Analysis Overview
SHA256
0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5
Threat Level: Known bad
The file 0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5 was found to be: Known bad.
Malicious Activity Summary
UPX dump on OEP (original entry point)
Detects executables containing possible sandbox analysis VM usernames
UPX dump on OEP (original entry point)
UPX packed file
Checks computer location settings
Reads user/profile data of web browsers
Adds Run key to start application
Enumerates connected drives
Drops file in System32 directory
Drops file in Windows directory
Drops file in Program Files directory
Enumerates physical storage devices
Unsigned PE
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-03 18:41
Signatures
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-03 18:41
Reported
2024-04-03 18:43
Platform
win10v2004-20240226-en
Max time kernel
150s
Max time network
150s
Command Line
Signatures
Detects executables containing possible sandbox analysis VM usernames
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\IME\SHARED\trambling hidden pregnant .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\porn nude several models granny .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\SHARED\xxx kicking [milf] glans YEâPSè& .rar.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\spanish beast xxx licking circumcision .avi.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\german blowjob uncut hotel .avi.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\tyrkish horse girls ash lady .rar.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\danish porn masturbation gorgeoushorny (Gina,Gina).rar.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\action cumshot sleeping feet fishy .avi.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\lingerie licking (Britney).zip.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\action gang bang [bangbus] .avi.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\sperm hardcore hidden .rar.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Windows\System32\LogFiles\Fax\Incoming\american horse bukkake [milf] boobs (Anniston,Curtney).mpg.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Google\Temp\nude girls .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\sperm bukkake lesbian .zip.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\african kicking hidden YEâPSè& .rar.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Templates\xxx [free] (Sylvia,Curtney).rar.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\japanese porn catfight .rar.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Shared Gadgets\brasilian horse cumshot big girly .zip.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\Download\british lesbian catfight ash (Anniston).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\trambling lesbian lesbian glans black hairunshaved .avi.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\gay kicking full movie .zip.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\malaysia action animal hot (!) .avi.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Program Files\Microsoft Office\Updates\Download\porn voyeur shoes .zip.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\indian action beast big feet 50+ (Samantha,Anniston).rar.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\malaysia animal handjob sleeping (Britney).rar.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\xxx big titts wifey .mpg.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\horse hidden .rar.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\spanish horse sleeping sm .mpg.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Program Files\dotnet\shared\danish xxx beastiality lesbian feet circumcision .avi.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Microsoft Shared\gang bang catfight titts sweet .zip.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\EU8B19.tmp\french hardcore several models mistress .mpg.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\japanese fetish [bangbus] feet upskirt (Sonja).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Windows\SoftwareDistribution\Download\SharedFileCache\beastiality [free] glans .avi.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_it-it_72a319bf8ee74a9b\american animal several models .avi.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\chinese porn [free] boots .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.84_none_81616275259e37fe\asian gay several models titts 50+ .zip.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_2fe79eae2833b9b1\gang bang big vagina sweet .rar.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_fad1fa0072ef4a3a\asian lingerie masturbation legs sweet (Kathrin).rar.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.867_none_c29826784f9429f8\beast nude public ash .avi.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.1_none_b201c2e68d8dbc0d\british animal big latex (Curtney).rar.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.746_none_de598551b74a3964\malaysia lesbian horse full movie boobs lady .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.1_none_a80cea873b2a6772\chinese gay animal big (Tatjana,Samantha).mpg.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c3d467c525734eb3\trambling cumshot [free] stockings (Sarah).rar.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_es-es_30d7585a049f5b52\indian beast beast lesbian sweet .mpg.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_9aa486d790131d4e\spanish gang bang lesbian shoes .mpg.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.572_none_d9e58b774d1b6e80\beastiality cumshot [free] feet (Anniston,Gina).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..se-shared-datafiles_31bf3856ad364e35_10.0.19041.1_none_2f5f00d280dce9f6\danish blowjob sperm licking penetration .avi.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.964_none_1c1a193f5bfcf136\lingerie cumshot several models cock .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Windows\Downloaded Program Files\hardcore public bedroom .avi.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1_none_97e9c0335b4cd39a\malaysia fetish gang bang girls .mpg.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Windows\WinSxS\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_10.0.19041.1_none_c049dbdb4e15bdd2\african sperm hidden glans ash .rar.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-m..ineshared.resources_31bf3856ad364e35_10.0.19041.1_en-us_99ddc8ce8d3d6dac\swedish lingerie horse several models (Samantha).rar.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_10.0.19041.1_none_01240756137c3159\chinese horse licking .avi.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-u..tyvm-sysprep-shared_31bf3856ad364e35_10.0.19041.1_none_3ba048793ab5eb3f\russian hardcore catfight (Karin).zip.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_b597a55b603b537d\italian cum [milf] legs leather (Gina).mpg.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\templates\porn girls bondage .avi.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-m..ineshared.resources_31bf3856ad364e35_10.0.19041.1_en-us_a4327320c19e2fa7\german hardcore xxx big hotel .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_ab42fb092bda9182\british bukkake girls .zip.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_f3b35d713ce0fc7f\italian trambling hot (!) blondie (Sandy,Kathrin).mpg.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx4-installsqlstatetemplate_sql_b03f5f7f11d50a3a_4.0.15805.0_none_7636d1cd418015c8\italian lingerie fetish masturbation (Sonja).mpg.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_es-es_c9ce604ef4cbf323\cumshot trambling sleeping femdom (Sonja,Janette).rar.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.746_none_b53f8b98f2b3a373\tyrkish nude uncut sm (Tatjana).mpg.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1288_none_56c05939711f0938\kicking bukkake licking .avi.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedpc-sharedpccsp_31bf3856ad364e35_10.0.19041.1_none_24f622f1fc5a3f3c\italian sperm hardcore uncut .avi.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-t..ervices-tsfairshare_31bf3856ad364e35_10.0.19041.1_none_e32b64807ab11fd2\asian trambling hardcore several models .mpg.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_10.0.19041.1_none_359f84f8e5af60e2\italian cum fetish voyeur ash traffic (Ashley).avi.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx-shared_registry_whidbey_31bf3856ad364e35_10.0.19041.1_none_1c68775f06732f08\black action catfight ejaculation (Janette,Jade).avi.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\russian cumshot horse sleeping upskirt .rar.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1288_none_ca3007304990b2ea\indian hardcore fucking lesbian granny .rar.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_de-de_16bd831fd16633be\american gay public (Janette).mpg.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_de-de_881b257d159a5de8\trambling animal public high heels (Ashley,Christine).rar.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-update-upshared_31bf3856ad364e35_10.0.19041.84_none_85259eff919b7c9e\russian gang bang action hot (!) upskirt (Jenna,Jenna).zip.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.1_none_c6da8048542fddc7\lingerie several models young (Samantha).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.84_none_c494b3b28da10665\african gang bang sleeping girly .rar.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\lesbian girls cock mistress .avi.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Windows\WinSxS\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_10.0.19041.1_none_15ba23b7f1e2b81b\handjob voyeur latex .rar.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1202_none_e2f5ebbcec2d8fca\trambling hardcore public glans castration .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_211cf1c632a13851\german kicking voyeur nipples circumcision .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_57eddd48e7a74274\african beast porn hidden .rar.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_bfae5918c0443f83\asian cum trambling hidden titts stockings .rar.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_b1ffa0e7b4ed03e2\italian kicking sleeping cock .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.1_none_6e0e425bd0e83959\spanish sperm [milf] .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.746_none_d01527cffa9c25bc\lesbian big stockings .zip.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_fd7349c396c417ae\fucking masturbation balls (Jade,Curtney).zip.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_93c5f32b7859ec4f\xxx licking beautyfull .mpg.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_10.0.19041.1_none_03040a328f65b761\kicking sleeping feet castration .zip.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_6242879b1c08046f\chinese beastiality public shoes .zip.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_5d54c0aac5c3c12c\danish cumshot girls traffic .zip.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.1266_none_7916f7558927ae23\malaysia animal bukkake [free] feet ejaculation (Janette,Kathrin).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_10.0.19041.1_none_8c0b126c198fcf70\norwegian horse animal big swallow (Samantha,Jenna).avi.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_10.0.19041.1_none_bd731e5b85dd203e\norwegian fucking [bangbus] young .avi.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_10.0.19041.1_none_4ac6500cab2b2113\xxx blowjob masturbation sweet (Sarah,Britney).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_10.0.19041.746_none_e2c6a972a81b8d2c\gang bang big .zip.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx-aspnet-nonwow64-shared_b03f5f7f11d50a3a_4.0.19041.1_none_d66d07dacac85e2d\horse gay hot (!) boobs fishy .mpg.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_d58d4747b1d5988c\german fetish fetish uncut (Tatjana,Kathrin).mpg.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe
"C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe"
C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe
"C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe"
C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe
"C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe"
C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe
"C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.108.222.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.186.56.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.156.149.32.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 139.77.86.235.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.141.253.12.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.180.82.144.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.120.234.16.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 122.64.210.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.50.78.221.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.245.226.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.223.142.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 253.218.198.125.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.220.45.220.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.172.62.101.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.188.77.138.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 199.65.45.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 248.219.119.30.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.20.158.57.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 39.101.82.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 122.107.253.255.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.175.146.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 246.41.81.119.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 243.108.222.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 61.48.210.28.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.84.150.197.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 139.224.80.248.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.72.90.41.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.130.111.27.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.76.194.254.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.219.133.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.71.154.183.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.240.93.208.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 236.127.108.79.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.81.69.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.9.43.85.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.66.55.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.59.68.158.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.142.170.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.96.199.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.250.152.232.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.65.80.247.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 135.58.248.244.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.69.117.47.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 60.209.37.164.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 122.84.52.238.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 93.169.97.254.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 215.30.231.5.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.69.95.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.108.222.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.9.201.186.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 166.47.243.33.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.140.223.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.164.36.197.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 246.204.167.1.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.13.119.250.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.6.83.133.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.197.2.19.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.159.132.76.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.69.195.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.244.171.240.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 248.41.21.90.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.254.237.153.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 168.243.38.242.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.204.203.210.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 61.210.88.116.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 207.67.205.43.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.233.104.70.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.114.208.165.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.6.188.110.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.17.82.63.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 7.59.71.125.in-addr.arpa | udp |
Files
memory/4972-0-0x0000000000400000-0x0000000000420000-memory.dmp
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\japanese porn catfight .rar.exe
| MD5 | fa368aaf12af38affc1c370537e10d44 |
| SHA1 | fd18c1988da4d1e7fa0959a084e6dae664189590 |
| SHA256 | 1543cc927894d41c968376231be739233c1e202962a8a3a4fb591c3936fb3958 |
| SHA512 | c7cf1e7cf1074eb3c5395a1e775ebc3b5413261c855126c12e054b0326843df201775ca782c940382db1f4b237e0e3db5f3fc02346b9e98d17a8758655535be9 |
memory/2168-74-0x0000000000400000-0x0000000000420000-memory.dmp
memory/4792-170-0x0000000000400000-0x0000000000420000-memory.dmp
memory/2924-172-0x0000000000400000-0x0000000000420000-memory.dmp
memory/4972-198-0x0000000000400000-0x0000000000420000-memory.dmp
memory/2168-201-0x0000000000400000-0x0000000000420000-memory.dmp
memory/4792-202-0x0000000000400000-0x0000000000420000-memory.dmp
memory/2924-204-0x0000000000400000-0x0000000000420000-memory.dmp
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-03 18:41
Reported
2024-04-03 18:43
Platform
win7-20240221-en
Max time kernel
150s
Max time network
152s
Command Line
Signatures
Detects executables containing possible sandbox analysis VM usernames
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\IME\shared\fucking masturbation sweet (Sonja,Karin).avi.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\brasilian porn bukkake full movie .zip.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\swedish beastiality lesbian public (Sylvia).avi.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\brasilian handjob sperm masturbation (Karin).zip.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\blowjob lesbian gorgeoushorny (Christine,Karin).avi.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\french xxx lesbian high heels .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Windows\System32\LogFiles\Fax\Incoming\blowjob voyeur black hairunshaved .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\xxx voyeur upskirt .zip.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\shared\american beastiality blowjob [milf] titts .mpg.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\tyrkish cum beast masturbation feet .rar.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\Common Files\Microsoft Shared\lesbian hidden feet .zip.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\brasilian handjob xxx big hole mature .mpg.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\japanese beastiality hardcore hidden cock leather .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\horse several models castration .mpg.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\danish beastiality sperm voyeur .rar.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Program Files\DVD Maker\Shared\swedish kicking hardcore catfight glans .mpg.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Shared Gadgets\indian cumshot sperm masturbation (Melissa).avi.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\brasilian action beast [milf] feet upskirt (Jade).avi.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\horse [milf] (Karin).zip.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\Download\swedish handjob blowjob full movie glans sm .mpg.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\brasilian animal hardcore voyeur .avi.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\japanese porn blowjob licking glans .mpg.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Program Files\Windows Journal\Templates\black gang bang blowjob several models (Sarah).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\microsoft shared\blowjob big cock .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\swedish porn trambling [bangbus] fishy .avi.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\brasilian kicking horse full movie castration .mpg.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_2e7f079c3208e549\horse hot (!) redhair .zip.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_a945e2c500c90142\lesbian big .mpg.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_cd2006602e5ee22e\fucking full movie sm .zip.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_ddab3bcb3a4ffb45\handjob fucking [free] wifey .avi.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_5e4ff1f4cf2dee9b\japanese kicking horse [milf] .avi.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\Downloads\trambling several models hole ejaculation .mpg.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_00225053e03f4c04\japanese animal blowjob public .mpg.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_16a2bb1dbab1c595\canadian bukkake full movie .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_515dc677700303ec\russian porn gay several models glans 40+ (Sylvia).zip.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8bfc34b93f0fdd42\swedish horse gay catfight feet (Gina,Liz).avi.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_f0ca3430257ea13f\tyrkish cumshot xxx [milf] glans .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f25d066604c2ad34\fucking catfight titts sweet (Curtney).avi.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_6.1.7600.16385_none_5499606faffb3f9f\sperm hidden 50+ .mpg.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\russian nude horse girls cock fishy .avi.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_99b74194b7347cab\nude blowjob [free] YEâPSè& .avi.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Windows\winsxs\Temp\sperm uncut ash .avi.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_05ea1d9b8e2bf020\canadian xxx full movie .avi.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_6.1.7600.16385_none_2958d4a31d2ec64f\chinese gay full movie (Melissa).mpg.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\lingerie hidden cock shower (Curtney).avi.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_664dbffec8693dfe\malaysia fucking licking 40+ .zip.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_34400a5790d1d336\russian nude sperm lesbian beautyfull (Anniston,Melissa).mpg.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_dd18b2a07d49aa11\cum trambling catfight high heels .mpg.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\brasilian handjob gay girls castration .mpg.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e30b5ec05031d17d\american cum lesbian licking YEâPSè& .avi.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_bacc7ceffc55dca2\german xxx voyeur penetration .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_39c9d74ef2ad6c7b\hardcore voyeur stockings (Gina,Curtney).zip.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_b7f38afb92de484f\american cumshot horse hidden shoes .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Windows\PLA\Templates\danish fetish hardcore girls latex (Sonja,Karin).avi.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05\indian action blowjob hidden .zip.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0835101f2d90c7b6\spanish lesbian [milf] swallow .rar.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_94ab98ac6d213009\italian cum blowjob lesbian cock castration .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_bcc167434bb9b3ea\cum lesbian voyeur (Samantha).avi.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_4fe2107fd06efdd8\asian lingerie uncut (Karin).mpg.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\american cumshot sperm voyeur titts 50+ (Sarah).mpg.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Windows\assembly\temp\black fetish lesbian voyeur 40+ (Kathrin,Janette).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Windows\Downloaded Program Files\blowjob [bangbus] glans upskirt .mpg.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\indian beastiality lesbian girls titts .zip.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Windows\SoftwareDistribution\Download\bukkake big hole .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2fc4a33adb648f33\blowjob girls ash .mpg.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\lesbian uncut (Janette).mpg.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Windows\winsxs\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_79642285ffd2a388\russian gang bang bukkake full movie .rar.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\indian beastiality fucking masturbation mature (Jenna,Melissa).mpg.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\hardcore several models swallow .zip.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_en-us_00f45b041e1e8fd3\swedish beastiality hardcore [bangbus] titts .rar.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_39374e2435a71b47\french lingerie public .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_d8216ed3d8746200\canadian trambling several models .avi.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\swedish handjob lesbian uncut .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Windows\security\templates\brasilian gang bang lingerie big .mpg.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_f27c4f066f5c6701\brasilian beastiality hardcore lesbian ìï .avi.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_293ea1e3e6bc5364\danish beastiality gay sleeping bondage (Gina,Sylvia).rar.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_94828572f7ddbf0f\nude trambling [bangbus] hole latex (Sylvia).zip.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_7bfdfb15e7184c41\asian fucking [bangbus] cock sm .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_60a2cbbf935c42b4\horse bukkake catfight swallow .zip.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_4d274741486b900c\german beast full movie fishy (Christine,Samantha).rar.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8c6fc5a7aa8c435d\bukkake several models castration (Sonja,Karin).avi.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8d9f242de8497d58\malaysia fucking big penetration .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_97a45841ff925aa0\german bukkake hidden black hairunshaved .avi.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_9498b282333b64ec\spanish trambling masturbation upskirt .avi.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_6.1.7600.16385_none_a727eb798dcfb185\brasilian nude trambling several models hole 50+ (Sarah).mpg.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_dba3691c6002e10e\chinese blowjob masturbation YEâPSè& .zip.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_f3c374fc18118ca2\italian handjob xxx [bangbus] cock bedroom (Janette).avi.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Windows\assembly\tmp\trambling full movie cock black hairunshaved (Karin).zip.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5d9f7d70ed4643fd\canadian horse masturbation glans (Jenna,Sylvia).zip.exe | C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe
"C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe"
C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe
"C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe"
C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe
"C:\Users\Admin\AppData\Local\Temp\0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 119.122.225.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 60.250.65.190.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.210.253.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.115.206.99.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.81.189.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 132.211.255.53.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 116.78.53.254.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 215.2.144.147.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 208.15.199.168.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 107.38.12.116.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.35.189.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.164.116.238.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.98.36.196.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.100.227.251.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.171.212.61.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.195.173.187.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.181.136.78.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.76.137.180.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.153.107.82.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 223.236.181.201.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.221.15.141.in-addr.arpa | udp |
Files
memory/848-0-0x0000000000400000-0x0000000000420000-memory.dmp
C:\Program Files\Windows Sidebar\Shared Gadgets\indian cumshot sperm masturbation (Melissa).avi.exe
| MD5 | cbae8d6f810ae5dd55e277ca9535e70b |
| SHA1 | f3d056b3e4ed3f6688775fd9c446a37c861936b0 |
| SHA256 | 2bb8d3505a0952ee88ccb22d654d38fd58506dd99dab872f4abba2fe881e5fb9 |
| SHA512 | 9f69fcefcaed174cc74ff79c409adfefd2b9efda19649e6f835d412d80d84a1c6e174c8f3bf3e48fd2b64089d255015a3322e8ea9953afecd2080d7bbbd217f2 |
memory/2728-8-0x0000000000400000-0x0000000000420000-memory.dmp
memory/2528-55-0x0000000000400000-0x0000000000420000-memory.dmp
memory/848-94-0x0000000000400000-0x0000000000420000-memory.dmp
memory/2728-98-0x0000000000400000-0x0000000000420000-memory.dmp
memory/2728-99-0x00000000045C0000-0x00000000045E0000-memory.dmp
memory/2528-100-0x0000000000400000-0x0000000000420000-memory.dmp