Analysis Overview
SHA256
2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f
Threat Level: Known bad
The file 2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f was found to be: Known bad.
Malicious Activity Summary
UPX dump on OEP (original entry point)
UPX dump on OEP (original entry point)
Checks computer location settings
Reads user/profile data of web browsers
UPX packed file
Adds Run key to start application
Enumerates connected drives
Drops file in System32 directory
Drops file in Windows directory
Drops file in Program Files directory
Unsigned PE
Enumerates physical storage devices
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-07 19:48
Signatures
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-07 19:48
Reported
2024-04-07 19:51
Platform
win7-20240221-en
Max time kernel
150s
Max time network
151s
Command Line
Signatures
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\config\systemprofile\tyrkish fetish lingerie lesbian penetration (Gina,Melissa).zip.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\blowjob girls .avi.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\porn gay [bangbus] cock .rar.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\shared\italian nude trambling lesbian hole .zip.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\italian cum hardcore masturbation gorgeoushorny .avi.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\shared\tyrkish porn lingerie hidden hole ejaculation .zip.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\gay hidden bondage (Kathrin,Janette).mpg.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Windows\System32\LogFiles\Fax\Incoming\beast licking hole penetration .rar.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\italian fetish sperm several models shower .rar.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\russian action fucking masturbation glans .avi.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Google\Update\Download\trambling hot (!) wifey (Sonja,Tatjana).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\horse licking penetration .mpg.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\indian nude beast [free] titts stockings .mpg.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Program Files\DVD Maker\Shared\american handjob blowjob several models sm .zip.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Shared Gadgets\italian handjob xxx licking (Sylvia).avi.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\brasilian action lesbian public black hairunshaved .zip.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\italian beastiality lesbian licking femdom .zip.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\lingerie [free] blondie (Ashley,Liz).mpg.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\microsoft shared\brasilian porn bukkake lesbian blondie .zip.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\tyrkish gang bang fucking [bangbus] titts bedroom .rar.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\swedish handjob hardcore uncut .mpg.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Program Files\Windows Journal\Templates\italian cumshot lingerie [bangbus] titts .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\danish cumshot bukkake catfight titts hairy (Melissa).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\lesbian lesbian cock sm .rar.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\japanese porn bukkake uncut redhair .zip.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_99b74194b7347cab\handjob bukkake uncut cock .zip.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_34400a5790d1d336\norwegian horse [bangbus] hole mistress .avi.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_f0ca3430257ea13f\beastiality beast sleeping mature .avi.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\Downloads\brasilian cum sperm lesbian 40+ .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_f27c4f066f5c6701\porn fucking big YEâPSè& .zip.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_dba3691c6002e10e\cum fucking several models titts .rar.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\danish gang bang lesbian [free] black hairunshaved .zip.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_6208b91f46896156\chinese sperm hot (!) mature (Kathrin,Sarah).rar.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_7bfdfb15e7184c41\german gay hidden hole .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\trambling [free] glans mistress (Janette).mpg.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\lingerie [bangbus] girly .zip.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05\trambling masturbation feet .rar.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_c26c5b8280c6af34\indian beastiality bukkake masturbation .zip.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_es-es_00bfb7e81e458178\chinese horse lesbian .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_16a2bb1dbab1c595\spanish gay big feet 50+ .mpg.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_05ea1d9b8e2bf020\canadian xxx licking upskirt (Gina,Karin).rar.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Windows\security\templates\swedish cumshot hardcore masturbation glans beautyfull .zip.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b4aea777fe683838\kicking fucking [free] .avi.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8bc7919d3f36cee7\african lesbian big high heels .zip.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_39374e2435a71b47\animal trambling licking .avi.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Windows\SoftwareDistribution\Download\black kicking xxx several models titts (Ashley,Sylvia).mpg.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_65b23d3c3a97bfaf\hardcore full movie (Jade).zip.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\italian gang bang trambling [free] beautyfull .rar.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_de-de_5803850b2f40840e\african sperm big glans .zip.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_aea650787d30ed8a\malaysia xxx uncut .rar.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\lesbian sleeping fishy .mpg.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5d9f7d70ed4643fd\african hardcore voyeur feet ash .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_6.1.7600.16385_none_5499606faffb3f9f\cumshot gay lesbian glans penetration (Samantha).rar.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_97a45841ff925aa0\brasilian nude hardcore [bangbus] balls .mpg.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Windows\assembly\tmp\danish horse bukkake catfight glans .zip.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\russian action trambling hot (!) traffic .rar.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_4d274741486b900c\hardcore catfight titts .mpg.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_d81c96999f75bd77\black horse lingerie girls leather .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_94828572f7ddbf0f\lesbian [free] pregnant .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0993a1b8823a4e79\sperm masturbation hole ash .avi.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\black nude lesbian several models glans traffic (Tatjana).rar.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_2e7f079c3208e549\japanese cumshot gay girls titts .zip.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-m..-temptable-provider_31bf3856ad364e35_6.1.7600.16385_none_1dd3ce8d1e7524cd\horse blowjob catfight (Jade).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_bcc167434bb9b3ea\black horse beast hot (!) YEâPSè& .zip.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_3863e9ef3f804dd9\danish cumshot bukkake big titts traffic .rar.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8d9f242de8497d58\tyrkish beastiality blowjob voyeur beautyfull .avi.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_9498b282333b64ec\horse gay girls feet ìï .avi.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_60a2cbbf935c42b4\beast sleeping titts .avi.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\indian fetish hardcore [bangbus] sweet .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\brasilian fetish hardcore hidden glans .rar.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_en-us_00f45b041e1e8fd3\japanese animal hardcore lesbian latex (Gina,Sarah).avi.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_39c9d74ef2ad6c7b\black nude lesbian sleeping ash .avi.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Windows\winsxs\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_79642285ffd2a388\japanese nude bukkake licking .rar.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\xxx catfight mistress .mpg.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0835101f2d90c7b6\kicking sperm catfight 40+ .rar.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_it-it_18a6fde3093acac7\brasilian fetish beast [free] glans .avi.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0af98f1835676d1b\german xxx uncut feet .mpg.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Windows\winsxs\InstallTemp\african bukkake full movie cock mature .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_d8216ed3d8746200\handjob lesbian several models hole granny (Sarah).zip.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Windows\mssrv.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8c6fc5a7aa8c435d\swedish horse beast voyeur femdom .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_a945e2c500c90142\tyrkish beastiality lingerie hidden traffic .rar.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_6.1.7600.16385_none_2958d4a31d2ec64f\canadian gay several models feet sm (Karin).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_657d9a203abeb154\german beast big (Karin).rar.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f25d066604c2ad34\bukkake hidden cock .avi.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_bacc7ceffc55dca2\danish handjob beast girls hole femdom .zip.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_7f84cd98a7a56fd8\spanish sperm licking glans .avi.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\danish action beast sleeping glans swallow .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2fc4a33adb648f33\japanese handjob fucking voyeur (Sylvia).rar.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe
"C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe"
C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe
"C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe"
C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe
"C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 14.183.252.71.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 63.111.106.30.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.160.131.50.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 96.97.22.133.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.66.124.76.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.187.25.36.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.174.223.203.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 201.11.109.203.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.69.246.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.221.102.62.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.220.65.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.177.143.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 141.31.58.155.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 96.209.242.226.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.235.105.63.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.202.100.221.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 144.126.54.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 7.153.82.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.72.167.17.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.86.66.72.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 242.112.52.229.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 199.31.123.200.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.4.218.254.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.104.12.42.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 223.109.111.73.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.200.141.94.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.146.68.113.in-addr.arpa | udp |
Files
memory/2684-0-0x0000000000400000-0x000000000041E000-memory.dmp
C:\Program Files\Windows Sidebar\Shared Gadgets\italian handjob xxx licking (Sylvia).avi.exe
| MD5 | c87a39b7e76f1983489cda49216fc809 |
| SHA1 | f613b41c79b7016536e45c9c9f407b0e2d0cd928 |
| SHA256 | 5a36ec1c4f8486b5c5268f1d4f5f466dff167561a039f65f0c8aeced915cf05c |
| SHA512 | 836ee695bcf9a947adb490c8389cecac6b63cd06b1f342e2f82e22b50b90831eb5ade36fcfeb440087f91348a84c603755d9f22849a31ce8d35da867191e1fcb |
memory/2684-56-0x0000000005150000-0x000000000516E000-memory.dmp
memory/2780-57-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2780-90-0x0000000004AA0000-0x0000000004ABE000-memory.dmp
memory/1072-91-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2684-107-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2684-109-0x0000000005150000-0x000000000516E000-memory.dmp
memory/2780-110-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2780-112-0x0000000004AA0000-0x0000000004ABE000-memory.dmp
memory/1072-113-0x0000000000400000-0x000000000041E000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-07 19:48
Reported
2024-04-07 19:51
Platform
win10v2004-20240226-en
Max time kernel
150s
Max time network
153s
Command Line
Signatures
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\FxsTmp\american fucking [bangbus] leather .zip.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\SHARED\lesbian gay sleeping stockings .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Windows\System32\LogFiles\Fax\Incoming\swedish gay handjob uncut (Jenna,Kathrin).rar.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\black trambling catfight mistress .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\animal [free] feet .rar.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\danish cum bukkake hidden leather (Anniston,Karin).rar.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\chinese fucking big high heels .zip.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\asian beast full movie cock .rar.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\danish nude [free] (Samantha,Janette).rar.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\SHARED\animal hardcore licking ash YEâPSè& (Kathrin).rar.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\kicking [milf] latex .avi.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\trambling handjob hidden vagina .mpg.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\malaysia fetish public black hairunshaved (Christine,Sonja).rar.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Templates\malaysia kicking hardcore voyeur .avi.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\chinese cum hot (!) ash ejaculation .avi.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\indian gay horse full movie high heels .rar.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\canadian xxx lingerie catfight feet bondage (Jade).mpg.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\norwegian gay hardcore girls vagina shower .avi.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\indian porn uncut .zip.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Program Files\Microsoft Office\Updates\Download\german sperm fucking [milf] .rar.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\gang bang voyeur cock (Janette).rar.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Shared Gadgets\tyrkish fucking voyeur ejaculation .rar.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Microsoft Shared\action public .avi.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\russian blowjob lingerie licking .rar.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\Download\chinese beastiality hardcore sleeping young (Jade).zip.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\chinese gay lesbian .mpg.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\asian blowjob sleeping titts (Jenna,Anniston).mpg.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Program Files\dotnet\shared\action hidden .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\swedish action fucking [milf] cock (Karin,Curtney).zip.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\african cum action catfight boobs .mpg.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\security\templates\indian beastiality girls hole pregnant .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.746_none_2212358fc33cc10f\norwegian bukkake licking hole YEâPSè& .zip.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_bfae5918c0443f83\japanese gang bang big .rar.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_887b2378b7b5651d\american beast cum [free] .mpg.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_10.0.19041.1_none_de1581e9a275faf8\action voyeur nipples mature (Karin,Britney).rar.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_4c786ae2f508e6d5\italian fetish bukkake several models .mpg.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_9aa486d790131d4e\fetish [bangbus] nipples 50+ .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_10.0.19041.207_none_e2f2dfeea7fa44fc\american lingerie licking .avi.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_10.0.19041.1_none_03040a328f65b761\horse licking Ôï (Sonja).zip.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_6c6bd34f082a97f1\sperm cumshot masturbation balls .rar.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_14c898cc82025c76\chinese gay action uncut .mpg.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-security-ntlmshared_31bf3856ad364e35_10.0.19041.1_none_734900fc110387b6\black sperm beastiality public (Gina,Sarah).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_93c5f32b7859ec4f\cumshot cum sleeping .avi.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_es-es_bf79b5fcc06b3128\canadian cumshot public legs young .zip.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.153_none_e23c926e32d07dc1\xxx handjob several models nipples .rar.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_de-de_21122d7205c6f5b9\african bukkake several models hotel .mpg.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.1_none_b6514808f7d87b1a\tyrkish nude kicking sleeping .mpg.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_de-de_e4e52f411b7b0526\lingerie sleeping YEâPSè& .mpg.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_10.0.19041.1_none_359f84f8e5af60e2\cumshot sleeping (Melissa,Kathrin).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_6c85d64de79e0985\french beastiality public .mpg.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_10.0.19041.1_none_551afa5edf8be30e\chinese handjob lingerie uncut hairy .avi.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\templates\action masturbation titts .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_7860bee9439c3ae7\gay fucking full movie hairy .mpg.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..se-shared-datafiles_31bf3856ad364e35_10.0.19041.1_none_2f5f00d280dce9f6\british kicking several models vagina circumcision (Tatjana).avi.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_ee7ea14f7d8a3ee3\indian horse lesbian masturbation gorgeoushorny (Gina).mpg.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedpc-sharedpccsp_31bf3856ad364e35_10.0.19041.746_none_4cfe603abbcbfd86\swedish lingerie hardcore hidden Ôï .avi.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.572_none_cf90e12518baac85\german porn licking .rar.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_fad1fa0072ef4a3a\handjob animal girls (Samantha,Curtney).avi.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-security-ntlmshared_31bf3856ad364e35_10.0.19041.1_none_7d9dab4e456449b1\bukkake blowjob several models high heels (Samantha).avi.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_07787dd7ae0cf4f6\bukkake lesbian big legs high heels .avi.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_8fafa997b9980bea\brasilian gang bang lesbian lesbian sm .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..ces-ime-eashared-lm_31bf3856ad364e35_10.0.19041.1_none_4756d423b091d10b\british handjob xxx girls legs .mpg.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_f3b35d713ce0fc7f\american beast big bondage .avi.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_d58d4747b1d5988c\italian gang bang animal lesbian shoes .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\asian fetish hardcore lesbian hole .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\malaysia lesbian full movie glans .mpg.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.1_none_f42978969c79336a\gay voyeur (Liz,Ashley).rar.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Windows\WinSxS\x86_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_10.0.19041.1_none_d980e9752d51efac\danish bukkake voyeur femdom (Sarah,Gina).rar.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\beastiality voyeur (Jenna).avi.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_211cf1c632a13851\spanish gang bang licking nipples ash .zip.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_en-us_310bfb76047869ad\beastiality hot (!) glans fishy (Jenna).avi.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_it-it_4c5922428a6f2d08\gay hidden bedroom .avi.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_10.0.19041.1_none_bd731e5b85dd203e\indian action beastiality voyeur shoes (Jenna).rar.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-u..tyvm-sysprep-shared_31bf3856ad364e35_10.0.19041.1_none_3ba048793ab5eb3f\horse xxx full movie legs gorgeoushorny .rar.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Windows\WinSxS\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_10.0.19041.1_none_a723631dce180fe0\norwegian cum xxx lesbian hotel .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_10.0.19041.746_none_292c449ed2edefa3\lingerie full movie .rar.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\gang bang [free] .avi.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-w..acejoin-gptemplates_31bf3856ad364e35_10.0.19041.1_none_609f27436445f4da\american action nude licking .mpg.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1151_none_fbdc4c5f677dc2ec\british action catfight ash beautyfull .mpg.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_3058d81cfd5218f2\italian xxx masturbation (Gina,Ashley).avi.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_10.0.19041.1_none_91025638be651781\russian fetish licking stockings .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx-aspnet-sharedcomponents_b03f5f7f11d50a3a_4.0.19041.1_none_47ca94859da20b28\lesbian fetish [free] nipples .mpg.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\nude sperm hot (!) glans ejaculation .mpg.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1288_none_6115038ba57fcb33\canadian gay cumshot [bangbus] .rar.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Windows\WinSxS\x86_microsoft-windows-m..-temptable-provider_31bf3856ad364e35_10.0.19041.1_none_77cfea69a421a4a1\german nude sleeping .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_it-it_f1a0741e853eda74\german fetish kicking hidden stockings .rar.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedpc-sharedpccsp_31bf3856ad364e35_10.0.19041.1_none_24f622f1fc5a3f3c\nude animal licking .avi.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\action nude sleeping lady .mpg.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1_none_3cfd44d351b1a8ab\fetish sleeping ash (Ashley).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1288_none_ca3007304990b2ea\action kicking catfight mature .zip.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_6242879b1c08046f\brasilian horse fucking licking beautyfull .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.928_none_33e0d5558cdd7c61\italian animal lesbian bondage (Jenna).mpg.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_621728fcd3c9d5f6\canadian cum horse full movie .mpg.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5fdc43acc1be690d\horse girls legs fishy .rar.exe | C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe
"C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe"
C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe
"C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe"
C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe
"C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe"
C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe
"C:\Users\Admin\AppData\Local\Temp\2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.114.53.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.154.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 159.113.53.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.118.77.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.247.110.11.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 211.242.38.63.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 177.165.124.115.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.150.72.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 160.150.126.180.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.219.149.129.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.31.11.222.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 125.221.71.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.127.94.126.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 252.61.126.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.161.237.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.91.146.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 236.29.230.156.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.143.231.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.212.72.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 166.127.197.70.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.122.229.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.215.16.245.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.101.31.247.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.204.46.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.252.244.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.204.240.132.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.250.188.164.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.206.193.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.201.56.234.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.142.166.105.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.116.252.236.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 218.81.63.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.112.214.131.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 230.127.87.149.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 120.2.110.83.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 63.79.42.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.28.119.191.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.69.97.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.190.244.203.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.242.40.32.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 170.196.2.194.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 7.61.163.189.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.26.248.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.123.150.129.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.228.67.65.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 207.114.231.168.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 142.190.148.222.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.207.146.165.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 255.193.123.102.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 247.214.133.107.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.140.132.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.22.220.148.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.92.114.144.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.110.231.144.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.100.172.165.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 62.191.136.170.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 190.119.234.5.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.1.214.106.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.162.159.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.254.246.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 162.36.210.180.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.26.11.176.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.55.200.196.in-addr.arpa | udp |
Files
memory/4780-0-0x0000000000400000-0x000000000041E000-memory.dmp
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\african cum action catfight boobs .mpg.exe
| MD5 | 5d739facfb1e44276a657c2768d72f82 |
| SHA1 | eacdcf75be14d659532f4483b562f985f776c18b |
| SHA256 | 9491795689c665ee9276b7c6dbe8db17f07632295fcef9e60f5072b3e60adf79 |
| SHA512 | e52a6f54e15260257c3dc659f858e99495d8e54690c0784c47a5f7830d3a3b911f80f078ce7b89d0c49435dba0ddd4827ca2478632d7afdb19b0af4f1b5597d6 |
memory/2140-26-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2252-156-0x0000000000400000-0x000000000041E000-memory.dmp
memory/4824-157-0x0000000000400000-0x000000000041E000-memory.dmp
memory/4780-189-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2140-191-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2252-196-0x0000000000400000-0x000000000041E000-memory.dmp
memory/4824-197-0x0000000000400000-0x000000000041E000-memory.dmp