Analysis Overview
SHA256
426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4
Threat Level: Known bad
The file 426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4 was found to be: Known bad.
Malicious Activity Summary
UPX dump on OEP (original entry point)
UPX dump on OEP (original entry point)
Detects executables containing possible sandbox analysis VM usernames
UPX packed file
Reads user/profile data of web browsers
Checks computer location settings
Adds Run key to start application
Enumerates connected drives
Drops file in System32 directory
Drops file in Program Files directory
Drops file in Windows directory
Enumerates physical storage devices
Unsigned PE
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-07 20:28
Signatures
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-07 20:28
Reported
2024-04-07 20:30
Platform
win7-20240221-en
Max time kernel
150s
Max time network
152s
Command Line
Signatures
Detects executables containing possible sandbox analysis VM usernames
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\african lesbian full movie penetration (Sonja,Anniston).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\brasilian action voyeur boobs hairy .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\shared\norwegian lesbian licking .mpg.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\shared\handjob cumshot hidden feet .rar.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\british lesbian nude hidden ash (Anniston,Ashley).zip.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\handjob fucking several models (Curtney).zip.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\horse handjob [free] nipples .avi.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Windows\System32\LogFiles\Fax\Incoming\malaysia handjob [milf] .avi.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\gang bang hidden hole hotel .zip.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\swedish xxx [free] .avi.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\Common Files\Microsoft Shared\lesbian several models .avi.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Shared Gadgets\african fucking trambling girls 40+ (Samantha).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\spanish bukkake uncut .rar.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\cum uncut glans shower .zip.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Program Files\DVD Maker\Shared\spanish cumshot blowjob licking gorgeoushorny .mpg.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\fetish cum catfight penetration (Jenna).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\microsoft shared\italian blowjob gang bang sleeping penetration (Anniston,Liz).mpg.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\Download\norwegian kicking [milf] 40+ .mpg.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Program Files\Windows Journal\Templates\danish beast catfight nipples .avi.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\hardcore fetish masturbation hole .rar.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\swedish fucking public tÛ (Liz,Sonja).avi.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\malaysia horse [free] bedroom (Sylvia,Kathrin).zip.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\french beastiality hidden titts fishy (Janette).avi.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\chinese sperm beastiality big .rar.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\porn cum hot (!) shoes (Curtney).avi.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_aedaf3947d09fbe5\fetish [milf] .zip.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\hardcore uncut .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\Downloads\african action full movie vagina .rar.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8bc7919d3f36cee7\japanese beastiality [bangbus] girly .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_657d9a203abeb154\cum animal full movie shower .mpg.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_16a2bb1dbab1c595\italian porn masturbation .zip.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_3c93ac15fd731acf\tyrkish trambling beastiality several models legs .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_6.1.7600.16385_none_af6f98ff87b0e3cc\italian beastiality public .zip.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0993a1b8823a4e79\norwegian lingerie bukkake licking glans girly .rar.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_664dbffec8693dfe\xxx kicking public stockings (Sonja).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\trambling cum [bangbus] cock (Sonja).avi.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Windows\PLA\Templates\british animal lesbian catfight nipples .rar.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_f27c4f066f5c6701\action horse lesbian circumcision .rar.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_3d98a610fed70b75\horse sperm hot (!) .rar.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_963e6ae24c653bfe\hardcore several models cock .avi.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Windows\mssrv.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\horse fucking [free] 50+ .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Windows\winsxs\Temp\italian fucking catfight boobs .zip.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_3863e9ef3f804dd9\swedish trambling full movie ash circumcision .avi.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_aea650787d30ed8a\kicking action several models YEâPSè& .rar.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_293ea1e3e6bc5364\swedish lesbian lesbian boobs penetration (Karin).mpg.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_4fe2107fd06efdd8\hardcore hidden hairy .zip.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_6.1.7600.16385_none_6377027f0030a06a\chinese xxx uncut feet blondie .avi.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_en-us_00f45b041e1e8fd3\malaysia horse [free] feet shower .avi.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\hardcore [free] boots (Sonja).rar.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\trambling sleeping ¼ç (Curtney).avi.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5d6ada54ed6d35a2\xxx gang bang full movie .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\sperm lingerie girls latex .avi.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_6.1.7600.16385_none_a727eb798dcfb185\fucking fucking [milf] hotel .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05\spanish blowjob blowjob lesbian stockings .zip.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\blowjob lingerie [milf] boobs traffic .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\tyrkish lesbian public boobs .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Windows\assembly\temp\brasilian kicking full movie nipples leather .mpg.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_4d274741486b900c\canadian cumshot girls castration .avi.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\norwegian trambling bukkake hot (!) legs pregnant (Jenna).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_94828572f7ddbf0f\sperm hardcore hidden legs latex (Sonja).rar.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_39c9d74ef2ad6c7b\japanese blowjob girls .rar.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_cd2006602e5ee22e\lingerie lesbian nipples bondage (Sonja,Sylvia).avi.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_dd18b2a07d49aa11\canadian bukkake gang bang [milf] high heels .mpg.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ea4a469ab7713182\russian porn horse masturbation cock shoes .zip.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_6208b91f46896156\russian porn horse voyeur 40+ .avi.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_1412267f4b3bb985\german trambling [milf] black hairunshaved (Liz).avi.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ad7c61fb28607522\american gay masturbation sm .mpg.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_d8216ed3d8746200\african beastiality gang bang lesbian .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_ddab3bcb3a4ffb45\cum full movie cock sweet .rar.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\chinese cum several models bondage .zip.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_00225053e03f4c04\horse handjob [free] (Sonja,Gina).rar.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_6.1.7600.16385_none_2958d4a31d2ec64f\action xxx [free] .rar.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_a945e2c500c90142\swedish fetish sperm big .zip.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_5e4ff1f4cf2dee9b\black bukkake action [free] mature .rar.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\nude several models ash Ôë (Gina,Sonja).rar.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_2e7f079c3208e549\canadian horse full movie blondie .zip.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_f0ca3430257ea13f\canadian blowjob full movie ash .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0ac4ebfc358e5ec0\xxx full movie boots .mpg.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ac16749b75335680\beast cum voyeur .rar.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_7f84cd98a7a56fd8\french action xxx lesbian boobs (Britney,Liz).avi.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Windows\security\templates\indian beast catfight ash .avi.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_bcc167434bb9b3ea\swedish trambling sperm [free] hairy .zip.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_c26c5b8280c6af34\japanese gang bang [free] glans (Christine,Anniston).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_3b85bcbe4734e96a\spanish lingerie hot (!) (Tatjana).rar.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\Downloads\asian xxx girls .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Windows\SoftwareDistribution\Download\japanese horse fetish catfight vagina .avi.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8c6fc5a7aa8c435d\action [milf] .avi.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\malaysia bukkake gang bang [free] vagina .zip.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe
"C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe"
C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe
"C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe"
C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe
"C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 213.22.4.39.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.93.9.79.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.130.87.226.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.53.227.143.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.33.66.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.43.193.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 224.225.88.251.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.81.48.254.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.57.45.155.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.97.42.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.232.78.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.223.66.25.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.168.211.101.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.40.42.15.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 174.166.247.47.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 160.146.74.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.93.196.148.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.30.109.85.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.125.202.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.62.76.203.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.36.55.243.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.135.89.203.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 243.163.73.116.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 148.60.98.83.in-addr.arpa | udp |
Files
memory/2168-0-0x0000000000400000-0x000000000041C000-memory.dmp
C:\Program Files\Windows Sidebar\Shared Gadgets\african fucking trambling girls 40+ (Samantha).mpeg.exe
| MD5 | 92dfba0c112e45df1ce9c2678249337f |
| SHA1 | aee3e67e63278ee5f65db861c170cfe0e614a1e8 |
| SHA256 | 3a776e9b4edd824b12a67a19db8cfeb5d9dbb505a0ecee447da12f2c28f9c2de |
| SHA512 | e9df68870488e528b95722469fa5486463d247c5cf752d76f5081ca9dcd288170f9c76ad6a0f3135a4352895e640e2fee62633714439531d24d5b731afccc830 |
memory/2676-21-0x0000000000400000-0x000000000041C000-memory.dmp
memory/2676-62-0x00000000047D0000-0x00000000047EC000-memory.dmp
memory/2456-63-0x0000000000400000-0x000000000041C000-memory.dmp
memory/2168-87-0x0000000000400000-0x000000000041C000-memory.dmp
memory/2676-88-0x0000000000400000-0x000000000041C000-memory.dmp
memory/2168-90-0x0000000000400000-0x000000000041C000-memory.dmp
memory/2168-91-0x00000000057E0000-0x00000000057FC000-memory.dmp
memory/2168-92-0x0000000000400000-0x000000000041C000-memory.dmp
memory/2676-96-0x00000000047D0000-0x00000000047EC000-memory.dmp
memory/2168-97-0x0000000000400000-0x000000000041C000-memory.dmp
C:\debug.txt
| MD5 | d167532ba9adcc3543c3dc0900e1b973 |
| SHA1 | 3c167ee1d797aecac521af2edfcb767402b3e0ce |
| SHA256 | 297444b13ef262c5011738a4ef5f99735a2069f3dabdc816525693f97bc425e8 |
| SHA512 | 455f716d97f4cce2c777d62326f6bdc7d89400af8340752b9b9e921732e822e9567eeda33c2ee8495e1252f48f783391925f6f504c6afb0762f37c0f388d8957 |
memory/2168-110-0x0000000000400000-0x000000000041C000-memory.dmp
memory/2168-113-0x0000000000400000-0x000000000041C000-memory.dmp
memory/2168-116-0x0000000000400000-0x000000000041C000-memory.dmp
memory/2168-119-0x0000000000400000-0x000000000041C000-memory.dmp
memory/2168-122-0x0000000000400000-0x000000000041C000-memory.dmp
memory/2168-127-0x0000000000400000-0x000000000041C000-memory.dmp
memory/2168-130-0x0000000000400000-0x000000000041C000-memory.dmp
memory/2168-133-0x0000000000400000-0x000000000041C000-memory.dmp
memory/2168-136-0x0000000000400000-0x000000000041C000-memory.dmp
memory/2168-139-0x0000000000400000-0x000000000041C000-memory.dmp
memory/2168-142-0x0000000000400000-0x000000000041C000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-07 20:28
Reported
2024-04-07 20:30
Platform
win10v2004-20231215-en
Max time kernel
150s
Max time network
152s
Command Line
Signatures
Detects executables containing possible sandbox analysis VM usernames
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\trambling beast [bangbus] swallow (Kathrin).mpg.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\animal action [free] shoes .zip.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\trambling beastiality girls (Sonja,Sandy).rar.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Windows\System32\LogFiles\Fax\Incoming\action fucking girls boots (Jade).rar.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\beastiality hot (!) sm (Anniston).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\fetish catfight pregnant .avi.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\tyrkish sperm lingerie girls girly .rar.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\danish lingerie lesbian girls balls .rar.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\SHARED\hardcore gay catfight lady .avi.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\french gay full movie .avi.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\lesbian kicking girls shower (Anniston).rar.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\SHARED\russian gang bang lesbian 40+ .mpg.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\Common Files\microsoft shared\lesbian several models .avi.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Program Files\dotnet\shared\spanish cumshot blowjob licking gorgeoushorny .mpg.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Shared Gadgets\spanish bukkake uncut .rar.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\Download\malaysia horse [free] bedroom (Sylvia,Kathrin).zip.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\norwegian action catfight vagina (Jenna).rar.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\japanese trambling gay [milf] .avi.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\african fucking trambling girls 40+ (Samantha).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\hardcore fetish masturbation hole .rar.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Program Files\Microsoft Office\Updates\Download\norwegian kicking [milf] 40+ .mpg.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\british sperm bukkake catfight boots .zip.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\fetish cum catfight penetration (Jenna).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\italian blowjob gang bang sleeping penetration (Anniston,Liz).mpg.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\swedish fucking public ΋ (Liz,Sonja).avi.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\chinese sperm beastiality big .rar.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\cum uncut glans shower .zip.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Templates\danish beast catfight nipples .avi.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\french beastiality hidden titts fishy (Janette).avi.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Microsoft Shared\porn cum hot (!) shoes (Curtney).avi.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_bca64d70c79f104b\gay hardcore lesbian .avi.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_10.0.19041.1_none_bd731e5b85dd203e\russian cum lingerie public 50+ .rar.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\templates\action fucking several models (Sylvia).rar.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_ab42fb092bda9182\african cumshot animal public young (Curtney,Christine).mpg.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_fd7349c396c417ae\russian kicking porn several models vagina .rar.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_it-it_f1a0741e853eda74\american fucking girls leather (Melissa).rar.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx-aspnet-sharedcomponents_b03f5f7f11d50a3a_4.0.19041.1_none_47ca94859da20b28\japanese gang bang gang bang full movie boots .zip.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_2610450c30b37cc4\hardcore catfight lady .mpg.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Windows\WinSxS\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_10.0.19041.1_none_a723631dce180fe0\fucking sperm licking upskirt (Christine).rar.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\Downloads\chinese horse beastiality masturbation boobs mistress .mpg.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..s-ime-eashared-ihds_31bf3856ad364e35_10.0.19041.1_none_e8996b7d3512363f\japanese lesbian [free] nipples .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.746_none_d404daff82e97769\british porn girls .mpg.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_3058d81cfd5218f2\norwegian lingerie beast hot (!) glans penetration .mpg.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1_none_a23e6a858fad9595\animal catfight penetration .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\japanese blowjob masturbation .mpg.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_10.0.19041.746_none_e2c6a972a81b8d2c\japanese lesbian hot (!) hole mature (Anniston,Jenna).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-update-upshared_31bf3856ad364e35_10.0.19041.84_none_85259eff919b7c9e\chinese horse handjob full movie legs .avi.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_es-es_e5c3ad79c4e34ebb\asian sperm hidden titts .rar.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.84_none_81616275259e37fe\horse uncut bedroom .rar.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_215194e2327a46ac\brasilian porn xxx uncut hole .rar.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_621728fcd3c9d5f6\kicking masturbation wifey (Gina,Gina).avi.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\british lingerie trambling sleeping femdom .avi.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_de-de_16bd831fd16633be\russian nude fetish hot (!) ash .rar.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_en-us_e5f85095c4bc5d16\italian gay nude [free] glans high heels .rar.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.746_none_b53f8b98f2b3a373\gay blowjob lesbian castration (Sonja).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.1_none_0bc0f3d4cd7dc8fd\british horse masturbation .rar.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_es-es_30d7585a049f5b52\japanese beast uncut (Sandy).mpg.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.1_none_a80cea873b2a6772\spanish xxx hardcore masturbation hole .rar.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-sx-shared_31bf3856ad364e35_10.0.19041.1_none_f8e978b0ed48a6bb\norwegian horse animal girls (Britney,Sarah).avi.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5021dd18efc0460c\black gang bang cumshot [milf] boobs ash .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_19d22204a1f3fcaf\sperm horse sleeping glans lady .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_10.0.19041.1_none_0341fea186758116\brasilian horse blowjob licking shoes .rar.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx-shared_registry_whidbey_31bf3856ad364e35_10.0.19041.1_none_1c68775f06732f08\blowjob fucking uncut shower (Sonja,Sarah).mpg.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_5d54c0aac5c3c12c\lesbian licking ash shower .avi.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Windows\assembly\temp\african action handjob masturbation boobs .mpg.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_it-it_4c5922428a6f2d08\indian cum porn hidden hairy (Sonja).mpg.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_6c6bd34f082a97f1\indian beastiality sperm full movie swallow .rar.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.746_none_de598551b74a3964\porn cum hot (!) young (Jenna,Janette).rar.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\italian fetish several models (Sandy).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-u..tyvm-sysprep-shared_31bf3856ad364e35_10.0.19041.1_none_3ba048793ab5eb3f\sperm fetish [milf] gorgeoushorny .rar.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_es-es_8da1621e0a800290\british beast cumshot [bangbus] .zip.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_de-de_3d077a9cd5de5151\asian lingerie sperm [free] penetration .rar.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-update-upshared_31bf3856ad364e35_10.0.19041.1151_none_025296d718a7b3a8\xxx several models .zip.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-w..acejoin-gptemplates_31bf3856ad364e35_10.0.19041.1_none_609f27436445f4da\trambling public titts Ôï .avi.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Windows\InputMethod\SHARED\malaysia beastiality cum big .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_en-us_64f5aaf4bb13ecef\italian beastiality lesbian feet pregnant .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1288_none_6115038ba57fcb33\danish xxx lesbian big femdom .avi.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_de-de_881b257d159a5de8\spanish gang bang handjob [free] ash .rar.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-s..mon-sharedresources_31bf3856ad364e35_10.0.19041.1_none_5417ea1f38dbb76b\lingerie full movie (Curtney,Jenna).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-t..ervices-tsfairshare_31bf3856ad364e35_10.0.19041.746_none_0b33a1c93a22de1c\fetish fucking girls .mpg.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx4-installsqlstatetemplate_sql_b03f5f7f11d50a3a_4.0.15805.0_none_7636d1cd418015c8\animal [bangbus] high heels .zip.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.1266_none_7916f7558927ae23\indian hardcore nude lesbian YEâPSè& (Gina,Gina).rar.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.789_en-us_58ebf9ecc407e3c0\brasilian animal cumshot sleeping .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\cumshot [milf] vagina (Curtney,Gina).mpg.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-composable-sharepicker_31bf3856ad364e35_10.0.19041.1_none_c87e96327faffd0e\gang bang gay hot (!) ash penetration .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_it-it_bdb6c49fcea35732\fetish cumshot [milf] nipples beautyfull (Ashley,Jade).avi.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\fetish big .mpg.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_de-de_bc04d4fbcc35e12a\swedish gang bang fucking catfight nipples sm .zip.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_67a96afcfa248327\french bukkake masturbation ejaculation .mpg.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_fe0807c37141be7a\tyrkish lingerie hot (!) cock .rar.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.906_none_f962ab5f47e1e896\beast voyeur traffic .zip.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_5abbd3c4a3f2014c\chinese lingerie animal sleeping girly (Jenna,Kathrin).mpg.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1202_none_e2f5ebbcec2d8fca\african gay full movie feet .rar.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_10.0.19041.1_none_de1581e9a275faf8\fetish cumshot full movie swallow (Tatjana,Kathrin).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe
"C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe"
C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe
"C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe"
C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe
"C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe"
C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe
"C:\Users\Admin\AppData\Local\Temp\426926d985d5b22b2916d8344257108460d5a83672f3bbecd3b55c5877496ee4.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.204.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 159.113.53.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.185.23.127.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.56.20.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.234.118.182.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 125.59.213.7.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.195.165.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 116.248.74.112.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 222.90.78.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.114.89.143.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.8.151.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.112.23.31.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.245.204.137.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.115.209.252.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 251.7.16.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 223.84.18.250.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 250.88.33.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.228.199.5.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.175.102.194.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.28.208.235.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.178.215.197.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.207.173.227.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 189.62.218.235.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.34.150.165.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.228.71.181.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 37.35.214.161.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.35.54.122.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.72.79.78.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.37.226.49.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 143.242.87.107.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.113.15.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 239.170.47.203.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 188.191.61.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.130.113.234.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 215.127.76.137.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.212.204.118.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 7.70.74.195.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.110.188.158.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.132.180.6.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.100.227.170.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.9.249.194.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 170.103.182.131.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 190.245.250.65.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.238.180.106.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.93.253.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.45.122.75.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.49.173.25.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.31.252.81.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 230.140.47.188.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.143.135.245.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.178.23.127.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 151.22.179.126.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 214.145.174.39.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.131.255.234.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 85.178.234.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.69.31.148.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 207.150.127.131.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.244.216.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 188.194.197.126.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 112.191.244.250.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.59.193.138.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 148.34.100.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.85.123.38.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.217.187.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 251.212.124.72.in-addr.arpa | udp |
Files
memory/2280-0-0x0000000000400000-0x000000000041C000-memory.dmp
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\african fucking trambling girls 40+ (Samantha).mpeg.exe
| MD5 | 92dfba0c112e45df1ce9c2678249337f |
| SHA1 | aee3e67e63278ee5f65db861c170cfe0e614a1e8 |
| SHA256 | 3a776e9b4edd824b12a67a19db8cfeb5d9dbb505a0ecee447da12f2c28f9c2de |
| SHA512 | e9df68870488e528b95722469fa5486463d247c5cf752d76f5081ca9dcd288170f9c76ad6a0f3135a4352895e640e2fee62633714439531d24d5b731afccc830 |
memory/1756-163-0x0000000000400000-0x000000000041C000-memory.dmp
memory/3276-167-0x0000000000400000-0x000000000041C000-memory.dmp
memory/2280-183-0x0000000000400000-0x000000000041C000-memory.dmp
memory/4068-184-0x0000000000400000-0x000000000041C000-memory.dmp
memory/1756-185-0x0000000000400000-0x000000000041C000-memory.dmp
memory/2280-188-0x0000000000400000-0x000000000041C000-memory.dmp
memory/2280-189-0x0000000000400000-0x000000000041C000-memory.dmp
memory/2280-195-0x0000000000400000-0x000000000041C000-memory.dmp
memory/2280-205-0x0000000000400000-0x000000000041C000-memory.dmp
memory/2280-209-0x0000000000400000-0x000000000041C000-memory.dmp
memory/2280-214-0x0000000000400000-0x000000000041C000-memory.dmp
memory/2280-218-0x0000000000400000-0x000000000041C000-memory.dmp
memory/2280-222-0x0000000000400000-0x000000000041C000-memory.dmp
memory/2280-226-0x0000000000400000-0x000000000041C000-memory.dmp
memory/2280-230-0x0000000000400000-0x000000000041C000-memory.dmp
memory/2280-234-0x0000000000400000-0x000000000041C000-memory.dmp
memory/2280-238-0x0000000000400000-0x000000000041C000-memory.dmp
memory/2280-242-0x0000000000400000-0x000000000041C000-memory.dmp
memory/2280-246-0x0000000000400000-0x000000000041C000-memory.dmp