Analysis Overview
SHA256
21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9
Threat Level: Known bad
The file 21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9 was found to be: Known bad.
Malicious Activity Summary
UPX dump on OEP (original entry point)
Detects executables containing possible sandbox analysis VM usernames
UPX dump on OEP (original entry point)
UPX packed file
Checks computer location settings
Reads user/profile data of web browsers
Enumerates connected drives
Adds Run key to start application
Drops file in System32 directory
Drops file in Program Files directory
Drops file in Windows directory
Enumerates physical storage devices
Unsigned PE
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-03 19:23
Signatures
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-03 19:23
Reported
2024-04-03 19:25
Platform
win7-20240220-en
Max time kernel
150s
Max time network
147s
Command Line
Signatures
Detects executables containing possible sandbox analysis VM usernames
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\IME\shared\russian hardcore action hidden .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\kicking gang bang full movie boobs YEâPSè& .avi.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\french trambling big glans femdom (Jade,Liz).rar.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\shared\trambling beastiality voyeur penetration (Kathrin).rar.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\chinese gang bang several models .mpg.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\cum trambling [free] titts Ôë .rar.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Windows\System32\LogFiles\Fax\Incoming\spanish porn beast [bangbus] mature (Liz).zip.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\blowjob horse girls leather .rar.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\hardcore girls .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\cum girls (Curtney).mpg.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\italian sperm bukkake uncut 40+ .zip.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\tyrkish horse sleeping girly .rar.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\action masturbation balls (Gina,Kathrin).avi.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\danish animal trambling voyeur nipples wifey .mpg.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Program Files\DVD Maker\Shared\norwegian cumshot hidden .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Program Files\Windows Journal\Templates\hardcore several models castration .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\microsoft shared\chinese fucking fetish hidden (Anniston,Sandy).zip.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\french nude masturbation titts .mpg.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Shared Gadgets\tyrkish kicking [milf] nipples castration .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\cum trambling licking circumcision (Kathrin,Anniston).mpg.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\trambling girls circumcision .rar.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\british horse gay full movie upskirt .avi.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\british animal sleeping ash penetration .zip.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\Download\porn big (Gina).avi.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\blowjob action voyeur .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\mssrv.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\xxx several models (Kathrin).zip.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_4fe2107fd06efdd8\american bukkake girls mistress .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_1412267f4b3bb985\danish action handjob masturbation beautyfull .avi.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a3772de7111797da\italian beastiality hidden legs sm .mpg.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_6.1.7600.16385_none_49dd84a06c7c8863\swedish horse licking legs 50+ .zip.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_aedaf3947d09fbe5\porn fetish several models fishy (Christine,Kathrin).mpg.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_4d274741486b900c\gay girls (Janette).rar.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\beast action [milf] sweet .mpg.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_dd18b2a07d49aa11\japanese hardcore gang bang girls .rar.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f25d066604c2ad34\malaysia beastiality blowjob full movie young .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_en-us_00f45b041e1e8fd3\russian porn several models glans .mpg.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_095efe9c8261401e\american kicking lesbian young (Sonja,Gina).zip.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\french lingerie beastiality girls hole young .mpg.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\danish xxx [milf] .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_657d9a203abeb154\malaysia bukkake bukkake [bangbus] .zip.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_2e7f079c3208e549\swedish xxx cum hot (!) circumcision (Tatjana).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_05ea1d9b8e2bf020\fucking hot (!) .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Windows\Downloaded Program Files\norwegian cum blowjob uncut circumcision .avi.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_dba3691c6002e10e\swedish porn horse hot (!) hole swallow (Tatjana).avi.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_60a2cbbf935c42b4\horse masturbation .avi.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_f3c374fc18118ca2\swedish handjob [bangbus] boobs 50+ .avi.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\hardcore big .zip.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_f27c4f066f5c6701\nude lesbian leather (Christine,Anniston).avi.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_293ea1e3e6bc5364\german horse bukkake full movie boobs (Curtney,Jenna).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_cd2006602e5ee22e\norwegian cumshot lingerie voyeur redhair (Sonja,Jenna).rar.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8d9f242de8497d58\animal masturbation .mpg.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0ac4ebfc358e5ec0\black lingerie animal masturbation femdom .rar.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_39374e2435a71b47\asian lingerie xxx big feet (Sonja,Melissa).zip.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_5e4ff1f4cf2dee9b\german cum full movie vagina leather .avi.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ea4a469ab7713182\british cum hot (!) stockings (Ashley,Curtney).zip.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_6.1.7600.16385_none_a727eb798dcfb185\french sperm catfight boobs stockings (Tatjana).mpg.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ac16749b75335680\danish sperm sleeping titts pregnant .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_d8216ed3d8746200\sperm bukkake hot (!) legs (Christine,Sonja).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_b7f38afb92de484f\fetish [milf] .zip.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_94ab98ac6d213009\chinese handjob beast hot (!) .rar.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\spanish gay masturbation legs upskirt (Karin,Liz).avi.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\tyrkish beast lesbian licking pregnant (Kathrin,Kathrin).mpg.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\italian gay beast hidden vagina .rar.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5d9f7d70ed4643fd\gang bang sperm public ejaculation .rar.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_it-it_18a6fde3093acac7\sperm [bangbus] young (Samantha,Jenna).avi.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\trambling public (Gina,Ashley).zip.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\cum nude public titts stockings .mpg.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_94828572f7ddbf0f\british kicking big vagina mistress .zip.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5d6ada54ed6d35a2\malaysia beast sleeping (Sonja).mpg.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_6.1.7600.16385_none_6377027f0030a06a\tyrkish cumshot porn sleeping hole .zip.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_34400a5790d1d336\french horse beast catfight gorgeoushorny .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2fc4a33adb648f33\malaysia nude trambling voyeur castration .rar.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8bc7919d3f36cee7\cum hot (!) shower (Sarah).zip.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_60c2504d62fd4f0e\indian beast bukkake masturbation .zip.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Windows\winsxs\InstallTemp\cumshot kicking [milf] .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\french cum licking circumcision .rar.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\Downloads\russian lingerie big hole latex .rar.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Windows\SoftwareDistribution\Download\horse voyeur mature .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0af98f1835676d1b\brasilian horse big latex (Anniston,Kathrin).mpg.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_515dc677700303ec\german beastiality public .rar.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e30b5ec05031d17d\german horse animal [bangbus] young .mpg.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\sperm fucking [free] mistress .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_99b74194b7347cab\german porn nude girls hole redhair .zip.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_3c93ac15fd731acf\xxx horse sleeping hole .zip.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-m..-temptable-provider_31bf3856ad364e35_6.1.7600.16385_none_1dd3ce8d1e7524cd\trambling several models .zip.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\spanish beastiality masturbation legs (Anniston,Sonja).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05\norwegian gang bang catfight hole .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_00225053e03f4c04\black handjob hot (!) lady .avi.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe
"C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe"
C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe
"C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe"
C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe
"C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 251.151.239.136.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.243.199.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 251.197.189.198.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 45.34.175.144.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.232.198.213.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.23.252.143.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.71.74.63.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 242.223.41.253.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.216.135.231.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 60.246.213.232.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.71.36.17.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.226.92.146.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 174.98.206.79.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.226.163.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 51.108.149.160.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 179.41.251.17.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.166.64.26.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 38.163.87.155.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 38.144.52.97.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 250.53.243.241.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.232.187.134.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 223.47.14.49.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.109.5.253.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.56.185.189.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.238.197.47.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 85.70.65.197.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 251.196.65.131.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 179.34.75.94.in-addr.arpa | udp |
| US | 8.8.8.8:53 | udp |
Files
memory/2220-0-0x0000000000400000-0x000000000041C000-memory.dmp
C:\Program Files\Windows Sidebar\Shared Gadgets\tyrkish kicking [milf] nipples castration .mpeg.exe
| MD5 | a361848244684b7da901595b9b3b20ef |
| SHA1 | b48e25806600db7046f0988e4af6061aaee9db62 |
| SHA256 | 879467bbff6de1557649366bb01a13eae5ad50387f5a5be10a341a43d4ad0049 |
| SHA512 | ba942a8004a7265f3ff3fa3c9796ea2e5f22da8055ea9b13bf849c15abf1db43f8bacb7f3e2dfc8879097458d0c161471f0d37e9d9f32e451e8afbbbfc3341cf |
memory/2220-75-0x00000000050C0000-0x00000000050DC000-memory.dmp
memory/2552-76-0x0000000000400000-0x000000000041C000-memory.dmp
memory/2288-88-0x0000000000400000-0x000000000041C000-memory.dmp
memory/2552-87-0x0000000004A90000-0x0000000004AAC000-memory.dmp
memory/2220-92-0x0000000000400000-0x000000000041C000-memory.dmp
memory/2552-101-0x0000000000400000-0x000000000041C000-memory.dmp
memory/2288-102-0x0000000000400000-0x000000000041C000-memory.dmp
memory/2220-103-0x0000000000400000-0x000000000041C000-memory.dmp
memory/2220-104-0x0000000000400000-0x000000000041C000-memory.dmp
memory/2220-105-0x00000000050C0000-0x00000000050DC000-memory.dmp
memory/2552-108-0x0000000004A90000-0x0000000004AAC000-memory.dmp
memory/2220-109-0x0000000000400000-0x000000000041C000-memory.dmp
memory/2220-112-0x0000000000400000-0x000000000041C000-memory.dmp
memory/2220-115-0x0000000000400000-0x000000000041C000-memory.dmp
memory/2220-120-0x0000000000400000-0x000000000041C000-memory.dmp
memory/2220-123-0x0000000000400000-0x000000000041C000-memory.dmp
memory/2220-126-0x0000000000400000-0x000000000041C000-memory.dmp
memory/2220-129-0x0000000000400000-0x000000000041C000-memory.dmp
memory/2220-132-0x0000000000400000-0x000000000041C000-memory.dmp
memory/2220-135-0x0000000000400000-0x000000000041C000-memory.dmp
memory/2220-138-0x0000000000400000-0x000000000041C000-memory.dmp
memory/2220-141-0x0000000000400000-0x000000000041C000-memory.dmp
memory/2220-144-0x0000000000400000-0x000000000041C000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-03 19:23
Reported
2024-04-03 19:25
Platform
win10v2004-20240226-en
Max time kernel
150s
Max time network
148s
Command Line
Signatures
Detects executables containing possible sandbox analysis VM usernames
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\swedish gang bang lesbian big titts girly .rar.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\lingerie voyeur (Tatjana).mpg.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\SHARED\bukkake hot (!) wifey .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\japanese animal fucking licking hole .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\russian fetish fucking lesbian 40+ .zip.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\sperm hidden hole .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Windows\System32\LogFiles\Fax\Incoming\bukkake several models .zip.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\lesbian uncut high heels .rar.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\blowjob [free] cock .avi.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\swedish gang bang sperm voyeur feet .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\SHARED\tyrkish beastiality hardcore lesbian feet blondie .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\italian porn fucking uncut cock .zip.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\dotnet\shared\xxx masturbation (Liz).rar.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\fucking lesbian .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Microsoft Shared\trambling [bangbus] beautyfull .rar.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\swedish fetish xxx catfight feet mistress .avi.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\Download\brasilian cumshot blowjob masturbation cock ash (Samantha).rar.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\beast catfight glans bondage .zip.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\swedish animal bukkake lesbian YEâPSè& (Ashley,Samantha).zip.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\xxx [free] (Tatjana).mpg.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\brasilian cumshot gay lesbian feet .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Program Files\Microsoft Office\Updates\Download\brasilian horse lingerie girls (Janette).mpg.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Shared Gadgets\gay [milf] (Tatjana).avi.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\hardcore uncut shoes (Sandy,Melissa).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\tyrkish beastiality gay [milf] hole boots .mpg.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\tyrkish animal gay full movie circumcision (Christine,Liz).zip.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Templates\italian nude beast girls hole 50+ .rar.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\lingerie licking feet (Anniston,Liz).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\porn gay [bangbus] titts gorgeoushorny .zip.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\tyrkish handjob beast [free] hole (Gina,Sylvia).mpg.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\russian handjob bukkake [bangbus] stockings .rar.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.844_none_67b5915b5651dd8a\brasilian gang bang lingerie big glans girly (Melissa).zip.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_de-de_21122d7205c6f5b9\german gay sleeping penetration .avi.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_ab42fb092bda9182\malaysia beast big (Sylvia).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..s-ime-eashared-ihds_31bf3856ad364e35_10.0.19041.1_none_e8996b7d3512363f\black gang bang trambling masturbation (Curtney).rar.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\gay public glans leather .mpg.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Windows\SoftwareDistribution\Download\SharedFileCache\japanese animal blowjob lesbian leather (Sonja,Curtney).avi.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-m..ineshared.resources_31bf3856ad364e35_10.0.19041.1_en-us_99ddc8ce8d3d6dac\xxx licking swallow .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_10.0.19041.1_none_096bb4dc0d5d63a0\american cum xxx [milf] hole .mpg.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\blowjob [bangbus] .mpg.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c3d467c525734eb3\bukkake big traffic (Kathrin,Curtney).avi.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_855aff45853749ef\british xxx [milf] balls (Anniston,Samantha).avi.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.746_none_d01527cffa9c25bc\hardcore public feet 40+ (Sarah).mpg.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_10.0.19041.1_none_359f84f8e5af60e2\fetish bukkake [free] circumcision .avi.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_b597a55b603b537d\french hardcore voyeur (Karin).rar.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\templates\black kicking sperm lesbian black hairunshaved .rar.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_5b152a8d329397ec\kicking trambling [bangbus] hole .zip.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1_none_3cfd44d351b1a8ab\french trambling lesbian glans 40+ (Karin).zip.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_a4f93129c473df49\spanish horse sleeping feet wifey .mpg.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-m..ineshared.resources_31bf3856ad364e35_10.0.19041.1_en-us_a4327320c19e2fa7\african bukkake masturbation penetration .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Windows\SystemResources\Windows.ShellCommon.SharedResources\hardcore lesbian high heels .rar.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.789_en-us_58ebf9ecc407e3c0\xxx voyeur titts .avi.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_621728fcd3c9d5f6\xxx hidden fishy .rar.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedrealitysvc_31bf3856ad364e35_10.0.19041.1_none_5a23b464e1e0b15e\chinese beast uncut glans .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx4-uninstallsqlstatetemplate_sql_b03f5f7f11d50a3a_4.0.15805.0_none_db70a8ec1b999dd5\malaysia bukkake girls mature (Sonja,Karin).rar.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.572_none_d9e58b774d1b6e80\german bukkake [bangbus] hole 40+ (Samantha).avi.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_en-us_8dd6053a0a5910eb\blowjob public titts black hairunshaved .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_10.0.19041.1_none_0341fea186758116\russian handjob blowjob hot (!) YEâPSè& .mpg.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_67a96afcfa248327\german blowjob catfight lady (Gina,Jade).avi.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Windows\Downloaded Program Files\indian cum bukkake voyeur ash .avi.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_en-us_310bfb76047869ad\german xxx lesbian titts beautyfull (Janette).mpg.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_10.0.19041.1_none_8c0b126c198fcf70\action sperm uncut femdom .zip.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_10.0.19041.1_none_a3d9a07cf2290837\asian trambling [bangbus] sm .avi.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Windows\WinSxS\x86_netfx4-installsqlstatetemplate_sql_b03f5f7f11d50a3a_4.0.15805.0_none_bde408a455fc3ece\french blowjob masturbation ash .rar.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_1bbb9ab9fc52bac9\cumshot lingerie voyeur feet (Sandy,Jade).zip.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.906_none_ef0e010d1381269b\action sperm several models hole young (Samantha).rar.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_bca64d70c79f104b\cum lesbian lesbian mistress .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_7860bee9439c3ae7\swedish horse bukkake voyeur ejaculation .avi.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..se-shared-datafiles_31bf3856ad364e35_10.0.19041.1_none_2f5f00d280dce9f6\chinese horse several models sweet .mpg.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_e79b400a6df5fd2c\sperm [milf] (Liz).rar.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_10.0.19041.1_none_ee94ce5eb8e7e4c0\asian blowjob sleeping cock stockings .zip.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_10.0.19041.1_none_01240756137c3159\american kicking sperm lesbian YEâPSè& .rar.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_10.0.19041.1_none_03040a328f65b761\norwegian sperm hidden titts granny .mpg.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\danish nude trambling full movie circumcision .zip.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_8fafa997b9980bea\norwegian sperm hidden bondage .zip.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_ca03036af4a5017e\sperm lesbian glans latex (Tatjana).zip.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_de-de_16bd831fd16633be\fetish bukkake [free] shoes .avi.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_62312bfbb33d478a\african gay lesbian (Curtney).rar.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_887b2378b7b5651d\asian lingerie licking (Samantha).avi.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx4-_dataperfcou.._shared12_neutral_h_b03f5f7f11d50a3a_4.0.15805.0_none_24ed4511dcc3019e\chinese trambling lesbian gorgeoushorny .rar.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.1_none_4a03fd12cb3f16c2\beast [milf] castration .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_8d8f6812a0c99533\tyrkish animal xxx lesbian castration (Ashley,Sarah).rar.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Windows\WinSxS\x86_netfx4-uninstallsqlstatetemplate_sql_b03f5f7f11d50a3a_4.0.15805.0_none_231ddfc33015c6db\horse licking titts Ôï (Curtney).avi.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Windows\assembly\tmp\black beastiality lesbian sleeping glans .zip.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..ces-ime-eashared-lm_31bf3856ad364e35_10.0.19041.1_none_3d0229d17c310f10\asian beast voyeur stockings (Anniston,Liz).rar.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1202_none_d8a1416ab7cccdcf\spanish trambling catfight feet sm (Karin).rar.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-t..ervices-tsfairshare_31bf3856ad364e35_10.0.19041.1_none_e32b64807ab11fd2\malaysia bukkake licking titts .mpg.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_de-de_e4e52f411b7b0526\handjob hardcore [milf] bondage .mpg.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Windows\SoftwareDistribution\Download\swedish kicking hardcore [milf] castration .rar.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_es-es_64c107d8bb3ade94\spanish sperm licking wifey (Kathrin,Jade).mpg.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_3a3c49005c947bac\french sperm several models cock leather (Sarah).avi.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.1_none_b6514808f7d87b1a\italian cumshot bukkake several models .mpg.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_211cf1c632a13851\brasilian cum blowjob uncut circumcision .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_it-it_f1a0741e853eda74\trambling [free] .zip.exe | C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe
"C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe"
C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe
"C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe"
C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe
"C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe"
C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe
"C:\Users\Admin\AppData\Local\Temp\21edab02c1ad7d249b699ee02a1db46ddbec44793d8016b14a21eb9a4c9ae9b9.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 218.122.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.223.72.159.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.42.206.112.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 39.199.72.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.62.64.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.136.146.202.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 201.141.34.124.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 184.199.240.167.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.171.200.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.36.7.36.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.53.168.85.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.242.44.79.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 159.241.76.79.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.38.147.174.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.129.2.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.117.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.69.132.196.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.131.36.53.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 96.161.151.114.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.236.140.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.53.215.239.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 118.33.137.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 235.87.155.210.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 174.21.174.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 236.157.64.175.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.206.5.208.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.213.17.233.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.133.62.254.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.32.127.198.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.158.158.80.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.111.85.100.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 135.26.211.101.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.252.208.139.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 248.202.149.124.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.166.196.164.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.163.162.183.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 204.25.246.12.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 176.133.157.49.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 135.244.227.118.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.9.255.1.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.163.152.215.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.94.255.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 224.89.210.71.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.117.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.43.246.14.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 214.68.228.63.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.114.230.147.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 51.186.112.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.19.6.73.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 115.121.26.15.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.20.210.238.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.224.61.32.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.122.78.68.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 139.224.7.156.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.167.209.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 93.46.161.79.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.12.81.47.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.162.168.58.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.64.178.120.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.179.165.254.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.250.29.9.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.36.159.212.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 120.110.167.36.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 107.173.109.133.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.255.231.134.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.9.218.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 167.241.155.58.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.157.60.203.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.126.174.232.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.143.54.170.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.164.229.57.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 182.80.161.226.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 219.3.235.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.200.189.254.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 45.121.155.2.in-addr.arpa | udp |
Files
memory/316-0-0x0000000000400000-0x000000000041C000-memory.dmp
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\fucking lesbian .mpeg.exe
| MD5 | 190258d7ec4b5659db7024ca4d54bea7 |
| SHA1 | e909655b7328d7238fb92ccd407fa303edbe4ed4 |
| SHA256 | 630b302af5692eaf1edf15b38f25ca2d2d9373a3e72fe93026968329412df2b4 |
| SHA512 | bfe2662244c6bac7f9558846c4be023c214384967a1206e8af9fcbeb31d0d58df318c23694703cfefa840413c52c6d6065b9f91414b287d13163ff90c68259f5 |
memory/4888-92-0x0000000000400000-0x000000000041C000-memory.dmp
memory/4216-175-0x0000000000400000-0x000000000041C000-memory.dmp
memory/316-184-0x0000000000400000-0x000000000041C000-memory.dmp
memory/4888-185-0x0000000000400000-0x000000000041C000-memory.dmp
memory/4164-186-0x0000000000400000-0x000000000041C000-memory.dmp
memory/4216-187-0x0000000000400000-0x000000000041C000-memory.dmp
memory/316-189-0x0000000000400000-0x000000000041C000-memory.dmp
memory/316-190-0x0000000000400000-0x000000000041C000-memory.dmp
memory/316-196-0x0000000000400000-0x000000000041C000-memory.dmp
memory/316-206-0x0000000000400000-0x000000000041C000-memory.dmp
memory/316-210-0x0000000000400000-0x000000000041C000-memory.dmp
memory/316-215-0x0000000000400000-0x000000000041C000-memory.dmp
memory/316-219-0x0000000000400000-0x000000000041C000-memory.dmp
memory/316-223-0x0000000000400000-0x000000000041C000-memory.dmp
memory/316-227-0x0000000000400000-0x000000000041C000-memory.dmp
memory/316-231-0x0000000000400000-0x000000000041C000-memory.dmp
memory/316-235-0x0000000000400000-0x000000000041C000-memory.dmp
memory/316-239-0x0000000000400000-0x000000000041C000-memory.dmp
memory/316-243-0x0000000000400000-0x000000000041C000-memory.dmp
memory/316-247-0x0000000000400000-0x000000000041C000-memory.dmp