Analysis Overview
SHA256
998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4
Threat Level: Known bad
The file 998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4 was found to be: Known bad.
Malicious Activity Summary
UPX dump on OEP (original entry point)
UPX dump on OEP (original entry point)
Detects executables containing possible sandbox analysis VM usernames
Checks computer location settings
UPX packed file
Reads user/profile data of web browsers
Adds Run key to start application
Enumerates connected drives
Drops file in System32 directory
Drops file in Windows directory
Drops file in Program Files directory
Enumerates physical storage devices
Unsigned PE
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-07 23:42
Signatures
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-07 23:42
Reported
2024-04-07 23:45
Platform
win7-20240221-en
Max time kernel
150s
Max time network
152s
Command Line
Signatures
Detects executables containing possible sandbox analysis VM usernames
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\IME\shared\xxx [bangbus] pregnant (Anniston,Sylvia).avi.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\black kicking bukkake big fishy (Britney,Jade).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\british fucking uncut .mpg.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Windows\System32\LogFiles\Fax\Incoming\american gang bang blowjob uncut .avi.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\fucking several models titts .rar.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\bukkake girls (Liz).avi.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\sperm [free] titts .avi.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\indian handjob beast full movie hole beautyfull (Sylvia).rar.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\shared\black fetish sperm masturbation titts balls (Samantha).mpg.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\swedish gang bang blowjob big gorgeoushorny .rar.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\action sperm several models hole .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\japanese animal beast [free] cock girly .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Program Files\DVD Maker\Shared\american action horse [milf] hole hairy (Sarah).rar.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Program Files\Windows Journal\Templates\hardcore hidden fishy (Christine,Janette).avi.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Shared Gadgets\indian handjob lingerie [free] glans ìï (Curtney).avi.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\japanese gang bang horse girls sweet .mpg.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\Download\gay licking boots .avi.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\brasilian animal hardcore several models glans .zip.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\lesbian catfight shower .mpg.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\tyrkish animal horse [free] .avi.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\italian beastiality hardcore full movie (Samantha).zip.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\tyrkish handjob beast hot (!) blondie .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\microsoft shared\tyrkish nude sperm hidden (Tatjana).avi.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\hardcore voyeur ash .zip.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\russian animal blowjob full movie titts shower .zip.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\sperm [bangbus] hole beautyfull .avi.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_657d9a203abeb154\african sperm catfight circumcision (Sandy,Liz).avi.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_2e7f079c3208e549\malaysia xxx uncut high heels .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_3c93ac15fd731acf\handjob blowjob several models feet .rar.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\fucking lesbian .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Windows\security\templates\tyrkish cum blowjob [free] glans black hairunshaved .mpg.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_34400a5790d1d336\norwegian sperm big titts high heels (Curtney).mpg.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8bfc34b93f0fdd42\african trambling full movie .avi.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_c26c5b8280c6af34\cumshot lingerie several models (Jade).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\swedish nude bukkake full movie .avi.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\american gang bang hardcore [bangbus] fishy .zip.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\russian kicking lesbian sleeping swallow .mpg.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_f0ca3430257ea13f\malaysia bukkake full movie titts mature .avi.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_d81c96999f75bd77\kicking gay voyeur .zip.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_16a2bb1dbab1c595\gang bang xxx [bangbus] .avi.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_ddab3bcb3a4ffb45\african lingerie licking (Karin).zip.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_387a16fe7addf3b6\animal gay hot (!) titts mature .mpg.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\brasilian horse beast catfight .mpg.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\Downloads\blowjob [free] (Janette).rar.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_293ea1e3e6bc5364\cumshot blowjob public glans upskirt (Melissa).rar.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_65b23d3c3a97bfaf\indian porn horse full movie swallow (Sandy,Jade).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_aedaf3947d09fbe5\norwegian trambling full movie beautyfull .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\horse full movie redhair .mpg.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_05ea1d9b8e2bf020\italian action bukkake [free] cock wifey .rar.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Windows\assembly\tmp\swedish cumshot lesbian voyeur titts .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f25d066604c2ad34\british bukkake full movie .rar.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_99b74194b7347cab\french hardcore sleeping glans swallow (Liz).mpg.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a3772de7111797da\german bukkake [bangbus] (Sylvia).avi.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_6208b91f46896156\russian animal bukkake public (Karin).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0835101f2d90c7b6\spanish bukkake hidden glans beautyfull (Samantha).rar.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_en-us_00f45b041e1e8fd3\italian beastiality blowjob big hole balls (Liz).zip.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_es-es_00bfb7e81e458178\african xxx voyeur leather (Jenna,Curtney).avi.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_60c2504d62fd4f0e\french trambling full movie beautyfull .mpg.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_a945e2c500c90142\beast masturbation cock upskirt .avi.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_bcc167434bb9b3ea\malaysia beast girls beautyfull .mpg.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_6.1.7600.16385_none_6377027f0030a06a\norwegian hardcore [free] (Liz).rar.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_dba3691c6002e10e\chinese hardcore hidden girly .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5d9f7d70ed4643fd\brasilian cumshot gay public (Sylvia).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ea4a469ab7713182\gay girls feet black hairunshaved .rar.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-m..-temptable-provider_31bf3856ad364e35_6.1.7600.16385_none_1dd3ce8d1e7524cd\german blowjob [bangbus] leather .avi.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_b7f38afb92de484f\cum blowjob catfight glans pregnant (Tatjana).avi.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\italian action beast voyeur (Jade).zip.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\danish action lesbian voyeur redhair .avi.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_94828572f7ddbf0f\horse blowjob public cock boots .avi.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8bc7919d3f36cee7\french lingerie catfight (Samantha).rar.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ac16749b75335680\russian beastiality blowjob full movie feet castration .avi.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\indian handjob lingerie voyeur titts beautyfull .zip.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_6.1.7600.16385_none_af6f98ff87b0e3cc\trambling masturbation cock wifey (Sylvia).avi.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\lesbian licking feet traffic (Sylvia).zip.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\american handjob sperm [free] femdom .rar.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_4fe2107fd06efdd8\asian lingerie hidden shoes .zip.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_aea650787d30ed8a\hardcore hot (!) .avi.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\lingerie big hole traffic .mpg.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_963e6ae24c653bfe\british sperm masturbation boots (Sonja,Karin).zip.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_39c9d74ef2ad6c7b\trambling girls YEâPSè& (Sonja,Karin).zip.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Windows\winsxs\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_79642285ffd2a388\african horse big YEâPSè& .mpg.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_965db382b6fef5cb\asian sperm [bangbus] penetration .avi.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\swedish action beast uncut latex .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\american beastiality hardcore several models glans swallow .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\swedish animal sperm girls girly (Anniston,Samantha).avi.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_de-de_5803850b2f40840e\cumshot horse full movie castration .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_it-it_18a6fde3093acac7\swedish porn lingerie sleeping pregnant (Britney,Tatjana).rar.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_00225053e03f4c04\german xxx catfight hole .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8c6fc5a7aa8c435d\norwegian fucking lesbian mistress (Sonja,Janette).mpg.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe
"C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe"
C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe
"C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe"
C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe
"C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe"
C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe
"C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 2.84.154.155.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.167.149.79.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.255.142.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.198.134.82.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 176.200.1.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.135.89.106.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.123.209.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 123.218.95.135.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 142.66.188.120.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 159.91.125.90.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 61.242.248.90.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.95.214.97.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.84.145.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.226.86.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.237.99.134.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 159.159.162.180.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 220.187.33.238.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.130.70.111.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.247.204.135.in-addr.arpa | udp |
Files
memory/1624-0-0x0000000000400000-0x0000000000420000-memory.dmp
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\action sperm several models hole .mpeg.exe
| MD5 | 15eb796b4e6a5f946b45f13bedec82b2 |
| SHA1 | fa2f1b878a506f2f0429c1b8c2d3f89a16a40aa7 |
| SHA256 | 0b60f365788ff81119793f486704b175a91a9c37ca331d9ac3c706cee305d107 |
| SHA512 | 7acc020b2484623b7388e5e5652bb11207b4230dd59ecd3eeb950a26111295181c4ed0d9d8be0c1f09fec4c34f9ed4d42edf0ae003eff31f43874b017a0af30f |
memory/1624-9-0x0000000005050000-0x0000000005070000-memory.dmp
memory/2596-10-0x0000000000400000-0x0000000000420000-memory.dmp
memory/2576-57-0x0000000000400000-0x0000000000420000-memory.dmp
memory/2544-56-0x0000000000400000-0x0000000000420000-memory.dmp
memory/2596-55-0x0000000002050000-0x0000000002070000-memory.dmp
memory/1624-92-0x0000000000400000-0x0000000000420000-memory.dmp
memory/2596-93-0x0000000000400000-0x0000000000420000-memory.dmp
memory/2576-95-0x0000000000400000-0x0000000000420000-memory.dmp
memory/1624-96-0x0000000000400000-0x0000000000420000-memory.dmp
memory/1624-97-0x0000000000400000-0x0000000000420000-memory.dmp
memory/1624-99-0x0000000005050000-0x0000000005070000-memory.dmp
memory/1624-102-0x0000000005090000-0x00000000050B0000-memory.dmp
memory/1624-104-0x0000000000400000-0x0000000000420000-memory.dmp
memory/1624-108-0x0000000000400000-0x0000000000420000-memory.dmp
C:\debug.txt
| MD5 | 02b0b2842d0469b373d90bf3bb7387ec |
| SHA1 | 81d789d689ae5dc77cf5bde77585cb4c90f57b9b |
| SHA256 | 7bd0bd62704a40e24dcd8af31ec3d2c186079920965d4de126dc1313473cf0d7 |
| SHA512 | c77e3da42dea2cfe8becf7ebd97bb4a38b9bb335262bc884119c5682b71b6768b40f08dcf410b9f8a51f1b9d0669a7f17f8d70637052801dbedcdea473379088 |
memory/1624-122-0x0000000000400000-0x0000000000420000-memory.dmp
memory/1624-126-0x0000000000400000-0x0000000000420000-memory.dmp
memory/1624-130-0x0000000000400000-0x0000000000420000-memory.dmp
memory/1624-134-0x0000000000400000-0x0000000000420000-memory.dmp
memory/1624-140-0x0000000000400000-0x0000000000420000-memory.dmp
memory/1624-144-0x0000000000400000-0x0000000000420000-memory.dmp
memory/1624-148-0x0000000000400000-0x0000000000420000-memory.dmp
memory/1624-152-0x0000000000400000-0x0000000000420000-memory.dmp
memory/1624-156-0x0000000000400000-0x0000000000420000-memory.dmp
memory/1624-160-0x0000000000400000-0x0000000000420000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-07 23:42
Reported
2024-04-07 23:45
Platform
win10v2004-20240226-en
Max time kernel
150s
Max time network
150s
Command Line
Signatures
Detects executables containing possible sandbox analysis VM usernames
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\config\systemprofile\lingerie [milf] (Sylvia).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\tyrkish action lesbian hidden feet .zip.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\bukkake voyeur glans penetration .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\SHARED\spanish xxx hidden .mpg.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\italian cumshot lingerie masturbation (Melissa).avi.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\sperm catfight tß .rar.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\SHARED\xxx full movie fishy .zip.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\brasilian horse blowjob [free] young .zip.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\american beastiality xxx [bangbus] cock sweet .mpg.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\indian porn horse full movie wifey (Sonja,Sylvia).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\asian lesbian catfight YEâPSè& (Ashley,Tatjana).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Windows\System32\LogFiles\Fax\Incoming\russian handjob hardcore lesbian titts .avi.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\fucking lesbian hotel (Sonja,Melissa).zip.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\indian horse fucking girls titts .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Program Files\Microsoft Office\Updates\Download\danish action xxx [bangbus] (Janette).mpg.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Shared Gadgets\russian kicking gay uncut cock ash (Karin).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\Download\american nude blowjob catfight hotel .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\russian fetish fucking voyeur feet ash (Sylvia).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Templates\horse big .avi.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\tyrkish horse sperm masturbation balls (Jenna,Jade).zip.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\fucking licking hotel .avi.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\russian kicking lingerie full movie hole .zip.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Program Files\dotnet\shared\italian fetish beast public femdom .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\brasilian action fucking masturbation lady (Kathrin,Sarah).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\norwegian bukkake [bangbus] glans sm .zip.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\beast sleeping cock latex (Janette).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\horse catfight mistress .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\bukkake girls .mpg.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Microsoft Shared\blowjob public titts penetration (Karin).zip.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\japanese handjob bukkake [bangbus] hotel .rar.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_de-de_16bd831fd16633be\italian kicking bukkake girls titts balls .rar.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_10.0.19041.746_none_292c449ed2edefa3\japanese cumshot beast several models stockings (Christine,Liz).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_6242879b1c08046f\danish beastiality fucking uncut cock .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\danish beastiality xxx hot (!) upskirt .rar.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedpc-sharedpccsp_31bf3856ad364e35_10.0.19041.1_none_24f622f1fc5a3f3c\asian fucking hidden fishy (Anniston,Tatjana).rar.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.746_none_aaeae146be52e178\hardcore [bangbus] pregnant .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\bukkake lesbian .avi.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_de-de_881b257d159a5de8\italian gang bang blowjob several models circumcision .mpg.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.1_none_abfc9db6c377b91f\british blowjob several models hole young .zip.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_10.0.19041.746_none_e2c6a972a81b8d2c\spanish horse sleeping upskirt .avi.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\templates\brasilian animal horse lesbian 40+ (Sandy,Tatjana).avi.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d38ece58f77171b4\canadian trambling [milf] (Janette).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_10.0.19041.1_none_a3d9a07cf2290837\handjob fucking licking sm .avi.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Windows\SoftwareDistribution\Download\swedish fetish xxx [free] cock boots .zip.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.1_none_f42978969c79336a\french horse big circumcision .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_en-us_64f5aaf4bb13ecef\british fucking lesbian (Curtney).zip.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_bca64d70c79f104b\nude hardcore [free] .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Windows\CbsTemp\indian gang bang lingerie hot (!) titts traffic (Melissa).mpg.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.1_none_0bc0f3d4cd7dc8fd\xxx girls cock 50+ .mpg.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1_none_3cfd44d351b1a8ab\porn xxx licking YEâPSè& .mpg.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_07787dd7ae0cf4f6\porn lesbian [free] .mpg.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.867_none_c29826784f9429f8\norwegian fucking licking cock .rar.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_e79b400a6df5fd2c\brasilian handjob xxx big feet pregnant (Tatjana).avi.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Windows\WinSxS\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_10.0.19041.1_none_4ab14109a3e1e067\spanish xxx girls glans gorgeoushorny .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\xxx uncut swallow .mpg.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_5af076e0a3cb0fa7\chinese trambling licking glans femdom (Samantha).rar.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_10.0.19041.1_none_965fbcbe4df0916b\indian cumshot beast masturbation feet .mpg.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_62312bfbb33d478a\norwegian blowjob hidden .avi.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-update-upshared_31bf3856ad364e35_10.0.19041.1151_none_025296d718a7b3a8\tyrkish porn blowjob catfight balls .zip.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_211cf1c632a13851\american kicking beast several models feet .rar.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_833abdc06c68d338\cumshot hardcore hidden cock fishy (Karin).avi.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_93c5f32b7859ec4f\beastiality fucking licking titts .mpg.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_10.0.19041.1_none_91025638be651781\cumshot gay girls .avi.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-sx-shared_31bf3856ad364e35_10.0.19041.1_none_f8e978b0ed48a6bb\beastiality lesbian voyeur (Liz).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\tyrkish action blowjob hot (!) cock granny .zip.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.928_none_33e0d5558cdd7c61\asian xxx uncut sm (Jenna,Samantha).avi.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-security-ntlmshared_31bf3856ad364e35_10.0.19041.1_none_734900fc110387b6\beast public fishy .avi.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-w..acejoin-gptemplates_31bf3856ad364e35_10.0.19041.1_none_609f27436445f4da\norwegian lesbian lesbian (Tatjana).rar.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Windows\mssrv.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-t..ervices-tsfairshare_31bf3856ad364e35_10.0.19041.1_none_e32b64807ab11fd2\norwegian horse public 40+ (Ashley,Tatjana).rar.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.546_none_cd016aa683e5a345\fetish gay catfight granny .zip.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-m..ineshared.resources_31bf3856ad364e35_10.0.19041.1_en-us_a4327320c19e2fa7\indian porn sperm several models leather .rar.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_10.0.19041.1_none_0341fea186758116\porn sperm catfight (Jade).zip.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_d58d4747b1d5988c\indian horse trambling [milf] (Jade).zip.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_de-de_21122d7205c6f5b9\tyrkish kicking trambling masturbation bedroom .zip.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.1266_none_7916f7558927ae23\malaysia lesbian [free] shower .rar.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_fd7349c396c417ae\british sperm lesbian sweet .mpg.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Windows\WinSxS\x86_microsoft-windows-m..-temptable-provider_31bf3856ad364e35_10.0.19041.1_none_77cfea69a421a4a1\gang bang lingerie [milf] cock young (Liz).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Windows\WinSxS\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_10.0.19041.1_none_c049dbdb4e15bdd2\spanish xxx [free] feet (Sonja,Karin).avi.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx-aspnet-sharedcomponents_b03f5f7f11d50a3a_4.0.19041.1_none_47ca94859da20b28\russian cum horse sleeping stockings .zip.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-security-ntlmshared_31bf3856ad364e35_10.0.19041.1_none_7d9dab4e456449b1\beast sleeping titts (Jenna,Liz).mpg.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Windows\WinSxS\x86_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_10.0.19041.1_none_34e3bab50607a64b\malaysia fucking hidden hole hairy .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Windows\assembly\tmp\american cumshot lesbian catfight .avi.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_ee7ea14f7d8a3ee3\horse xxx lesbian swallow .mpg.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_es-es_8da1621e0a800290\cum lesbian girls .mpg.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_b597a55b603b537d\trambling uncut cock YEâPSè& (Liz).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx-aspnet-nonwow64-shared_b03f5f7f11d50a3a_4.0.19041.1_none_d66d07dacac85e2d\porn horse masturbation mature .avi.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx4-installsqlstatetemplate_sql_b03f5f7f11d50a3a_4.0.15805.0_none_7636d1cd418015c8\african bukkake catfight hole bedroom (Curtney).rar.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_a4f93129c473df49\sperm [bangbus] .rar.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_2fe79eae2833b9b1\asian blowjob sleeping young .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_8fafa997b9980bea\norwegian xxx hot (!) redhair .zip.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..ces-ime-eashared-lm_31bf3856ad364e35_10.0.19041.1_none_4756d423b091d10b\fucking [milf] cock (Gina,Sarah).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\lesbian [bangbus] glans balls (Karin).mpg.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-a..gement-uevtemplates_31bf3856ad364e35_10.0.19041.1_none_0d66b54875835a49\chinese lingerie girls upskirt .zip.exe | C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe
"C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe"
C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe
"C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe"
C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe
"C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe"
C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe
"C:\Users\Admin\AppData\Local\Temp\998c67644f4a053595afc95d9b03fb4ac5c98267735fcd99e535e2f67cec61e4.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.204.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 243.68.101.110.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 164.110.15.68.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.63.14.212.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.236.105.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.181.122.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.47.231.165.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 239.107.61.100.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 255.251.245.22.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 191.18.56.155.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.113.107.94.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.72.70.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.191.104.200.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.144.91.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.235.99.221.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.45.92.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 60.20.248.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 245.255.122.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 122.75.152.72.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.137.109.181.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 188.185.143.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 128.237.63.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.198.141.101.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 37.223.233.248.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.2.38.1.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.211.15.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 174.213.250.120.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 147.150.141.48.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.82.134.182.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.210.61.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.234.33.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.194.135.187.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.22.70.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.214.90.255.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.55.165.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 12.174.199.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 47.16.77.133.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.12.180.53.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 116.15.169.30.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.253.52.139.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.186.8.118.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.144.168.237.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.220.222.36.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 151.147.188.207.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.45.149.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 54.43.166.110.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.51.78.17.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.52.106.232.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 215.253.77.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 151.154.87.41.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.179.139.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.226.63.247.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 118.127.131.115.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 236.152.231.72.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 141.55.4.27.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.221.129.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.109.205.121.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.177.142.241.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 185.245.26.180.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 142.100.5.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.217.51.198.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.232.96.109.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.74.29.201.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.160.129.129.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.31.253.213.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 135.115.94.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.147.51.143.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 115.245.58.252.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 143.71.144.41.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 148.50.194.223.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 118.13.165.71.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.186.15.144.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.191.158.237.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 63.161.26.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.29.161.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.68.202.42.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 165.71.44.27.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.70.251.24.in-addr.arpa | udp |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp |
Files
memory/1628-0-0x0000000000400000-0x0000000000420000-memory.dmp
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\russian fetish fucking voyeur feet ash (Sylvia).mpeg.exe
| MD5 | c3b65935f0fa24d4fa12590937d20040 |
| SHA1 | 7e050eadd36fe0f9c5fc7671a4c8c7256474e768 |
| SHA256 | 768197d831b671237d248860c184af856ed247d569d465eb7325dff99a8729d0 |
| SHA512 | 6be8ebd8b0124b3fe4846079249e29d1f476d46cf6877f70946986d24fdbdaa1122c4455af7ec48cbc1431b8d4afe8ff5448dc033f1cd9e2a72d106f56fffd1e |
memory/4132-87-0x0000000000400000-0x0000000000420000-memory.dmp
memory/4912-163-0x0000000000400000-0x0000000000420000-memory.dmp
memory/2176-162-0x0000000000400000-0x0000000000420000-memory.dmp
memory/1628-180-0x0000000000400000-0x0000000000420000-memory.dmp
memory/4132-181-0x0000000000400000-0x0000000000420000-memory.dmp
memory/4912-183-0x0000000000400000-0x0000000000420000-memory.dmp
memory/1628-185-0x0000000000400000-0x0000000000420000-memory.dmp
memory/1628-191-0x0000000000400000-0x0000000000420000-memory.dmp
memory/1628-201-0x0000000000400000-0x0000000000420000-memory.dmp
memory/1628-205-0x0000000000400000-0x0000000000420000-memory.dmp
memory/1628-210-0x0000000000400000-0x0000000000420000-memory.dmp
memory/1628-214-0x0000000000400000-0x0000000000420000-memory.dmp
memory/1628-218-0x0000000000400000-0x0000000000420000-memory.dmp
memory/1628-222-0x0000000000400000-0x0000000000420000-memory.dmp
memory/1628-226-0x0000000000400000-0x0000000000420000-memory.dmp
memory/1628-230-0x0000000000400000-0x0000000000420000-memory.dmp
memory/1628-234-0x0000000000400000-0x0000000000420000-memory.dmp
memory/1628-238-0x0000000000400000-0x0000000000420000-memory.dmp
memory/1628-242-0x0000000000400000-0x0000000000420000-memory.dmp