Analysis Overview
SHA256
20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b
Threat Level: Known bad
The file 20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b was found to be: Known bad.
Malicious Activity Summary
UPX dump on OEP (original entry point)
Detects executables containing possible sandbox analysis VM usernames
UPX dump on OEP (original entry point)
Reads user/profile data of web browsers
Checks computer location settings
Enumerates connected drives
Adds Run key to start application
Drops file in System32 directory
Drops file in Program Files directory
Drops file in Windows directory
Unsigned PE
Enumerates physical storage devices
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-03 19:20
Signatures
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-03 19:19
Reported
2024-04-03 19:22
Platform
win7-20240221-en
Max time kernel
150s
Max time network
154s
Command Line
Signatures
Detects executables containing possible sandbox analysis VM usernames
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\System32\DriverStore\Temp\chinese cum cum girls cock castration .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\tyrkish lesbian [free] redhair .rar.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\shared\swedish bukkake porn lesbian bondage .mpg.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\lingerie lesbian black hairunshaved (Ashley,Melissa).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\african horse action uncut granny .mpg.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\french trambling bukkake lesbian (Ashley).mpg.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\norwegian nude big (Britney).rar.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Windows\System32\LogFiles\Fax\Incoming\gang bang fucking lesbian feet .avi.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\black lingerie hidden femdom .mpg.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\shared\danish hardcore masturbation .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\lingerie gay lesbian vagina redhair .rar.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\black porn porn masturbation sm .avi.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\asian horse gay licking (Gina).mpg.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\asian bukkake porn voyeur hairy .mpg.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\sperm sperm catfight glans 50+ .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\canadian horse cum lesbian .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\italian kicking public ash (Liz).zip.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\bukkake horse lesbian boobs .avi.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\beastiality horse [bangbus] .rar.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Program Files\DVD Maker\Shared\fucking lesbian boobs wifey .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Shared Gadgets\gay lesbian boobs upskirt (Sonja).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\Download\kicking sleeping young (Melissa,Samantha).zip.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\fucking kicking several models femdom .mpg.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Program Files\Windows Journal\Templates\cumshot animal masturbation .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\microsoft shared\sperm catfight (Janette,Anniston).mpg.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\canadian hardcore kicking masturbation boobs .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ad7c61fb28607522\spanish hardcore full movie feet sweet .avi.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Windows\winsxs\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_6b16fa9f975e1109\trambling lesbian balls .rar.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_963e6ae24c653bfe\german handjob lesbian .zip.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_94ab98ac6d213009\asian cumshot animal [bangbus] sweet .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e30b5ec05031d17d\african sperm beastiality [bangbus] .zip.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_6.1.7600.16385_none_2958d4a31d2ec64f\italian hardcore nude hot (!) ash .zip.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_f27c4f066f5c6701\porn lingerie hot (!) .zip.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\cum catfight (Sandy).rar.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8bfc34b93f0fdd42\swedish cumshot big feet redhair (Sonja).rar.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-m..-temptable-provider_31bf3856ad364e35_6.1.7600.16385_none_1dd3ce8d1e7524cd\kicking beastiality catfight ejaculation (Kathrin).zip.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_94828572f7ddbf0f\asian trambling masturbation upskirt (Sonja,Sonja).zip.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_de-de_5803850b2f40840e\fetish [bangbus] .mpg.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0993a1b8823a4e79\swedish gang bang licking (Sonja,Anniston).avi.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_5e4ff1f4cf2dee9b\danish lesbian beast hot (!) .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\Downloads\brasilian fucking hardcore licking (Ashley).avi.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_6f0f7833cb71e18d\lingerie lesbian girls (Jade,Sonja).rar.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_34400a5790d1d336\beast horse hot (!) beautyfull .zip.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_2e7f079c3208e549\horse hot (!) nipples .rar.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_cd2006602e5ee22e\swedish cumshot public pregnant .rar.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\gang bang beastiality full movie vagina sm (Britney,Christine).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_d81c96999f75bd77\japanese horse licking ìï .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_657d9a203abeb154\malaysia action voyeur ash .zip.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0835101f2d90c7b6\beast fetish voyeur .zip.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_095efe9c8261401e\canadian cum [milf] nipples 40+ .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_en-us_00f45b041e1e8fd3\american handjob uncut hairy .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\cumshot gay lesbian (Jenna).avi.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_05ea1d9b8e2bf020\tyrkish fucking hot (!) mature .mpg.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_aedaf3947d09fbe5\cum horse uncut shoes .avi.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8c6fc5a7aa8c435d\british horse gay masturbation hole .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_6.1.7600.16385_none_49dd84a06c7c8863\canadian cum trambling masturbation (Curtney).mpg.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_16a2bb1dbab1c595\beast public (Liz,Samantha).mpg.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_d8216ed3d8746200\brasilian lesbian animal full movie .mpg.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_99b74194b7347cab\sperm full movie .avi.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_c26c5b8280c6af34\cum [free] ash stockings (Kathrin,Britney).mpg.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ac16749b75335680\fucking hidden hole .zip.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_7f84cd98a7a56fd8\german porn big vagina YEâPSè& .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Windows\Downloaded Program Files\spanish handjob horse [milf] swallow (Sonja,Karin).mpg.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\sperm [bangbus] glans .avi.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\beastiality blowjob hot (!) legs shower .rar.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Windows\assembly\tmp\cumshot horse catfight (Samantha,Jenna).avi.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\fucking handjob hot (!) (Samantha,Tatjana).mpg.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Windows\SoftwareDistribution\Download\handjob handjob lesbian mature (Tatjana,Sonja).zip.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_664dbffec8693dfe\danish horse hidden .rar.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_65b23d3c3a97bfaf\cumshot lesbian .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5d6ada54ed6d35a2\action beast full movie boobs .zip.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8bc7919d3f36cee7\swedish lesbian [milf] boobs .zip.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_6208b91f46896156\handjob licking YEâPSè& (Sonja).avi.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_6.1.7600.16385_none_af6f98ff87b0e3cc\swedish trambling fetish [milf] ash .avi.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_dba3691c6002e10e\american hardcore gang bang [bangbus] hairy .zip.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_3c93ac15fd731acf\beastiality nude [free] legs .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\tyrkish gang bang hidden boobs lady .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5d9f7d70ed4643fd\indian animal beastiality [free] .rar.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_515dc677700303ec\porn horse licking granny .mpg.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Windows\PLA\Templates\tyrkish kicking licking ash (Gina).zip.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ea4a469ab7713182\indian blowjob big traffic (Tatjana).mpg.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2fc4a33adb648f33\animal cumshot lesbian legs leather (Samantha).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0ac4ebfc358e5ec0\american bukkake beast public .mpg.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_1412267f4b3bb985\sperm cum voyeur .rar.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_dd18b2a07d49aa11\asian cum xxx full movie legs traffic .avi.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Windows\assembly\temp\british cumshot gang bang hidden feet gorgeoushorny .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\black lesbian fetish hidden boobs circumcision .zip.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_9498b282333b64ec\british beastiality bukkake sleeping wifey .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_3863e9ef3f804dd9\swedish fetish catfight fishy .avi.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe
"C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe"
C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe
"C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe"
C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe
"C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe"
C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe
"C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 102.185.140.165.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.173.211.106.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 127.138.163.171.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 235.165.59.94.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.157.148.189.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.108.69.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.214.193.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.252.131.137.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 224.124.74.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.64.3.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 215.114.197.16.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.193.59.90.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 182.34.230.29.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.113.221.24.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.10.233.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 170.233.100.70.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 191.251.220.106.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.159.31.53.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 54.244.155.83.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.126.15.189.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.81.17.237.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.244.28.59.in-addr.arpa | udp |
Files
memory/1336-0-0x0000000000400000-0x000000000041C000-memory.dmp
C:\Program Files\Windows Sidebar\Shared Gadgets\gay lesbian boobs upskirt (Sonja).mpeg.exe
| MD5 | a56d90f66d9c19abf93980bd7a89861c |
| SHA1 | af097cb8d7eaa3b013200eb497c55f72b9fabe0b |
| SHA256 | 25511b47cc77c70ea9193304ff465d13d7d08449074a388cf7839792c6cd2351 |
| SHA512 | 55d45a5af54148408e44295403eab082aa9112edd1dad2fb5b5a8e0151b103a020e2d682c4d354e43b54685ce08c7f6fd3ff4943d3ab4ab808a2764bdbe8a5f8 |
memory/1336-15-0x0000000004EF0000-0x0000000004F0C000-memory.dmp
memory/2460-16-0x0000000000400000-0x000000000041C000-memory.dmp
memory/2460-54-0x00000000045C0000-0x00000000045DC000-memory.dmp
memory/2408-55-0x0000000000400000-0x000000000041C000-memory.dmp
memory/1336-56-0x0000000004F00000-0x0000000004F1C000-memory.dmp
memory/2356-57-0x0000000000400000-0x000000000041C000-memory.dmp
memory/1336-92-0x0000000000400000-0x000000000041C000-memory.dmp
memory/2460-93-0x0000000000400000-0x000000000041C000-memory.dmp
memory/2356-95-0x0000000000400000-0x000000000041C000-memory.dmp
memory/1336-96-0x0000000000400000-0x000000000041C000-memory.dmp
memory/1336-97-0x0000000000400000-0x000000000041C000-memory.dmp
memory/1336-99-0x0000000004EF0000-0x0000000004F0C000-memory.dmp
memory/1336-103-0x0000000000400000-0x000000000041C000-memory.dmp
memory/1336-117-0x0000000000400000-0x000000000041C000-memory.dmp
memory/1336-121-0x0000000000400000-0x000000000041C000-memory.dmp
memory/1336-125-0x0000000000400000-0x000000000041C000-memory.dmp
memory/1336-129-0x0000000000400000-0x000000000041C000-memory.dmp
memory/1336-133-0x0000000000400000-0x000000000041C000-memory.dmp
memory/1336-139-0x0000000000400000-0x000000000041C000-memory.dmp
memory/1336-143-0x0000000000400000-0x000000000041C000-memory.dmp
memory/1336-147-0x0000000000400000-0x000000000041C000-memory.dmp
memory/1336-151-0x0000000000400000-0x000000000041C000-memory.dmp
memory/1336-155-0x0000000000400000-0x000000000041C000-memory.dmp
memory/1336-159-0x0000000000400000-0x000000000041C000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-03 19:19
Reported
2024-04-03 19:22
Platform
win10v2004-20240226-en
Max time kernel
150s
Max time network
151s
Command Line
Signatures
Detects executables containing possible sandbox analysis VM usernames
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\blowjob action hot (!) .mpg.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\japanese cum handjob masturbation glans (Sylvia,Sonja).rar.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\african lesbian [free] (Tatjana,Karin).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\SHARED\horse public redhair (Sandy,Tatjana).avi.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\porn [bangbus] tß (Karin).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\norwegian handjob porn catfight sweet (Tatjana).zip.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\beastiality girls nipples fishy (Curtney,Sonja).avi.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\SHARED\lesbian big .rar.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\handjob voyeur .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\lesbian xxx sleeping legs (Anniston,Janette).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Windows\System32\LogFiles\Fax\Incoming\indian bukkake cum girls .zip.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\cumshot sleeping ash .avi.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\handjob licking swallow .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Shared Gadgets\gang bang beast hidden .rar.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\german cumshot nude voyeur traffic (Sylvia,Karin).mpg.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\porn uncut gorgeoushorny .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\german sperm action sleeping cock .rar.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\tyrkish blowjob sleeping nipples ejaculation .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\british handjob [milf] glans .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Program Files\dotnet\shared\tyrkish cumshot full movie nipples young (Janette).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Microsoft Shared\black trambling porn several models legs sweet .mpg.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\gay voyeur hotel (Jade,Melissa).rar.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\norwegian cumshot action masturbation .mpg.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\gay fetish masturbation .avi.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\italian trambling hot (!) hotel .mpg.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\beastiality hot (!) .rar.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\asian blowjob lesbian voyeur redhair .rar.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\Download\cum fetish hidden fishy .avi.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Templates\fucking [free] .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Program Files\Microsoft Office\Updates\Download\german trambling public gorgeoushorny .rar.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SystemResources\Windows.ShellCommon.SharedResources\trambling horse masturbation glans .zip.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_621728fcd3c9d5f6\danish bukkake lingerie girls legs .mpg.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.867_none_c29826784f9429f8\sperm hidden .zip.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx-shared_registry_whidbey_31bf3856ad364e35_10.0.19041.1_none_1c68775f06732f08\handjob beastiality hidden beautyfull .mpg.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_d58d4747b1d5988c\brasilian kicking lingerie big boobs .mpg.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.1266_none_7916f7558927ae23\chinese beastiality hot (!) glans .mpg.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_2610450c30b37cc4\canadian sperm gang bang hot (!) wifey .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-security-ntlmshared_31bf3856ad364e35_10.0.19041.1_none_7d9dab4e456449b1\canadian action [bangbus] (Liz).zip.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.84_none_cee95e04c201c860\gay gang bang [free] mistress .avi.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_10.0.19041.1_none_de1581e9a275faf8\norwegian fetish action hot (!) feet granny .rar.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Windows\WinSxS\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_10.0.19041.1_none_4ab14109a3e1e067\black fetish several models sweet .avi.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.1_none_c6da8048542fddc7\russian hardcore horse big black hairunshaved .zip.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_10.0.19041.1_none_ee94ce5eb8e7e4c0\tyrkish nude bukkake catfight bondage .mpg.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Windows\WinSxS\msil_microsoft.powershel..filedownloadmanager_31bf3856ad364e35_10.0.19041.1_none_cb69bad627df9263\american kicking lesbian hidden ash .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_67a96afcfa248327\kicking [bangbus] black hairunshaved .mpg.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.546_none_cd016aa683e5a345\blowjob [bangbus] (Jenna).zip.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\canadian horse cumshot hot (!) .rar.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_ab42fb092bda9182\french animal sperm sleeping feet castration (Jenna,Melissa).avi.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-m..ineshared.resources_31bf3856ad364e35_10.0.19041.1_en-us_99ddc8ce8d3d6dac\trambling cum sleeping hole 40+ .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_es-es_c9ce604ef4cbf323\horse hot (!) (Britney,Kathrin).mpg.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_it-it_1a80ce63d483fe70\lingerie lesbian uncut high heels (Sandy).mpg.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Windows\mssrv.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Windows\PLA\Templates\asian horse full movie black hairunshaved .rar.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_2fe79eae2833b9b1\gay gay licking leather .zip.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_es-es_bf79b5fcc06b3128\italian sperm lesbian mistress .mpg.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-s..mon-sharedresources_31bf3856ad364e35_10.0.19041.1_none_5417ea1f38dbb76b\lingerie licking nipples granny (Christine).mpg.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.1_none_a7ad1894592cfa12\cumshot horse uncut (Tatjana,Melissa).rar.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-t..ervices-tsfairshare_31bf3856ad364e35_10.0.19041.1_none_e32b64807ab11fd2\black hardcore action masturbation young (Curtney).mpg.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-m..ineshared.resources_31bf3856ad364e35_10.0.19041.1_en-us_a4327320c19e2fa7\french porn cum girls vagina black hairunshaved .mpg.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_es-es_30d7585a049f5b52\chinese horse cumshot hidden bondage (Janette).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_5b152a8d329397ec\british horse lesbian high heels (Jenna).avi.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_10.0.19041.1_none_bd731e5b85dd203e\xxx licking bedroom (Sandy).zip.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-t..ervices-tsfairshare_31bf3856ad364e35_10.0.19041.746_none_0b33a1c93a22de1c\chinese sperm bukkake [bangbus] .avi.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_56cd15352969a8d0\british cum action hot (!) .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1288_none_6115038ba57fcb33\german lesbian lingerie sleeping balls .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_en-us_310bfb76047869ad\sperm bukkake hidden wifey .zip.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_cb389cf57d74d691\fucking xxx [milf] traffic (Jade,Sonja).zip.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1_none_0b596e2a33be7d4c\canadian action licking YEâPSè& .rar.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.746_none_d404daff82e97769\italian bukkake horse voyeur (Anniston,Curtney).rar.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_it-it_f1a0741e853eda74\beastiality beastiality [free] redhair (Tatjana).rar.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_62312bfbb33d478a\brasilian handjob catfight stockings (Sylvia).rar.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_19d22204a1f3fcaf\kicking fucking several models titts (Tatjana).rar.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-u..ell-sharedutilities_31bf3856ad364e35_10.0.19041.1_none_813610a8a9b59e0a\indian cum [free] .avi.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_en-us_8dd6053a0a5910eb\fucking action uncut hole .mpg.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.746_none_a06b29f6c4bab99e\cum full movie .zip.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_it-it_bdb6c49fcea35732\swedish bukkake cumshot lesbian ash mistress .zip.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_855aff45853749ef\german cumshot gay licking wifey .avi.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_fd7349c396c417ae\french animal full movie penetration (Sandy,Sonja).zip.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_10.0.19041.1_none_359f84f8e5af60e2\kicking handjob uncut 50+ .mpg.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5fdc43acc1be690d\cum kicking lesbian ash .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_es-es_64c107d8bb3ade94\action hidden legs .mpg.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_93c5f32b7859ec4f\black bukkake hot (!) (Sarah,Christine).zip.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedrealitysvc_31bf3856ad364e35_10.0.19041.1_none_5a23b464e1e0b15e\russian lesbian sleeping mistress .mpg.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\japanese hardcore xxx [bangbus] glans (Sylvia).rar.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.1_none_d12f2a9a88909fc2\swedish beast catfight gorgeoushorny .rar.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Windows\SoftwareDistribution\Download\SharedFileCache\black porn beastiality [free] (Ashley,Anniston).avi.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.867_en-us_49453482f1fb5356\russian fucking fetish several models feet .mpg.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.964_none_1c1a193f5bfcf136\danish handjob lesbian blondie .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-security-ntlmshared_31bf3856ad364e35_10.0.19041.1_none_734900fc110387b6\chinese gay full movie titts .avi.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_10.0.19041.1_none_01240756137c3159\spanish horse gang bang full movie (Samantha).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d38ece58f77171b4\malaysia hardcore licking vagina .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-a..gement-uevtemplates_31bf3856ad364e35_10.0.19041.1_none_0d66b54875835a49\bukkake [milf] mistress (Ashley,Karin).zip.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.1_none_abfc9db6c377b91f\italian cum hot (!) balls (Karin,Jenna).rar.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_07787dd7ae0cf4f6\canadian beastiality uncut leather .mpg.exe | C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe
"C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe"
C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe
"C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe"
C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe
"C:\Users\Admin\AppData\Local\Temp\20becae7e56f7ff390ef06a07762528dd0251c98fb9f368e4aef42228079894b.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.108.222.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 213.122.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.84.103.247.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.63.88.221.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.207.244.81.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.124.26.213.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 123.201.72.155.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 231.6.154.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.31.121.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.115.211.28.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.137.102.245.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.21.166.148.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 47.122.103.177.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.66.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 243.173.68.83.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.195.136.82.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.244.236.75.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.89.115.53.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.254.142.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 148.126.144.62.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 187.20.125.196.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.249.195.133.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.147.143.188.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.137.23.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.123.68.187.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 147.135.15.17.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.44.43.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.220.111.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 164.3.216.156.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 142.204.197.239.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 213.19.56.29.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 204.124.144.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.72.40.36.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 141.146.203.41.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.148.92.210.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.81.204.255.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.241.118.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.27.24.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.33.112.144.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 118.246.84.167.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.28.120.195.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 153.219.63.250.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.209.16.126.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.227.9.227.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 204.248.16.174.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 60.107.195.230.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.152.117.158.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.101.126.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 247.139.28.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.205.112.59.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 201.152.182.60.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.239.167.252.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 38.192.57.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 54.70.161.238.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 189.1.119.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.21.229.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 85.65.42.20.in-addr.arpa | udp |
Files
memory/3160-0-0x0000000000400000-0x000000000041C000-memory.dmp
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\handjob licking swallow .mpeg.exe
| MD5 | 7da2e26ff2ae70eb8ca6b2541d47603a |
| SHA1 | 26c72634af55d12f9887ef57c704c7f074109de3 |
| SHA256 | 7f115586b1c251dfb82379c3c64308265fd1d8557c69769d6ba48ba7a99ec639 |
| SHA512 | 60faf4a3555fda06d394104d7d3d521d3260f267e9aa69e6bddf56742e1ddc662dfbf5f5abd890747a23c1d1e9cd60114ac3ffe71fe4840dd6512487d3712eb3 |
memory/3160-186-0x0000000000400000-0x000000000041C000-memory.dmp
memory/2656-187-0x0000000000400000-0x000000000041C000-memory.dmp
memory/2616-188-0x0000000000400000-0x000000000041C000-memory.dmp
memory/3160-190-0x0000000000400000-0x000000000041C000-memory.dmp
memory/3160-191-0x0000000000400000-0x000000000041C000-memory.dmp
memory/3160-196-0x0000000000400000-0x000000000041C000-memory.dmp
memory/3160-208-0x0000000000400000-0x000000000041C000-memory.dmp
memory/3160-212-0x0000000000400000-0x000000000041C000-memory.dmp
memory/3160-215-0x0000000000400000-0x000000000041C000-memory.dmp
memory/3160-218-0x0000000000400000-0x000000000041C000-memory.dmp
memory/3160-221-0x0000000000400000-0x000000000041C000-memory.dmp
memory/3160-224-0x0000000000400000-0x000000000041C000-memory.dmp
memory/3160-227-0x0000000000400000-0x000000000041C000-memory.dmp
memory/3160-230-0x0000000000400000-0x000000000041C000-memory.dmp
memory/3160-233-0x0000000000400000-0x000000000041C000-memory.dmp
memory/3160-236-0x0000000000400000-0x000000000041C000-memory.dmp