Analysis Overview
SHA256
22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09
Threat Level: Known bad
The file 22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09 was found to be: Known bad.
Malicious Activity Summary
UPX dump on OEP (original entry point)
Detects executables containing possible sandbox analysis VM usernames
UPX dump on OEP (original entry point)
Checks computer location settings
UPX packed file
Reads user/profile data of web browsers
Adds Run key to start application
Enumerates connected drives
Drops file in System32 directory
Drops file in Windows directory
Drops file in Program Files directory
Unsigned PE
Enumerates physical storage devices
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-07 19:20
Signatures
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-07 19:20
Reported
2024-04-07 19:23
Platform
win7-20240221-en
Max time kernel
150s
Max time network
150s
Command Line
Signatures
Detects executables containing possible sandbox analysis VM usernames
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\FxsTmp\danish horse lesbian [free] hole .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Windows\System32\LogFiles\Fax\Incoming\gay [bangbus] penetration (Kathrin,Janette).avi.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\xxx big (Karin).mpg.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\black nude fucking public castration .rar.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\shared\italian cumshot hardcore uncut hole circumcision .zip.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\tyrkish handjob beast lesbian girly (Sandy,Sarah).mpg.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\blowjob big hairy .mpg.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\brasilian horse sperm full movie cock .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\italian cumshot lesbian hot (!) (Sarah).mpg.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\shared\fucking full movie (Tatjana).rar.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Google\Temp\swedish nude xxx several models feet leather .rar.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\indian porn trambling [bangbus] ejaculation .rar.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\fucking hidden .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\tyrkish action xxx public 40+ (Sandy,Samantha).rar.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Program Files\Windows Journal\Templates\animal fucking sleeping sweet .mpg.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Shared Gadgets\japanese handjob blowjob sleeping hotel .avi.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\trambling several models (Karin).mpg.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\Download\danish animal bukkake masturbation bedroom .zip.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\microsoft shared\horse full movie (Sylvia).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\black porn lingerie several models glans .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\indian nude trambling masturbation penetration .avi.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\black cum xxx uncut .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\blowjob hot (!) cock mistress .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Program Files\DVD Maker\Shared\bukkake [free] glans ìï .mpg.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\american handjob blowjob licking (Curtney).avi.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_7f84cd98a7a56fd8\nude lesbian hidden black hairunshaved .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Windows\Downloaded Program Files\blowjob big .mpg.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_293ea1e3e6bc5364\asian hardcore [milf] (Sarah).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b4aea777fe683838\japanese nude bukkake girls boots .rar.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0ac4ebfc358e5ec0\bukkake public feet redhair (Karin).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_dd18b2a07d49aa11\norwegian lesbian hot (!) titts granny (Sylvia).mpg.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\blowjob masturbation (Jade).avi.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_00225053e03f4c04\cum xxx public (Samantha).rar.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8c6fc5a7aa8c435d\gay uncut cock .rar.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\hardcore [milf] feet sweet .mpg.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_657d9a203abeb154\trambling [milf] blondie .rar.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_94828572f7ddbf0f\spanish horse lesbian penetration .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_65b23d3c3a97bfaf\chinese fucking [milf] boots .avi.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Windows\assembly\tmp\danish beastiality lesbian sleeping feet fishy (Jade).mpg.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5d6ada54ed6d35a2\tyrkish beastiality sperm licking .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_34400a5790d1d336\cumshot blowjob uncut mistress .avi.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_6.1.7600.16385_none_af6f98ff87b0e3cc\black horse gay hot (!) cock black hairunshaved (Jade).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_3863e9ef3f804dd9\tyrkish kicking horse [bangbus] sm .avi.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\blowjob catfight (Sarah).mpg.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_es-es_00bfb7e81e458178\british horse [free] YEâPSè& .zip.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_7bfdfb15e7184c41\african trambling girls lady .avi.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_f3c374fc18118ca2\danish action bukkake big (Karin).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0993a1b8823a4e79\swedish horse hardcore sleeping mistress .zip.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\hardcore voyeur ash .zip.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\danish animal blowjob catfight feet sweet .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\russian cumshot fucking hot (!) feet 40+ .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_16a2bb1dbab1c595\canadian sperm [free] titts castration .zip.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_c26c5b8280c6af34\tyrkish animal blowjob [milf] titts leather (Tatjana).rar.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\black animal sperm [bangbus] glans stockings (Tatjana).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Windows\assembly\temp\horse hidden mature .zip.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_bcc167434bb9b3ea\norwegian beast uncut balls (Anniston,Sylvia).zip.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_6.1.7600.16385_none_a727eb798dcfb185\trambling [milf] .mpg.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_aedaf3947d09fbe5\german bukkake uncut blondie .mpg.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Windows\mssrv.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\lesbian hidden circumcision .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Windows\PLA\Templates\lesbian sleeping girly (Britney,Curtney).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_en-us_00f45b041e1e8fd3\canadian bukkake several models femdom (Christine,Liz).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_dba3691c6002e10e\german sperm several models leather .mpg.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_6.1.7600.16385_none_2958d4a31d2ec64f\german trambling hot (!) titts (Britney,Curtney).rar.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\american fetish xxx sleeping hole castration .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05\xxx lesbian cock 40+ .avi.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Windows\winsxs\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_79642285ffd2a388\tyrkish fetish gay [milf] titts ejaculation (Liz).zip.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_05ea1d9b8e2bf020\porn beast public feet 50+ (Liz).avi.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_515dc677700303ec\fetish trambling licking .zip.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-m..-temptable-provider_31bf3856ad364e35_6.1.7600.16385_none_1dd3ce8d1e7524cd\norwegian sperm full movie high heels (Kathrin,Liz).avi.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5d9f7d70ed4643fd\american fetish horse sleeping beautyfull .rar.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8bc7919d3f36cee7\fucking catfight balls (Sandy,Sarah).avi.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_6208b91f46896156\american kicking blowjob [bangbus] sweet (Sonja,Sylvia).avi.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0af98f1835676d1b\german horse full movie hole .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Windows\winsxs\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_6b16fa9f975e1109\chinese beast sleeping mistress .rar.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_9498b282333b64ec\action hardcore [bangbus] glans .avi.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_963e6ae24c653bfe\gay masturbation YEâPSè& .rar.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_d8216ed3d8746200\fetish blowjob [free] (Liz).mpg.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_4d274741486b900c\gay big girly .zip.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\tyrkish animal fucking uncut cock .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_99b74194b7347cab\canadian sperm voyeur mistress .rar.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Windows\winsxs\Temp\black handjob bukkake sleeping traffic .zip.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_aea650787d30ed8a\trambling uncut (Janette).mpg.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\bukkake [milf] beautyfull (Anniston,Tatjana).rar.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\lesbian masturbation titts .zip.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_de-de_5803850b2f40840e\xxx lesbian .avi.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_6.1.7600.16385_none_5499606faffb3f9f\indian porn xxx big ash .mpg.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_3c93ac15fd731acf\fetish blowjob masturbation (Melissa).mpg.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_387a16fe7addf3b6\swedish gang bang bukkake [bangbus] penetration (Sonja,Karin).rar.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe
"C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe"
C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe
"C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe"
C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe
"C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 58.106.222.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 114.139.167.17.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.121.197.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 128.112.177.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.107.6.26.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 201.58.33.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.167.198.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 251.155.140.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 127.209.155.139.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 126.213.120.135.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.236.136.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.182.189.220.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.86.94.49.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 207.165.192.174.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 94.188.150.76.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.80.63.78.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 63.233.1.17.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.122.253.146.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.246.162.165.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.84.159.55.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 126.95.109.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.8.45.118.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.105.210.240.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.209.22.81.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 224.53.71.107.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.69.157.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.2.194.230.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 224.48.199.21.in-addr.arpa | udp |
Files
memory/2732-0-0x0000000000400000-0x0000000000421000-memory.dmp
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\trambling several models (Karin).mpg.exe
| MD5 | 938fd0ac9acd6a43f66ec67715c2819d |
| SHA1 | 3bd2777c4408eb062fa7ac9e4c21265532bdda2f |
| SHA256 | 48c07e53ef137c257c6799e968e215928d3dee92cfac96ea82721124d982f591 |
| SHA512 | 5d4dec0545cfc3d03a67107e89fac758405a34caa4ff5cba3ee6e752e10f01d3bc5b9bf33a24c949848af4c98adca1be446f0b79ca48395659973d2e373235d7 |
memory/2732-65-0x00000000051B0000-0x00000000051D1000-memory.dmp
memory/2488-66-0x0000000000400000-0x0000000000421000-memory.dmp
memory/2488-88-0x0000000004CE0000-0x0000000004D01000-memory.dmp
memory/1688-89-0x0000000000400000-0x0000000000421000-memory.dmp
memory/2732-106-0x0000000000400000-0x0000000000421000-memory.dmp
memory/2732-108-0x00000000051B0000-0x00000000051D1000-memory.dmp
memory/2488-109-0x0000000000400000-0x0000000000421000-memory.dmp
memory/2488-110-0x0000000004CE0000-0x0000000004D01000-memory.dmp
memory/1688-111-0x0000000000400000-0x0000000000421000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-07 19:20
Reported
2024-04-07 19:23
Platform
win10v2004-20240226-en
Max time kernel
151s
Max time network
146s
Command Line
Signatures
Detects executables containing possible sandbox analysis VM usernames
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\black beastiality sperm sleeping titts (Sandy,Liz).avi.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\lesbian girls hole .zip.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\SHARED\danish action lesbian big titts (Jenna,Jade).zip.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Windows\System32\LogFiles\Fax\Incoming\xxx catfight wifey .rar.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\blowjob uncut titts .avi.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\SHARED\indian cum trambling public .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\bukkake hot (!) YEâPSè& .rar.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\italian handjob blowjob several models bondage .avi.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\lesbian full movie sweet .avi.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\italian cum xxx voyeur feet stockings (Sylvia).mpg.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\blowjob girls (Janette).zip.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\sperm masturbation beautyfull (Jenna,Janette).rar.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\danish horse blowjob licking 50+ .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Program Files\Microsoft Office\Updates\Download\xxx several models .rar.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Program Files\dotnet\shared\italian gang bang blowjob uncut feet wifey (Sylvia).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\swedish kicking hardcore girls beautyfull .mpg.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Shared Gadgets\indian horse gay hot (!) titts redhair .avi.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\american gang bang lesbian uncut hole .zip.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\swedish fetish trambling catfight (Karin).rar.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\danish cum hardcore [free] boots .mpg.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Microsoft Shared\lingerie big hole traffic .zip.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\swedish beastiality trambling full movie feet lady .rar.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\black fetish lingerie catfight hole penetration .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Templates\russian handjob bukkake uncut .rar.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\italian fetish beast masturbation glans .avi.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\russian horse xxx catfight granny .rar.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Install\{1FAC69E2-6A78-4418-8957-20DE7094BB95}\EDGEMITMP_86547.tmp\beast hot (!) 50+ .avi.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\brasilian cumshot xxx [bangbus] (Sylvia).rar.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\fucking public cock pregnant (Jade).mpg.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\Download\swedish animal fucking several models cock beautyfull .avi.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\american handjob bukkake masturbation feet wifey (Curtney).zip.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\ServiceProfiles\NetworkService\Downloads\xxx [milf] black hairunshaved .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.84_none_81616275259e37fe\lesbian sleeping .rar.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.572_none_cf90e12518baac85\hardcore masturbation (Melissa).zip.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx4-_dataoraclec.._shared12_neutral_h_b03f5f7f11d50a3a_4.0.15805.0_none_3b8d4dacc2ea6b71\gay hot (!) hole .zip.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.84_none_cee95e04c201c860\hardcore sleeping glans gorgeoushorny (Tatjana).zip.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.1_none_a7ad1894592cfa12\fetish horse [milf] balls .mpg.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.746_none_d404daff82e97769\american fetish gay public .mpg.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_10.0.19041.1_none_4ac6500cab2b2113\german trambling licking hole .zip.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_it-it_56adcc94becfef03\german fucking sleeping (Sylvia).rar.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_it-it_1a80ce63d483fe70\beastiality gay full movie hole swallow (Jade).avi.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-sx-shared_31bf3856ad364e35_10.0.19041.1_none_f8e978b0ed48a6bb\danish beastiality beast girls titts bedroom (Sarah).rar.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\swedish beastiality sperm masturbation 50+ .avi.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.844_none_67b5915b5651dd8a\british lesbian catfight hole .avi.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_62312bfbb33d478a\handjob lingerie sleeping .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_5abbd3c4a3f2014c\asian blowjob sleeping glans pregnant .zip.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-m..ineshared.resources_31bf3856ad364e35_10.0.19041.1_en-us_99ddc8ce8d3d6dac\action horse hot (!) balls .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-u..ell-sharedutilities_31bf3856ad364e35_10.0.19041.1_none_813610a8a9b59e0a\french sperm [bangbus] hole (Jenna,Jade).avi.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\indian nude trambling [milf] titts black hairunshaved .avi.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.928_none_33e0d5558cdd7c61\horse hot (!) .rar.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-composable-sharepicker_31bf3856ad364e35_10.0.19041.1_none_c87e96327faffd0e\french horse public .mpg.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\tyrkish cum fucking [free] 40+ .zip.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Windows\PLA\Templates\brasilian animal hardcore [milf] 50+ (Ashley,Jade).mpg.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_56cd15352969a8d0\german blowjob [free] feet penetration (Sarah).zip.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_f07d4fae3e8e883f\handjob sperm voyeur feet .avi.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.867_none_c29826784f9429f8\american action horse [milf] black hairunshaved .zip.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-t..ervices-tsfairshare_31bf3856ad364e35_10.0.19041.1_none_e32b64807ab11fd2\american cumshot blowjob several models ash .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.546_none_cd016aa683e5a345\danish action fucking uncut .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_fd7349c396c417ae\handjob trambling full movie hole wifey (Curtney).mpg.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Windows\CbsTemp\gay lesbian .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5021dd18efc0460c\blowjob catfight YEâPSè& .zip.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_bca64d70c79f104b\spanish blowjob [milf] gorgeoushorny .rar.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_10.0.19041.1_none_c513167c1d0a90dd\tyrkish action gay [bangbus] glans .avi.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c3d467c525734eb3\italian gang bang horse sleeping bondage (Ashley,Liz).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.1_none_a80cea873b2a6772\italian horse hardcore licking hole lady .zip.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.746_none_b53f8b98f2b3a373\german hardcore hidden pregnant .avi.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_fe0807c37141be7a\chinese lesbian hot (!) cock sweet .mpg.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_6242879b1c08046f\beast [bangbus] cock .avi.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.1_none_0bc0f3d4cd7dc8fd\japanese beastiality sperm full movie swallow .mpg.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_ab42fb092bda9182\american horse trambling [bangbus] (Jade).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_9aa486d790131d4e\gang bang fucking [milf] cock .mpg.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_6c6bd34f082a97f1\asian fucking big .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_de-de_bc04d4fbcc35e12a\british horse sleeping .mpg.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_8fafa997b9980bea\kicking beast big bondage .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.1_none_d12f2a9a88909fc2\nude lingerie hidden hole fishy .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_215194e2327a46ac\porn beast sleeping .zip.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_f3b35d713ce0fc7f\beastiality sperm licking glans .rar.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.1_none_c6da8048542fddc7\fucking lesbian cock .mpg.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_14c898cc82025c76\blowjob girls cock pregnant (Samantha).mpg.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\templates\bukkake voyeur glans (Britney,Tatjana).avi.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\templates\tyrkish cum blowjob catfight shoes .avi.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-a..gement-uevtemplates_31bf3856ad364e35_10.0.19041.1_none_0d66b54875835a49\african beast big cock ash .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_it-it_4c5922428a6f2d08\norwegian gay full movie sm (Ashley,Sylvia).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_887b2378b7b5651d\trambling [bangbus] .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_es-es_64c107d8bb3ade94\french sperm [free] titts mistress (Liz).avi.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_ca03036af4a5017e\cumshot trambling hot (!) fishy .zip.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_19d22204a1f3fcaf\malaysia blowjob [bangbus] hole .avi.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1_none_3cfd44d351b1a8ab\cum xxx lesbian high heels .rar.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_it-it_72a319bf8ee74a9b\norwegian fucking public 50+ .rar.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1_none_97e9c0335b4cd39a\chinese blowjob [free] glans YEâPSè& (Tatjana).mpg.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_de-de_16bd831fd16633be\xxx girls cock .mpg.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_fad1fa0072ef4a3a\italian beastiality hardcore girls ejaculation .zip.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Windows\WinSxS\msil_microsoft.powershel..filedownloadmanager_31bf3856ad364e35_10.0.19041.1_none_cb69bad627df9263\russian horse gay big feet .mpg.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1202_none_e2f5ebbcec2d8fca\kicking trambling hot (!) ejaculation .rar.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.746_none_de598551b74a3964\horse full movie .mpg.exe | C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe
"C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe"
C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe
"C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe"
C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe
"C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe"
C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe
"C:\Users\Admin\AppData\Local\Temp\22620887783475107184ef20a540129722ef17873f95cd99852b978dfd2a6d09.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4148 --field-trial-handle=3016,i,1323102786462900035,7687994236215859601,262144 --variations-seed-version /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 159.113.53.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 13.107.246.64:443 | tcp | |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.118.77.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | chromewebstore.googleapis.com | udp |
| US | 8.8.8.8:53 | chromewebstore.googleapis.com | udp |
| DE | 142.250.184.202:443 | chromewebstore.googleapis.com | tcp |
| US | 8.8.8.8:53 | 202.184.250.142.in-addr.arpa | udp |
Files
memory/4768-0-0x0000000000400000-0x0000000000421000-memory.dmp
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\italian fetish beast masturbation glans .avi.exe
| MD5 | 6228d4431048e90d75fdd62606bee860 |
| SHA1 | eac1609e628da32612363a3b8c55f6f1989288c8 |
| SHA256 | 0c0de97b857109528c64afebd9c2ab5513161e2df5da8197083f75c4913341b8 |
| SHA512 | e30c96002ec6a1e457d8faa4dc7342afda213f61827ccc6f430c163e76032b0a05ef25b1559845ac77a6cc852fbe96f10990d324116390f3862e8a9f7b7f5c5c |
memory/3792-11-0x0000000000400000-0x0000000000421000-memory.dmp
memory/3400-36-0x0000000000400000-0x0000000000421000-memory.dmp
memory/4592-38-0x0000000000400000-0x0000000000421000-memory.dmp
memory/4768-165-0x0000000000400000-0x0000000000421000-memory.dmp
memory/3792-170-0x0000000000400000-0x0000000000421000-memory.dmp
memory/3400-172-0x0000000000400000-0x0000000000421000-memory.dmp
memory/4592-180-0x0000000000400000-0x0000000000421000-memory.dmp