Analysis Overview
SHA256
2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a
Threat Level: Known bad
The file 2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a was found to be: Known bad.
Malicious Activity Summary
UPX dump on OEP (original entry point)
Detects executables containing possible sandbox analysis VM usernames
UPX dump on OEP (original entry point)
Checks computer location settings
Reads user/profile data of web browsers
UPX packed file
Enumerates connected drives
Adds Run key to start application
Drops file in System32 directory
Drops file in Program Files directory
Drops file in Windows directory
Unsigned PE
Enumerates physical storage devices
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-07 19:49
Signatures
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-07 19:49
Reported
2024-04-07 19:51
Platform
win7-20240319-en
Max time kernel
150s
Max time network
153s
Command Line
Signatures
Detects executables containing possible sandbox analysis VM usernames
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\danish fetish beast uncut boots .mpg.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\russian cum lesbian masturbation feet sweet .rar.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\shared\lesbian licking hole .avi.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Windows\System32\LogFiles\Fax\Incoming\bukkake hidden upskirt .zip.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\indian beastiality fucking catfight .mpg.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\italian kicking lingerie catfight (Janette).zip.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\shared\brasilian handjob fucking voyeur feet penetration (Sarah).mpg.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\russian kicking sperm lesbian blondie .zip.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\danish animal sperm voyeur hole mistress .mpg.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\horse sperm public 40+ .zip.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\DVD Maker\Shared\swedish animal blowjob sleeping (Karin).mpg.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Shared Gadgets\american handjob fucking hidden cock .avi.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\microsoft shared\hardcore catfight shower (Anniston,Janette).rar.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\fucking [free] ash (Christine,Sylvia).avi.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\american horse hardcore full movie .avi.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\sperm several models hole .rar.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\Download\danish cumshot lingerie catfight traffic (Ashley,Liz).mpg.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\gay lesbian shower .avi.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\horse voyeur .avi.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\italian action lesbian public pregnant .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\american horse trambling big girly .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\danish action xxx [free] feet mistress (Melissa).mpg.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\brasilian fetish lingerie uncut cock .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\tyrkish cum bukkake hidden wifey .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Program Files\Windows Journal\Templates\brasilian horse fucking big (Janette).avi.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a3772de7111797da\lesbian big hole (Anniston,Samantha).avi.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8d9f242de8497d58\spanish xxx public YEâPSè& .mpg.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_b7f38afb92de484f\asian xxx big cock boots .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\fucking hidden hole gorgeoushorny .zip.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_99b74194b7347cab\horse xxx hidden upskirt .avi.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_es-es_00bfb7e81e458178\german sperm public upskirt .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\tyrkish kicking xxx lesbian feet .mpg.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\asian sperm hidden stockings .mpg.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b4aea777fe683838\lesbian masturbation .avi.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_97a45841ff925aa0\gang bang trambling voyeur glans .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_1412267f4b3bb985\action horse [free] .zip.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_3c93ac15fd731acf\italian beastiality lesbian catfight (Sylvia).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\blowjob [milf] cock .zip.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\Downloads\russian handjob horse licking balls .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Windows\SoftwareDistribution\Download\american animal horse catfight high heels .mpg.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_963e6ae24c653bfe\canadian xxx voyeur YEâPSè& .zip.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0af98f1835676d1b\spanish fucking masturbation hole (Sonja,Curtney).rar.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0ac4ebfc358e5ec0\chinese sperm full movie mature .rar.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_39c9d74ef2ad6c7b\fucking masturbation .rar.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_5e4ff1f4cf2dee9b\african gay [free] wifey .avi.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_3d98a610fed70b75\russian handjob bukkake licking boots .rar.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_664dbffec8693dfe\danish kicking hardcore masturbation cock .avi.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\trambling full movie .zip.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\swedish kicking lesbian [milf] .zip.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2fc4a33adb648f33\black kicking sperm big feet 40+ (Samantha).zip.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_00225053e03f4c04\chinese trambling uncut pregnant .zip.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_f0ca3430257ea13f\cumshot gay licking latex (Christine,Liz).avi.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_3863e9ef3f804dd9\swedish nude hardcore public .rar.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\danish porn bukkake [bangbus] glans girly .zip.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0835101f2d90c7b6\lingerie several models titts .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_c26c5b8280c6af34\horse lesbian hole .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_ddab3bcb3a4ffb45\norwegian horse [free] feet circumcision .rar.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_39374e2435a71b47\british fucking uncut lady .zip.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_f3c374fc18118ca2\fetish xxx voyeur feet castration .mpg.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_d8216ed3d8746200\beastiality blowjob licking traffic .zip.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_095efe9c8261401e\nude trambling masturbation cock swallow .mpg.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_657d9a203abeb154\japanese fetish fucking girls mistress .mpg.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_6.1.7600.16385_none_49dd84a06c7c8863\xxx uncut leather (Sonja,Jade).avi.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_9498b282333b64ec\malaysia lesbian hidden glans balls .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Windows\assembly\temp\american porn horse uncut titts .rar.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_de-de_5803850b2f40840e\spanish lingerie [free] .avi.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_34400a5790d1d336\norwegian lesbian masturbation (Sarah).rar.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-m..-temptable-provider_31bf3856ad364e35_6.1.7600.16385_none_1dd3ce8d1e7524cd\russian cumshot sperm several models castration .zip.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_94ab98ac6d213009\russian animal beast uncut hole .zip.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Windows\winsxs\InstallTemp\lingerie voyeur glans .mpg.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Windows\winsxs\Temp\japanese beastiality bukkake hot (!) gorgeoushorny .zip.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Windows\Downloaded Program Files\indian kicking trambling hidden fishy (Gina,Melissa).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f25d066604c2ad34\swedish cum gay [bangbus] .avi.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ea4a469ab7713182\italian action lesbian several models .rar.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Windows\winsxs\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_79642285ffd2a388\trambling uncut .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Windows\PLA\Templates\lingerie sleeping hole lady (Jade).zip.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_en-us_00f45b041e1e8fd3\french blowjob uncut feet 40+ .mpg.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_6.1.7600.16385_none_5499606faffb3f9f\asian gay girls glans .mpg.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_aedaf3947d09fbe5\indian nude horse hot (!) cock .zip.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_6.1.7600.16385_none_2958d4a31d2ec64f\gay hidden hole mistress .mpg.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_7f84cd98a7a56fd8\german horse [free] .avi.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Windows\security\templates\swedish action lingerie masturbation (Sarah).mpg.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e30b5ec05031d17d\fetish hardcore catfight swallow (Christine,Samantha).rar.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_6.1.7600.16385_none_af6f98ff87b0e3cc\german fucking catfight (Janette).zip.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_a945e2c500c90142\lesbian catfight ash .rar.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\black horse trambling licking (Liz).mpg.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_65b23d3c3a97bfaf\norwegian blowjob lesbian swallow .rar.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_16a2bb1dbab1c595\indian animal beast full movie cock .avi.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\xxx lesbian titts .avi.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe
"C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe"
C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe
"C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe"
C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe
"C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 125.34.68.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.235.221.170.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 242.22.17.16.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.119.6.98.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.57.15.247.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.9.216.206.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.129.173.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.135.185.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.137.120.161.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 93.15.108.241.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 38.10.172.58.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.149.82.70.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.64.34.41.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.96.123.168.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.136.70.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.100.38.226.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 127.49.152.240.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 112.116.64.61.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.54.118.160.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 174.92.129.207.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.199.226.137.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.152.203.139.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.72.20.230.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.134.158.149.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 223.109.65.231.in-addr.arpa | udp |
Files
memory/2276-0-0x0000000000400000-0x0000000000420000-memory.dmp
C:\Program Files\Windows Sidebar\Shared Gadgets\american handjob fucking hidden cock .avi.exe
| MD5 | e27dfeb16260da7f24632bde0858ae20 |
| SHA1 | 434004a0e075eeb1f44e49d8dc1910248adf3a4d |
| SHA256 | 37d0bb883c9c5a6367513ec7b44482cdfb35b2ebfac21b368edaaf59c3de7a11 |
| SHA512 | d6ad99ff9c627d6875667ac61050a748df6345a5bfd09902616623a0b71b9815ad5ddfde7c5dc195d422cd451b724a7a3b033b689273a723c5a643bb118dea9e |
memory/2512-20-0x0000000000400000-0x0000000000420000-memory.dmp
memory/2512-59-0x0000000004900000-0x0000000004920000-memory.dmp
memory/1996-61-0x0000000000400000-0x0000000000420000-memory.dmp
memory/2276-93-0x0000000000400000-0x0000000000420000-memory.dmp
memory/2276-95-0x00000000056C0000-0x00000000056E0000-memory.dmp
memory/2512-97-0x0000000000400000-0x0000000000420000-memory.dmp
memory/2512-98-0x0000000004900000-0x0000000004920000-memory.dmp
memory/1996-101-0x0000000000400000-0x0000000000420000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-07 19:49
Reported
2024-04-07 19:52
Platform
win10v2004-20240226-en
Max time kernel
161s
Max time network
175s
Command Line
Signatures
Detects executables containing possible sandbox analysis VM usernames
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\italian fetish hardcore lesbian hole .rar.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\indian action trambling public YEâPSè& (Jenna,Samantha).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\american gang bang bukkake catfight .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\SHARED\lesbian voyeur wifey .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\brasilian porn lesbian hot (!) cock (Sonja,Sylvia).mpg.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\lingerie hidden hotel .avi.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\hardcore hot (!) castration .zip.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\danish action beast public titts bondage .rar.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\fetish hardcore full movie .mpg.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\SHARED\black animal sperm catfight swallow .rar.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Windows\System32\LogFiles\Fax\Incoming\bukkake sleeping swallow .zip.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\japanese animal beast [free] castration .mpg.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\tyrkish cumshot trambling public balls .mpg.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Microsoft Shared\lesbian [milf] gorgeoushorny .avi.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\tyrkish cumshot lesbian hidden cock .mpg.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Program Files\dotnet\shared\blowjob hot (!) hole (Sandy,Liz).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\gay lesbian hole .avi.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\indian nude horse hot (!) black hairunshaved .avi.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Shared Gadgets\horse uncut hole .zip.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\lingerie lesbian .rar.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\Download\indian gang bang lingerie several models titts circumcision .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Install\{1FAC69E2-6A78-4418-8957-20DE7094BB95}\EDGEMITMP_86547.tmp\lingerie voyeur feet girly .rar.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\trambling [milf] fishy .zip.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Templates\fucking [free] castration .zip.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\russian fetish fucking [free] hole YEâPSè& .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Program Files\Microsoft Office\Updates\Download\malaysia fucking several models .rar.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\danish action xxx big black hairunshaved .zip.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\tyrkish horse lingerie uncut hole mature .mpg.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\black horse gay voyeur .mpg.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\japanese handjob beast [milf] circumcision .avi.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\beast [free] ejaculation .rar.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.153_none_e23c926e32d07dc1\canadian horse [milf] 50+ .rar.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_2610450c30b37cc4\porn blowjob girls cock hairy .mpg.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_es-es_30d7585a049f5b52\cum lesbian masturbation (Karin).avi.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1288_none_56c05939711f0938\action blowjob licking .avi.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Windows\WinSxS\x86_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_10.0.19041.1_none_34e3bab50607a64b\swedish action trambling public hole (Ashley,Tatjana).rar.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.1_none_c6da8048542fddc7\german hardcore big glans upskirt .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.746_none_aaeae146be52e178\russian cumshot fucking licking (Karin).mpg.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_10.0.19041.1_none_01240756137c3159\kicking lingerie public .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.1_none_7862ecae0548fb54\german horse full movie cock lady .zip.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Windows\WinSxS\x86_microsoft-windows-m..-temptable-provider_31bf3856ad364e35_10.0.19041.1_none_77cfea69a421a4a1\kicking gay masturbation titts .rar.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d38ece58f77171b4\malaysia hardcore [milf] (Janette).mpg.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1_none_0b596e2a33be7d4c\horse trambling full movie (Melissa).rar.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_it-it_bdb6c49fcea35732\canadian lesbian voyeur ejaculation .rar.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.1266_none_7916f7558927ae23\chinese gay hidden cock latex (Jade).rar.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\beast licking .avi.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-a..gement-uevtemplates_31bf3856ad364e35_10.0.19041.1_none_0d66b54875835a49\french fucking several models black hairunshaved .mpg.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1288_none_6115038ba57fcb33\bukkake several models (Melissa).mpg.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.928_none_33e0d5558cdd7c61\danish porn xxx girls titts wifey (Janette).mpg.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_it-it_4c5922428a6f2d08\canadian gay sleeping titts pregnant (Liz).mpg.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_3058d81cfd5218f2\asian gay public ash .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_bca64d70c79f104b\spanish beast licking .rar.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.789_en-us_58ebf9ecc407e3c0\brasilian horse gay [bangbus] bondage .zip.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_10.0.19041.207_none_e2f2dfeea7fa44fc\gay big hole .zip.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_211cf1c632a13851\norwegian gay hot (!) titts pregnant .avi.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_1bbb9ab9fc52bac9\french trambling uncut hotel .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_es-es_64c107d8bb3ade94\norwegian beast lesbian .rar.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx-shared_registry_whidbey_31bf3856ad364e35_10.0.19041.1_none_1c68775f06732f08\brasilian horse beast [milf] mature (Sandy,Samantha).avi.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_5d54c0aac5c3c12c\british fucking full movie cock YEâPSè& .mpg.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_855aff45853749ef\cum trambling hidden .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_9aa486d790131d4e\german gay sleeping hairy .rar.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_de-de_16bd831fd16633be\asian lingerie girls redhair (Kathrin,Curtney).zip.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_en-us_64f5aaf4bb13ecef\spanish xxx big hole ejaculation .zip.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_es-es_8da1621e0a800290\nude fucking hidden hole upskirt (Melissa).avi.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Windows\WinSxS\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_10.0.19041.1_none_a723631dce180fe0\horse hardcore [milf] .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.746_none_d01527cffa9c25bc\gay uncut .zip.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_f07d4fae3e8e883f\norwegian lesbian licking granny (Sonja,Samantha).mpg.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-s..-kf-commondownloads_31bf3856ad364e35_10.0.19041.1_none_a914e3e3f19ceda1\beast full movie .avi.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_d58d4747b1d5988c\french hardcore hidden sm .rar.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.746_none_a06b29f6c4bab99e\canadian trambling [bangbus] hole latex .mpg.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.844_none_67b5915b5651dd8a\japanese fetish gay [milf] cock mature (Sarah).avi.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_it-it_1a80ce63d483fe70\indian gang bang blowjob [milf] lady (Sonja,Liz).rar.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.906_none_f962ab5f47e1e896\german lingerie [milf] titts upskirt (Tatjana).zip.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.572_none_cf90e12518baac85\chinese gay public pregnant (Jenna,Curtney).zip.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_e79b400a6df5fd2c\african bukkake hidden .avi.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c3d467c525734eb3\gang bang hardcore catfight titts castration (Sylvia).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1202_none_d8a1416ab7cccdcf\asian blowjob [milf] glans fishy (Janette).zip.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_19d22204a1f3fcaf\action horse girls feet ash (Samantha).rar.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_10.0.19041.1_none_bd731e5b85dd203e\danish kicking hardcore public (Melissa).mpg.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_07787dd7ae0cf4f6\asian fucking sleeping ash .rar.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\french hardcore full movie hairy .zip.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_6c85d64de79e0985\french blowjob voyeur glans young .mpg.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\hardcore public leather .mpg.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.746_none_2212358fc33cc10f\black horse hardcore catfight cock pregnant .rar.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_10.0.19041.1_none_0341fea186758116\fetish beast hot (!) upskirt .zip.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_8d8f6812a0c99533\bukkake full movie (Karin).avi.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Windows\WinSxS\x86_netfx4-uninstallsqlstatetemplate_sql_b03f5f7f11d50a3a_4.0.15805.0_none_231ddfc33015c6db\japanese beastiality gay [bangbus] titts (Christine,Sylvia).zip.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Windows\Downloaded Program Files\italian cumshot horse public cock blondie .rar.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\lingerie full movie glans .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\templates\porn xxx lesbian balls .mpg.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_bfae5918c0443f83\action blowjob hidden castration .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_56cd15352969a8d0\kicking blowjob big balls .mpg.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Windows\assembly\tmp\italian nude fucking masturbation (Curtney).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1_none_3cfd44d351b1a8ab\canadian hardcore licking YEâPSè& .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-security-ntlmshared_31bf3856ad364e35_10.0.19041.1_none_734900fc110387b6\gang bang beast licking Ôï .avi.exe | C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe
"C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe"
C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe
"C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe"
C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe
"C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe"
C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe
"C:\Users\Admin\AppData\Local\Temp\2ee5b6ef052ef91e4270fd880574a49a87eed7a65a4a121429d29279622f242a.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1408 --field-trial-handle=2260,i,9938964625802268469,1928462186077019554,262144 --variations-seed-version /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.118.77.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | chromewebstore.googleapis.com | udp |
| US | 8.8.8.8:53 | chromewebstore.googleapis.com | udp |
| DE | 142.250.74.202:443 | chromewebstore.googleapis.com | tcp |
| US | 8.8.8.8:53 | 202.74.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.56.20.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.50.78.250.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 144.235.230.197.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.170.152.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 177.147.178.71.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 185.156.115.47.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 220.10.100.124.in-addr.arpa | udp |
Files
memory/4024-0-0x0000000000400000-0x0000000000420000-memory.dmp
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\gay lesbian hole .avi.exe
| MD5 | 881277c33dc69f8b227ee1595d669042 |
| SHA1 | 6726ca39c36d4bd351e550e93b749c8e1d3edf89 |
| SHA256 | 9513943dd590585f8f9b3d70c076949be7714f51dda03dab8da0d7447e14c4c7 |
| SHA512 | 41d2af6e30bd7d3da7b03df7d1349c6c05515c99d41f82a22239b1a5ac30f382069aff4f3c01dc283b27348a746a16487473796e405894ecaa878fa0d9ff7409 |
memory/4144-21-0x0000000000400000-0x0000000000420000-memory.dmp
memory/4236-41-0x0000000000400000-0x0000000000420000-memory.dmp
memory/2204-53-0x0000000000400000-0x0000000000420000-memory.dmp
memory/4024-191-0x0000000000400000-0x0000000000420000-memory.dmp
memory/4144-193-0x0000000000400000-0x0000000000420000-memory.dmp
memory/4236-196-0x0000000000400000-0x0000000000420000-memory.dmp
memory/2204-197-0x0000000000400000-0x0000000000420000-memory.dmp
C:\debug.txt
| MD5 | 22de839b01ab1a878cc7d5ec8b3ad5a7 |
| SHA1 | 6c59d726dc67ee41cf6066bb6659db06281adf01 |
| SHA256 | c800b9e4b835129e14cc0432578320dc97b21ad5d98d05435f19b6a930f99451 |
| SHA512 | 8def94f94d3816c0084ee3400c033c3e9ab13e1047b40aae7af576eb67bb1ce7b39152a39f0bb4849e132637191c37fd63be724f6cf1ae643855bae9b5907724 |