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\asian handjob girls ¤ã .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_4fe2107fd06efdd8\sperm beastiality big .rar.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b4aea777fe683838\chinese handjob porn masturbation nipples shower (Sonja).avi.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_7f84cd98a7a56fd8\german handjob [milf] feet fishy (Gina,Sandy).avi.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_9498b282333b64ec\horse fetish uncut glans (Janette,Anniston).mpg.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_515dc677700303ec\animal big glans .rar.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\black xxx lingerie licking titts lady .zip.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\Downloads\lesbian sperm big hole young .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_en-us_00f45b041e1e8fd3\chinese animal uncut sweet .rar.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_6.1.7600.16385_none_49dd84a06c7c8863\bukkake lesbian ash (Anniston,Samantha).avi.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_6208b91f46896156\bukkake gay lesbian castration .mpg.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_c26c5b8280c6af34\danish kicking xxx [bangbus] (Jade,Sarah).avi.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_aea650787d30ed8a\french gay public legs bondage .mpg.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\bukkake lesbian (Liz,Gina).zip.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_657d9a203abeb154\canadian horse full movie shower (Jade,Jenna).zip.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_095efe9c8261401e\cum girls fishy .zip.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8bfc34b93f0fdd42\cumshot horse masturbation ash (Curtney,Sarah).zip.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_a945e2c500c90142\french hardcore beastiality hidden .mpg.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_b7f38afb92de484f\fetish girls redhair .mpg.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\fucking cum lesbian .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ad7c61fb28607522\tyrkish cumshot horse girls girly (Britney,Janette).zip.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8c6fc5a7aa8c435d\black blowjob uncut .rar.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8bc7919d3f36cee7\canadian handjob big legs swallow (Anniston,Sonja).rar.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_d8216ed3d8746200\tyrkish beastiality hardcore voyeur redhair .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\brasilian action hidden legs beautyfull (Sandy,Sonja).rar.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ea4a469ab7713182\blowjob nude hidden cock leather .zip.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_cd2006602e5ee22e\asian handjob sperm full movie legs .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\german gay [free] .rar.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Windows\security\templates\spanish nude sperm full movie ash lady (Melissa).mpg.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_f3c374fc18118ca2\lesbian lesbian public (Ashley,Anniston).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\russian cumshot gay lesbian boobs .rar.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\gang bang hot (!) swallow (Melissa).avi.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\bukkake lesbian masturbation (Curtney,Tatjana).avi.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a3772de7111797da\norwegian horse voyeur .zip.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_7bfdfb15e7184c41\american gay horse hot (!) .avi.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\danish animal cumshot hot (!) .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0835101f2d90c7b6\african hardcore blowjob public swallow (Melissa,Tatjana).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5d6ada54ed6d35a2\action [bangbus] (Ashley,Gina).mpg.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe
"C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe"
C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe
"C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe"
C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe
"C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe"
C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe
"C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 155.70.85.230.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.191.121.58.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.202.11.33.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.177.59.232.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 231.95.244.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 62.46.92.237.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.84.7.131.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.96.67.234.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 128.136.241.102.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.10.100.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.182.78.143.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 144.5.221.122.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.195.118.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 186.245.134.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 51.228.151.97.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 96.21.160.213.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 96.104.38.49.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 125.133.95.33.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.146.204.171.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 223.149.118.121.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 165.226.81.53.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 144.24.8.211.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.2.180.145.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 141.51.162.71.in-addr.arpa | udp |
Files
memory/2488-0-0x0000000000400000-0x0000000000429000-memory.dmp
C:\Program Files\Windows Sidebar\Shared Gadgets\sperm lesbian lesbian upskirt (Sylvia).mpeg.exe
| MD5 | 425bf41d412edfd59d64f5aeedb4bba5 |
| SHA1 | f6c3ee1f2ca875d41d697b18bd94387051241acb |
| SHA256 | bb62fda051c4b97260583392f7479c3410cf79d6031616ff0b9e974d61009e04 |
| SHA512 | 914f5332e6bee78de4f2c78dd50d7b01b1da720126c128c722c12b8785b5a2080b23c490d2e99c7318adb3fad4d4dce15478587a8d1c3dee2a274589e515a155 |
memory/2564-14-0x0000000000400000-0x0000000000429000-memory.dmp
memory/2480-54-0x0000000000400000-0x0000000000429000-memory.dmp
memory/2564-53-0x0000000004910000-0x0000000004939000-memory.dmp
memory/2488-55-0x0000000005240000-0x0000000005269000-memory.dmp
memory/2948-56-0x0000000000400000-0x0000000000429000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-07 19:30
Reported
2024-04-07 19:33
Platform
win10v2004-20240226-en
Max time kernel
151s
Max time network
155s
Command Line
Signatures
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\FxsTmp\lingerie voyeur .rar.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\SHARED\black handjob sperm sleeping gorgeoushorny .rar.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\gay public tß (Jenna,Samantha).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\indian horse gay hidden redhair .mpg.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\japanese horse blowjob hot (!) gorgeoushorny .avi.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\SHARED\blowjob uncut hole femdom .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Windows\System32\LogFiles\Fax\Incoming\black gang bang lesbian sleeping swallow .mpg.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\american nude lesbian [milf] circumcision .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\tyrkish fetish fucking several models shoes .zip.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\swedish gang bang trambling [free] beautyfull (Anniston,Samantha).zip.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\indian animal blowjob full movie traffic (Sandy,Janette).rar.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\beastiality trambling several models .zip.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\italian porn sperm public beautyfull .rar.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\brasilian porn horse licking glans girly .avi.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\sperm sleeping (Sarah).rar.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Program Files\dotnet\shared\italian horse horse public bedroom .avi.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Program Files\Microsoft Office\Updates\Download\fucking full movie 50+ .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\tyrkish kicking sperm [free] feet (Christine,Liz).zip.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\russian action beast uncut hole 50+ .zip.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\sperm full movie fishy .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\Download\american nude lingerie licking YEâPSè& .avi.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\japanese action fucking masturbation hotel .zip.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\russian cumshot gay catfight castration .mpg.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\indian horse horse public cock (Kathrin,Liz).rar.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Shared Gadgets\fucking sleeping castration .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\fucking sleeping traffic .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Templates\american cum blowjob [bangbus] pregnant .avi.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\sperm big sm .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Microsoft Shared\russian horse fucking [bangbus] gorgeoushorny .rar.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\lingerie [bangbus] fishy .rar.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.844_none_67b5915b5651dd8a\tyrkish beastiality hardcore several models mature (Christine,Janette).rar.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..se-shared-datafiles_31bf3856ad364e35_10.0.19041.1_none_2f5f00d280dce9f6\asian fucking lesbian glans .avi.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.867_none_c29826784f9429f8\trambling big pregnant .mpg.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\american gang bang gay masturbation cock latex .avi.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.1_none_0bc0f3d4cd7dc8fd\french beast several models (Sarah).rar.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.84_none_81616275259e37fe\animal horse voyeur (Janette).mpg.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_5d54c0aac5c3c12c\american beastiality hardcore full movie girly .mpg.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.746_none_d01527cffa9c25bc\animal gay lesbian high heels .mpg.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..s-ime-eashared-ihds_31bf3856ad364e35_10.0.19041.1_none_e8996b7d3512363f\lingerie masturbation glans hotel .avi.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Windows\SoftwareDistribution\Download\SharedFileCache\japanese cumshot xxx full movie .avi.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5021dd18efc0460c\nude xxx hidden feet .rar.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.867_en-us_49453482f1fb5356\gay masturbation (Curtney).mpg.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5fdc43acc1be690d\cumshot xxx licking titts .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\Downloads\blowjob hidden sm .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\lesbian public hole redhair (Curtney).avi.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Windows\SystemResources\Windows.UI.ShellCommon\SharePickerUI\blowjob sleeping feet .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_de-de_881b257d159a5de8\italian action trambling several models feet bedroom .avi.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_f3b35d713ce0fc7f\french sperm several models feet .zip.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Windows\PLA\Templates\japanese horse lingerie girls cock bondage .avi.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_adfc5e0bfca53431\malaysia beast voyeur feet (Ashley,Samantha).zip.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_ab42fb092bda9182\french hardcore hot (!) mistress .rar.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\japanese fetish bukkake girls (Jade).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\swedish cum lesbian masturbation blondie (Sandy,Jade).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c3d467c525734eb3\lesbian full movie feet balls (Curtney).zip.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_it-it_bdb6c49fcea35732\german fucking catfight (Tatjana).avi.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Windows\assembly\tmp\lesbian sleeping cock sm (Melissa).avi.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_211cf1c632a13851\cumshot beast [milf] cock .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_en-us_310bfb76047869ad\spanish xxx [bangbus] hole shower (Tatjana).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_855aff45853749ef\horse hidden hole high heels (Jade).zip.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_9aa486d790131d4e\beast full movie swallow .mpg.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_215194e2327a46ac\indian nude horse hot (!) (Jade).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Windows\InputMethod\SHARED\bukkake public titts sweet (Samantha).rar.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_4c786ae2f508e6d5\malaysia xxx voyeur black hairunshaved (Ashley,Liz).rar.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.746_none_2212358fc33cc10f\norwegian hardcore hot (!) cock .rar.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Windows\mssrv.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\templates\lingerie uncut .zip.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_cb389cf57d74d691\spanish xxx several models (Melissa).avi.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Windows\security\templates\lesbian catfight cock latex (Curtney).mpg.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_10.0.19041.1_none_de1581e9a275faf8\fetish blowjob [bangbus] cock .zip.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\Downloads\tyrkish cumshot horse full movie feet .zip.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\italian gang bang xxx girls .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\bukkake girls (Janette).mpg.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_7860bee9439c3ae7\american nude fucking hot (!) leather .avi.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_5b152a8d329397ec\american animal beast [milf] (Curtney).rar.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_f07d4fae3e8e883f\brasilian fetish sperm big cock .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_2fe79eae2833b9b1\tyrkish cumshot fucking sleeping cock ejaculation (Samantha).avi.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_57eddd48e7a74274\canadian trambling uncut glans 40+ (Liz).rar.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\danish animal trambling catfight 40+ .zip.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.1_none_fa09f84703cb02c5\african lesbian masturbation glans blondie .avi.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\brasilian action beast big hole .rar.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.928_none_33e0d5558cdd7c61\nude bukkake sleeping hole ejaculation .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.789_en-us_58ebf9ecc407e3c0\french lesbian public titts .zip.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_1bbb9ab9fc52bac9\lesbian [bangbus] sweet .avi.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Windows\assembly\temp\swedish action beast [bangbus] hole hairy .avi.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_621728fcd3c9d5f6\beast [free] (Liz).avi.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-composable-sharepicker_31bf3856ad364e35_10.0.19041.1_none_c87e96327faffd0e\chinese beast voyeur girly .rar.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_833abdc06c68d338\african xxx [bangbus] glans upskirt .avi.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..ces-ime-eashared-lm_31bf3856ad364e35_10.0.19041.1_none_3d0229d17c310f10\canadian trambling licking hole blondie .zip.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Windows\SystemResources\Windows.ShellCommon.SharedResources\american cum bukkake voyeur feet .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\gay catfight traffic (Ashley,Curtney).avi.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Windows\CbsTemp\russian horse trambling [free] titts 50+ .zip.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_es-es_30d7585a049f5b52\chinese sperm [bangbus] (Liz).mpg.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-a..gement-uevtemplates_31bf3856ad364e35_10.0.19041.1_none_0d66b54875835a49\french bukkake licking .zip.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\italian cum fucking licking hole .avi.exe | C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe
"C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe"
C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe
"C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe"
C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe
"C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe"
C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe
"C:\Users\Admin\AppData\Local\Temp\266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 159.113.53.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.239.69.13.in-addr.arpa | udp |
Files
memory/3684-0-0x0000000000400000-0x0000000000429000-memory.dmp
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\japanese action fucking masturbation hotel .zip.exe
| MD5 | 63c0cc9974ecafe692019433da143a4a |
| SHA1 | f23c4dd0ea277e7978eeb5a004fd959bfb018b5a |
| SHA256 | 651a7e3eccbf1d2aab7c2cc42432ed10e35bc349d87c7f4bfaa215766fe178eb |
| SHA512 | 6ca50aa1db4a2a1bb5a9e822e98e338517cbb3ff69af127c37cde67769ae9351c3f682afc8d411400f0abc024e20661d5c064fdee740894db880f4d1ab8e6bfa |
memory/4680-11-0x0000000000400000-0x0000000000429000-memory.dmp
memory/2008-13-0x0000000000400000-0x0000000000429000-memory.dmp
memory/5076-14-0x0000000000400000-0x0000000000429000-memory.dmp