Analysis Overview
SHA256
055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00
Threat Level: Known bad
The file 055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00 was found to be: Known bad.
Malicious Activity Summary
UPX dump on OEP (original entry point)
Detects executables containing possible sandbox analysis VM usernames
UPX dump on OEP (original entry point)
Reads user/profile data of web browsers
Checks computer location settings
UPX packed file
Enumerates connected drives
Adds Run key to start application
Drops file in System32 directory
Drops file in Program Files directory
Drops file in Windows directory
Enumerates physical storage devices
Unsigned PE
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-07 18:15
Signatures
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-07 18:15
Reported
2024-04-07 18:18
Platform
win7-20240221-en
Max time kernel
150s
Max time network
154s
Command Line
Signatures
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\System32\DriverStore\Temp\fucking [free] hole shower .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\shared\brasilian action lingerie licking boots .mpg.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\gay [bangbus] (Jade).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\brasilian cumshot beast several models cock .mpg.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\shared\trambling masturbation glans .mpg.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\indian horse blowjob uncut feet (Sandy,Sarah).rar.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\sperm catfight glans latex (Sarah).avi.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\horse fucking sleeping .mpg.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Windows\System32\LogFiles\Fax\Incoming\lesbian [bangbus] glans .avi.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\beast lesbian feet circumcision .rar.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\danish horse blowjob full movie girly (Jenna,Sylvia).mpg.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\hardcore lesbian high heels .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Program Files\Windows Journal\Templates\lingerie big blondie .mpg.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Shared Gadgets\xxx girls titts .zip.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\hardcore big (Samantha).avi.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\american handjob fucking full movie penetration .zip.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\swedish fetish fucking girls balls .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\fucking hidden fishy (Sandy,Tatjana).avi.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\Download\tyrkish nude lesbian [bangbus] traffic .avi.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\american animal gay full movie feet .rar.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\swedish kicking beast [free] hole 50+ (Sylvia).avi.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\black action hardcore masturbation stockings .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Program Files\DVD Maker\Shared\italian gang bang beast uncut young (Britney,Karin).avi.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\microsoft shared\beast big bondage (Anniston,Curtney).mpg.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\russian fetish horse [bangbus] .zip.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\ServiceProfiles\NetworkService\Downloads\sperm hot (!) feet black hairunshaved .avi.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0ac4ebfc358e5ec0\canadian gay licking (Melissa).rar.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_963e6ae24c653bfe\malaysia horse several models titts bedroom .rar.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\blowjob masturbation YEâPSè& .mpg.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_4fe2107fd06efdd8\swedish kicking fucking [bangbus] hole swallow (Sarah).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a3772de7111797da\lingerie hidden mistress .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_6.1.7600.16385_none_a727eb798dcfb185\german sperm catfight .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-m..-temptable-provider_31bf3856ad364e35_6.1.7600.16385_none_1dd3ce8d1e7524cd\indian fetish beast hot (!) balls .avi.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_ddab3bcb3a4ffb45\fetish fucking masturbation hairy (Sonja,Janette).avi.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_94ab98ac6d213009\indian cumshot gay voyeur blondie .zip.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0af98f1835676d1b\kicking xxx public (Curtney).rar.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_d81c96999f75bd77\cumshot blowjob girls mistress (Kathrin,Sylvia).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5d9f7d70ed4643fd\porn blowjob catfight (Janette).avi.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5d6ada54ed6d35a2\animal bukkake hidden swallow .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_6.1.7600.16385_none_6377027f0030a06a\malaysia blowjob licking sweet .avi.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_39374e2435a71b47\cumshot trambling [free] hole bondage .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Windows\mssrv.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_657d9a203abeb154\spanish horse full movie feet bondage .avi.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_3c93ac15fd731acf\asian trambling voyeur castration (Sonja,Curtney).zip.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8bfc34b93f0fdd42\nude blowjob [free] titts ash (Janette).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\bukkake big titts castration .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_515dc677700303ec\italian horse trambling big ash .mpg.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\fucking big feet sweet .rar.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_6f0f7833cb71e18d\japanese fetish horse [milf] cock shoes .avi.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8d9f242de8497d58\lesbian full movie (Karin).rar.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_f3c374fc18118ca2\fucking licking balls (Christine,Sylvia).avi.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\indian cum horse masturbation (Sarah).rar.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_f27c4f066f5c6701\bukkake hot (!) titts .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0835101f2d90c7b6\horse bukkake [bangbus] redhair .zip.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e30b5ec05031d17d\sperm [free] titts lady .rar.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_6208b91f46896156\lesbian full movie mistress (Jenna,Tatjana).rar.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_4d274741486b900c\spanish lingerie catfight balls .rar.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\xxx licking granny (Sandy,Curtney).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_65b23d3c3a97bfaf\german gay sleeping .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_en-us_00f45b041e1e8fd3\tyrkish action horse girls feet leather (Janette).mpg.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_b7f38afb92de484f\malaysia trambling big (Melissa).zip.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_6.1.7600.16385_none_2958d4a31d2ec64f\fetish lesbian masturbation (Sarah).avi.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\american gang bang xxx masturbation hole pregnant (Curtney).rar.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Windows\winsxs\InstallTemp\cum blowjob several models .rar.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_5e4ff1f4cf2dee9b\japanese porn trambling full movie .zip.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Windows\SoftwareDistribution\Download\indian animal gay hot (!) feet girly .mpg.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\brasilian nude beast public titts .rar.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_c26c5b8280c6af34\black action horse catfight feet beautyfull (Tatjana).rar.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_387a16fe7addf3b6\fetish horse public balls .mpg.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\sperm girls ash .rar.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Windows\security\templates\lesbian big hotel (Kathrin,Liz).avi.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\trambling several models lady .rar.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\russian nude sperm sleeping (Tatjana).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Windows\assembly\tmp\lingerie masturbation titts leather .zip.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_bcc167434bb9b3ea\african hardcore public .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b4aea777fe683838\porn hardcore girls glans sweet .zip.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_it-it_18a6fde3093acac7\horse horse uncut wifey .rar.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\tyrkish action trambling licking mature .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\hardcore sleeping .avi.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ea4a469ab7713182\sperm uncut feet shoes (Curtney).zip.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_1412267f4b3bb985\british fucking big cock boots .rar.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_f0ca3430257ea13f\animal gay masturbation (Samantha).mpg.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\horse hot (!) .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_3863e9ef3f804dd9\cumshot hardcore licking cock .rar.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\hardcore licking cock .zip.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Windows\assembly\temp\blowjob big titts sweet .rar.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\japanese kicking fucking [bangbus] cock .mpg.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_2e7f079c3208e549\handjob xxx full movie titts hotel .mpg.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_bacc7ceffc55dca2\hardcore catfight bondage .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe
"C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe"
C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe
"C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe"
C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe
"C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 69.22.78.100.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.84.21.220.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 85.101.83.73.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.172.99.250.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.30.215.182.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 143.96.195.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.6.164.61.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 96.37.142.230.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.145.106.43.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 245.52.78.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.7.184.57.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.81.46.240.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 87.34.31.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 201.118.207.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.55.113.235.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 253.67.196.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.244.134.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.229.181.167.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.112.75.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 37.213.183.49.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.225.32.43.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.177.58.173.in-addr.arpa | udp |
Files
memory/2168-0-0x0000000000400000-0x000000000041E000-memory.dmp
C:\Program Files\Windows Sidebar\Shared Gadgets\xxx girls titts .zip.exe
| MD5 | 167852c0c369cf2bde5b19757a00e8de |
| SHA1 | 6592aca08accbb1c1ec6cf70f4855f7767af8153 |
| SHA256 | 48ef67d0e875796e248758413d9be39a6ead9cfbaf48e3f2fb78dad84eb3a138 |
| SHA512 | 55d723a9c36219535d17f6bad14703acb33e2f5a81559d5f2d49ba0124c2211cc2e4a1486dabef01be3ad4293d4c71d6633ab86e42a7d3da24b6faed903de50a |
memory/2168-19-0x0000000004D20000-0x0000000004D3E000-memory.dmp
memory/2804-20-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2804-58-0x00000000047D0000-0x00000000047EE000-memory.dmp
memory/2660-60-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2168-94-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2168-96-0x0000000004D20000-0x0000000004D3E000-memory.dmp
memory/2804-97-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2804-99-0x00000000047D0000-0x00000000047EE000-memory.dmp
C:\debug.txt
| MD5 | 08b76d76a6f50d3e2a7ceacc3650973a |
| SHA1 | 263cecf2a8327097d8343e6699acfb480011942d |
| SHA256 | e9913b7d57a125fc1e8291347af09eaf2258dba1d2cac07dd77a94ac025a2fa8 |
| SHA512 | 39b7af5c550af8cad607a6160f9c3db1fbff417addd861c923d5ddd54fd371bfa9db4330e7ed35ef0e0b198443082535fac76f571d90a0037342d6cf992825e6 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-07 18:15
Reported
2024-04-07 18:18
Platform
win10v2004-20240226-en
Max time kernel
151s
Max time network
158s
Command Line
Signatures
Detects executables containing possible sandbox analysis VM usernames
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\config\systemprofile\german lesbian catfight cock circumcision (Karin).mpg.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Windows\System32\LogFiles\Fax\Incoming\british sperm masturbation sm .rar.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\tyrkish fetish fucking catfight glans boots (Jenna,Sonja).rar.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\SHARED\action public stockings .avi.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\asian gang bang kicking big feet beautyfull .mpg.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\horse hidden ejaculation (Jade,Christine).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\danish cumshot fetish uncut (Samantha).avi.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\asian handjob kicking [milf] feet ash .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\blowjob lesbian sweet .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\SHARED\tyrkish xxx uncut fishy .mpg.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\hardcore horse public .avi.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\japanese hardcore porn big black hairunshaved .rar.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\tyrkish gang bang lesbian public boobs girly (Kathrin,Sarah).rar.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Templates\horse full movie boobs .avi.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\indian fetish masturbation legs wifey .avi.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\indian lesbian cum lesbian cock leather .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Shared Gadgets\trambling lingerie voyeur hotel .mpg.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\cumshot cum girls vagina 40+ .avi.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\fucking [milf] traffic .mpg.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\lesbian cumshot full movie upskirt .mpg.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\Download\fetish animal full movie vagina .zip.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\hardcore gang bang big .avi.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Program Files\dotnet\shared\american beast [milf] nipples sm .rar.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Program Files\Microsoft Office\Updates\Download\danish handjob masturbation nipples (Anniston,Liz).mpg.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\nude hardcore masturbation high heels .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\porn uncut .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\sperm blowjob full movie bedroom .mpg.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Microsoft Shared\danish blowjob nude several models feet hairy .zip.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\canadian beastiality licking .zip.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.572_none_d9e58b774d1b6e80\asian cum full movie mature .zip.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Windows\SystemResources\Windows.ShellCommon.SharedResources\african porn sperm girls young (Melissa).zip.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_10.0.19041.746_none_e2c6a972a81b8d2c\german animal beast hidden hole hairy .mpg.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.1_none_abfc9db6c377b91f\german horse horse lesbian black hairunshaved (Gina,Gina).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_de-de_16bd831fd16633be\brasilian beastiality hidden glans Ôï (Tatjana,Sonja).avi.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1202_none_d8a1416ab7cccdcf\indian handjob gang bang hot (!) legs redhair (Britney).rar.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.1_none_d12f2a9a88909fc2\american cum full movie hole ejaculation .avi.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.572_none_cf90e12518baac85\malaysia porn [milf] .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_10.0.19041.1_none_ae957c4c35a7bf73\lingerie public balls .zip.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.1_none_a80cea873b2a6772\french lesbian catfight pregnant .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.867_none_c29826784f9429f8\tyrkish handjob hidden (Karin,Sylvia).avi.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_en-us_8dd6053a0a5910eb\swedish porn fucking masturbation YEâPSè& (Jenna,Sylvia).mpg.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_d58d4747b1d5988c\italian cumshot full movie .mpg.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\xxx fucking several models leather (Christine).mpg.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_it-it_bdb6c49fcea35732\spanish kicking catfight titts (Sylvia).mpg.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_62312bfbb33d478a\animal nude uncut young (Jade,Gina).rar.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_5b152a8d329397ec\swedish animal action uncut boots (Samantha,Sonja).avi.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_9aa486d790131d4e\norwegian fetish cum [milf] feet .rar.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedpc-sharedpccsp_31bf3856ad364e35_10.0.19041.746_none_4cfe603abbcbfd86\spanish sperm big vagina black hairunshaved .avi.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_10.0.19041.1_none_551afa5edf8be30e\lingerie beastiality sleeping girly .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Windows\SoftwareDistribution\Download\bukkake voyeur circumcision .rar.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_ab42fb092bda9182\tyrkish animal masturbation nipples .avi.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedpc-sharedpccsp_31bf3856ad364e35_10.0.19041.1_none_24f622f1fc5a3f3c\african porn bukkake sleeping (Karin).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..ces-ime-eashared-lm_31bf3856ad364e35_10.0.19041.1_none_4756d423b091d10b\russian gay catfight sm .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_2610450c30b37cc4\russian xxx public (Ashley,Sonja).mpg.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-security-ntlmshared_31bf3856ad364e35_10.0.19041.1_none_7d9dab4e456449b1\fucking beast full movie .avi.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1_none_3cfd44d351b1a8ab\american horse nude full movie .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_887b2378b7b5651d\beast gay [bangbus] nipples wifey .avi.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-s..-kf-commondownloads_31bf3856ad364e35_10.0.19041.1_none_a914e3e3f19ceda1\german lingerie horse [bangbus] penetration .zip.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_10.0.19041.1_none_0341fea186758116\brasilian xxx [milf] (Sandy).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Windows\assembly\temp\italian fucking horse several models legs shoes .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\italian kicking cum big 40+ .rar.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.84_none_81616275259e37fe\nude cum public legs swallow .zip.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_it-it_1a80ce63d483fe70\xxx fucking uncut titts hotel .mpg.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_ca03036af4a5017e\italian blowjob horse full movie glans fishy .rar.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\horse bukkake lesbian (Jade).rar.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\norwegian beast several models 40+ .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_de-de_bc04d4fbcc35e12a\kicking hot (!) gorgeoushorny .avi.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.1_none_c6da8048542fddc7\spanish trambling animal [bangbus] .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_b1ffa0e7b4ed03e2\spanish hardcore hot (!) stockings .zip.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_de-de_3d077a9cd5de5151\french cumshot porn voyeur hairy .zip.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_93c5f32b7859ec4f\porn full movie hotel (Karin).zip.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Windows\SoftwareDistribution\Download\SharedFileCache\horse porn voyeur ash .mpg.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_4c786ae2f508e6d5\italian beast [milf] hairy .zip.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_855aff45853749ef\french cum lesbian femdom .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_10.0.19041.1_none_bd731e5b85dd203e\american animal beastiality girls feet mistress .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.84_none_cee95e04c201c860\sperm licking upskirt .avi.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\templates\italian fetish sperm public (Sonja,Sonja).rar.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_it-it_56adcc94becfef03\japanese kicking lesbian mistress .zip.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.1_none_0bc0f3d4cd7dc8fd\italian xxx uncut castration (Anniston,Sonja).rar.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.1_none_6e0e425bd0e83959\swedish cum uncut .mpg.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_833abdc06c68d338\animal lesbian licking feet bondage .zip.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_6242879b1c08046f\canadian lesbian cum several models redhair (Sonja).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\beast full movie (Sonja,Anniston).rar.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_es-es_30d7585a049f5b52\bukkake beastiality [free] fishy .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_10.0.19041.1_none_4ac6500cab2b2113\cumshot horse girls mature (Curtney).avi.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_bca64d70c79f104b\blowjob xxx several models .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\danish kicking several models ash ¼ë .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_10.0.19041.1_none_8c0b126c198fcf70\tyrkish beastiality licking (Sonja,Sonja).mpg.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.746_none_96167fa49059f7a3\brasilian horse [bangbus] circumcision (Sonja,Sylvia).avi.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.1_none_4a03fd12cb3f16c2\spanish sperm hidden upskirt (Sonja).rar.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Windows\PLA\Templates\danish action public (Sarah,Sonja).avi.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_bfae5918c0443f83\norwegian porn action masturbation .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.928_none_33e0d5558cdd7c61\cum masturbation 40+ .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe
"C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe"
C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe
"C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe"
C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe
"C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe"
C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe
"C:\Users\Admin\AppData\Local\Temp\055fcee5da21b706ba614631a272d00418c53699bdacf19a8df0e41dc5159b00.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 159.113.53.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.16.208.104.in-addr.arpa | udp |
Files
memory/1080-0-0x0000000000400000-0x000000000041E000-memory.dmp
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\indian fetish masturbation legs wifey .avi.exe
| MD5 | 70f849b6f7414ed5e17e85e2737f498e |
| SHA1 | 288d57ca8973f8438e16a8ef208cbb4d5ce4270a |
| SHA256 | e548866f48ddc10f0e800fa894e343e500a82b4bdae68b0d4adf84e88967949a |
| SHA512 | edbe9445009b32d639bf03a62bf0a497cfd410df72c20dbd915b814a45378c242777ec52142fd246e05c47aeb41ed0e195b9ff3d314174d96f31e0cc4d722924 |
memory/3752-12-0x0000000000400000-0x000000000041E000-memory.dmp
memory/4792-13-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1080-25-0x0000000000400000-0x000000000041E000-memory.dmp
memory/3752-34-0x0000000000400000-0x000000000041E000-memory.dmp
memory/4792-37-0x0000000000400000-0x000000000041E000-memory.dmp
memory/4512-38-0x0000000000400000-0x000000000041E000-memory.dmp