Analysis Overview
SHA256
8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a
Threat Level: Known bad
The file 8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a was found to be: Known bad.
Malicious Activity Summary
UPX dump on OEP (original entry point)
UPX dump on OEP (original entry point)
Detects executables containing possible sandbox analysis VM usernames
UPX packed file
Reads user/profile data of web browsers
Checks computer location settings
Enumerates connected drives
Adds Run key to start application
Drops file in System32 directory
Drops file in Program Files directory
Drops file in Windows directory
Unsigned PE
Enumerates physical storage devices
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-07 23:07
Signatures
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-07 23:07
Reported
2024-04-07 23:10
Platform
win10v2004-20231215-en
Max time kernel
150s
Max time network
150s
Command Line
Signatures
Detects executables containing possible sandbox analysis VM usernames
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\IME\SHARED\beast public ejaculation (Christine,Janette).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\brasilian action trambling public cock 50+ .mpg.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\swedish cumshot horse lesbian .zip.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\russian beastiality xxx [free] (Tatjana).avi.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\canadian beast several models mistress .avi.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\SHARED\blowjob hot (!) latex .zip.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\lingerie hidden titts ejaculation .zip.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\xxx [milf] (Janette).zip.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\lingerie lesbian upskirt (Sonja,Curtney).mpg.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Windows\System32\LogFiles\Fax\Incoming\indian nude horse uncut hole .mpg.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\black nude sperm masturbation .rar.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\italian cumshot sperm hidden bedroom .rar.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\black horse beast masturbation feet blondie (Curtney).rar.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\fucking hidden (Tatjana).avi.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\lingerie hot (!) .avi.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Program Files\Microsoft Office\Updates\Download\indian gang bang hardcore masturbation shower .mpg.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\lingerie [free] girly .rar.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\indian kicking sperm public sm .zip.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Templates\tyrkish fetish lesbian hot (!) hotel .rar.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\italian action sperm licking feet pregnant .zip.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\porn trambling public titts .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\swedish nude hardcore sleeping .zip.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Shared Gadgets\beast [bangbus] balls .zip.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\Download\russian beastiality horse [free] .zip.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\japanese handjob beast hot (!) balls .mpg.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Program Files\dotnet\shared\american nude bukkake hot (!) .mpg.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\brasilian fetish beast sleeping cock stockings .mpg.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Microsoft Shared\beast sleeping hairy .rar.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\american gang bang beast full movie hole .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\russian handjob hardcore several models bondage .rar.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\WinSxS\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_10.0.19041.1_none_91025638be651781\cumshot lingerie voyeur .zip.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_es-es_e5c3ad79c4e34ebb\norwegian hardcore big (Liz).rar.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_10.0.19041.1_none_096bb4dc0d5d63a0\swedish animal blowjob catfight titts mistress .zip.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.1266_none_7916f7558927ae23\norwegian sperm several models feet redhair (Sarah).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-update-upshared_31bf3856ad364e35_10.0.19041.1151_none_025296d718a7b3a8\german beast licking (Tatjana).rar.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_de-de_e4e52f411b7b0526\cum horse voyeur mature .mpg.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_fe0807c37141be7a\canadian sperm full movie .mpg.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Windows\WinSxS\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_10.0.19041.1_none_4ab14109a3e1e067\asian fucking voyeur .rar.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Windows\SystemResources\Windows.ShellCommon.SharedResources\fucking voyeur penetration .rar.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_adfc5e0bfca53431\german horse [free] girly .rar.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_f3b35d713ce0fc7f\fetish bukkake voyeur glans .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.1_none_7862ecae0548fb54\swedish handjob hardcore full movie hole (Sandy,Sylvia).avi.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.906_none_f962ab5f47e1e896\kicking fucking masturbation fishy .zip.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\Downloads\brasilian fetish lingerie big lady .zip.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_10.0.19041.746_none_e2c6a972a81b8d2c\swedish animal sperm [milf] mistress .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedpc-sharedpccsp_31bf3856ad364e35_10.0.19041.746_none_4cfe603abbcbfd86\italian kicking lingerie [bangbus] (Janette).mpg.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_en-us_8dd6053a0a5910eb\brasilian gang bang xxx lesbian (Sarah).avi.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\gay masturbation cock .mpg.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_cb389cf57d74d691\italian nude hardcore voyeur .zip.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1_none_97e9c0335b4cd39a\cumshot bukkake voyeur .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_6242879b1c08046f\norwegian horse full movie cock .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_a4f93129c473df49\hardcore full movie .avi.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_4c786ae2f508e6d5\brasilian kicking bukkake hot (!) cock pregnant .rar.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-m..ineshared.resources_31bf3856ad364e35_10.0.19041.1_en-us_99ddc8ce8d3d6dac\russian beastiality fucking [milf] Ôï (Anniston,Samantha).avi.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.867_en-us_49453482f1fb5356\german horse licking cock fishy .rar.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1202_none_e2f5ebbcec2d8fca\lingerie big feet .mpg.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_8d8f6812a0c99533\gay masturbation (Sarah).avi.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-u..tyvm-sysprep-shared_31bf3856ad364e35_10.0.19041.1_none_3ba048793ab5eb3f\japanese gang bang gay uncut cock circumcision (Tatjana).avi.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-w..acejoin-gptemplates_31bf3856ad364e35_10.0.19041.1_none_609f27436445f4da\black nude bukkake hot (!) (Karin).avi.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_en-us_64f5aaf4bb13ecef\xxx uncut 50+ .avi.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-u..ell-sharedutilities_31bf3856ad364e35_10.0.19041.546_none_a93e4a2569276206\porn hardcore uncut glans .rar.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_5d54c0aac5c3c12c\british sperm [free] hole latex .avi.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_es-es_bf79b5fcc06b3128\nude horse [free] titts penetration .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedrealitysvc_31bf3856ad364e35_10.0.19041.746_none_822bf1ada1526fa8\animal fucking uncut granny .rar.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Windows\assembly\temp\italian animal bukkake masturbation .rar.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_887b2378b7b5651d\animal blowjob [bangbus] titts (Christine,Janette).avi.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Windows\WinSxS\x86_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_10.0.19041.1_none_34e3bab50607a64b\american animal beast girls wifey (Anniston,Sylvia).zip.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_2426cc56d654beaa\horse [milf] glans .avi.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Windows\WinSxS\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_10.0.19041.1_none_15ba23b7f1e2b81b\horse hardcore hidden .rar.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_855aff45853749ef\beastiality horse licking black hairunshaved .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.867_none_c29826784f9429f8\black porn lesbian big glans high heels (Sylvia).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-t..ervices-tsfairshare_31bf3856ad364e35_10.0.19041.746_none_0b33a1c93a22de1c\beastiality sperm lesbian castration .zip.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_de-de_881b257d159a5de8\german beast sleeping (Tatjana).avi.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-a..gement-uevtemplates_31bf3856ad364e35_10.0.19041.1_none_0d66b54875835a49\african sperm [bangbus] YEâPSè& .zip.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.1_none_6e0e425bd0e83959\chinese blowjob big girly .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_10.0.19041.1_none_359f84f8e5af60e2\canadian horse catfight .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_ca03036af4a5017e\nude bukkake voyeur feet .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_7860bee9439c3ae7\beast several models titts ash .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.572_none_cf90e12518baac85\french trambling public pregnant .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.746_none_de598551b74a3964\french beast voyeur glans .mpg.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Windows\WinSxS\x86_netfx4-installsqlstatetemplate_sql_b03f5f7f11d50a3a_4.0.15805.0_none_bde408a455fc3ece\malaysia sperm full movie cock gorgeoushorny .mpg.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_6c85d64de79e0985\porn lingerie public beautyfull .zip.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-sx-shared_31bf3856ad364e35_10.0.19041.1_none_f8e978b0ed48a6bb\tyrkish gang bang lingerie lesbian upskirt (Ashley,Liz).avi.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.746_none_b53f8b98f2b3a373\gang bang beast hidden balls .rar.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_215194e2327a46ac\gang bang fucking hidden .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.746_none_d01527cffa9c25bc\asian gay [milf] .zip.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_10.0.19041.1_none_03040a328f65b761\italian action bukkake big young (Anniston,Jade).avi.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_89c0bf1761110f07\british hardcore public (Tatjana).avi.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.789_en-us_58ebf9ecc407e3c0\tyrkish action fucking public feet .rar.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_ab42fb092bda9182\french fucking catfight cock balls (Tatjana).zip.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_211cf1c632a13851\chinese fucking catfight YEâPSè& .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1288_none_56c05939711f0938\nude xxx sleeping (Tatjana).mpg.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_10.0.19041.1_none_de1581e9a275faf8\italian kicking beast several models (Liz).rar.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_d58d4747b1d5988c\french gay [bangbus] titts blondie .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe
"C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe"
C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe
"C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe"
C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe
"C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe"
C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe
"C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe"
Network
| Country | Destination | Domain | Proto |
| GB | 23.44.234.16:80 | tcp | |
| US | 8.8.8.8:53 | 178.223.142.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 159.113.53.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.118.77.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 62.198.62.187.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.2.196.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.48.174.113.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.164.54.253.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.147.85.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.63.166.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 213.175.151.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 96.193.144.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 191.68.44.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.128.254.241.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.180.77.76.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 218.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.180.238.223.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.44.52.251.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 139.207.41.5.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.32.50.214.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.233.137.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.75.253.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.102.181.48.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.202.79.170.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.161.107.127.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 85.84.104.161.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 247.119.38.32.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 245.88.31.241.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.104.187.134.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 166.31.8.5.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 181.222.106.76.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 7.166.102.171.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 236.144.152.242.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.101.251.232.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.158.37.102.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 185.61.237.123.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 162.61.190.125.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.234.79.136.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 219.131.95.188.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.240.99.134.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.72.84.129.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.191.112.124.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.170.42.176.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.21.6.75.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 167.30.239.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.120.25.59.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.198.79.188.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 51.98.146.5.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.178.235.16.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.114.164.168.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.222.95.39.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.169.102.86.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 51.72.223.198.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 112.39.137.165.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 245.223.31.123.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 160.5.121.111.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.194.213.202.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 62.73.162.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 215.22.140.131.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.198.210.148.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.149.213.215.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.173.109.30.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.89.129.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 221.212.96.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.84.249.194.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 125.199.185.134.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 139.156.162.212.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 214.102.192.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.214.234.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 208.84.93.205.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.24.96.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.226.241.118.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.73.50.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 208.165.235.139.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 45.1.255.222.in-addr.arpa | udp |
Files
memory/1580-0-0x0000000000400000-0x0000000000420000-memory.dmp
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\black horse beast masturbation feet blondie (Curtney).rar.exe
| MD5 | 4fec2951f26b1dbeffce54e3f03c113a |
| SHA1 | 27a682b1576c266f2741bb53574591e3184a4997 |
| SHA256 | 5a39513ec1bc1a6a123b55639f647e6161141be0eaa4fcb02590d0b83ba8414e |
| SHA512 | 81c4ae58fc13417960b179f432388f7fb04a3d8663552c4ff2498cc81b23805a772311fd0dbb829156452102f87c2d8fe2323e3c95eba8510775d7d81649f612 |
memory/3216-35-0x0000000000400000-0x0000000000420000-memory.dmp
memory/220-153-0x0000000000400000-0x0000000000420000-memory.dmp
memory/4776-156-0x0000000000400000-0x0000000000420000-memory.dmp
memory/1580-187-0x0000000000400000-0x0000000000420000-memory.dmp
memory/3216-191-0x0000000000400000-0x0000000000420000-memory.dmp
memory/220-194-0x0000000000400000-0x0000000000420000-memory.dmp
memory/4776-197-0x0000000000400000-0x0000000000420000-memory.dmp
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-07 23:07
Reported
2024-04-07 23:10
Platform
win7-20240221-en
Max time kernel
150s
Max time network
154s
Command Line
Signatures
Detects executables containing possible sandbox analysis VM usernames
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\config\systemprofile\gay handjob [free] boobs leather .rar.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\american action lesbian hot (!) 50+ .mpg.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\french handjob fucking voyeur .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\shared\gang bang trambling hidden sm .zip.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\danish xxx beast full movie .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\nude [bangbus] castration .zip.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Windows\System32\LogFiles\Fax\Incoming\xxx catfight .rar.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\indian horse full movie young .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\brasilian xxx animal voyeur cock femdom .avi.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\shared\cumshot uncut sm .avi.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\beast several models titts bondage .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\brasilian fucking [free] feet femdom .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\japanese nude xxx masturbation cock .zip.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Program Files\DVD Maker\Shared\swedish fucking sleeping (Britney).rar.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\danish cum [milf] feet .avi.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\german horse horse hidden bedroom (Samantha,Jenna).mpg.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\african lesbian several models hole sweet .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Program Files\Windows Journal\Templates\british sperm [bangbus] femdom .avi.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\microsoft shared\japanese blowjob hot (!) vagina (Gina).rar.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\british cumshot [bangbus] cock YEâPSè& (Sarah,Janette).avi.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\cum voyeur .zip.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\Download\brasilian beast big (Jade).zip.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\african blowjob [milf] cock swallow .avi.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Shared Gadgets\canadian cum cumshot big bondage .rar.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\swedish fetish nude masturbation sm .zip.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\tyrkish lingerie bukkake licking redhair .zip.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f25d066604c2ad34\kicking big black hairunshaved .avi.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\chinese animal licking vagina .rar.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b4aea777fe683838\action action big .mpg.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_6.1.7600.16385_none_6377027f0030a06a\bukkake catfight .mpg.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_aea650787d30ed8a\canadian fucking animal masturbation legs boots .avi.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\african porn animal hot (!) .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\norwegian gay several models nipples lady .mpg.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5d6ada54ed6d35a2\indian horse several models blondie (Britney,Samantha).rar.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a3772de7111797da\kicking full movie shower .avi.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_7bfdfb15e7184c41\american beastiality voyeur upskirt .avi.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Windows\Downloaded Program Files\lingerie beastiality hidden fishy .avi.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\italian fetish voyeur lady (Tatjana,Karin).zip.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\Downloads\american bukkake sperm sleeping vagina (Jade).mpg.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_es-es_00bfb7e81e458178\norwegian animal sleeping ash castration .mpg.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\hardcore xxx several models .avi.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_6f0f7833cb71e18d\italian porn porn voyeur ash .zip.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_3d98a610fed70b75\fetish xxx licking vagina .zip.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Windows\mssrv.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Windows\PLA\Templates\chinese cum masturbation shower .mpg.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\black bukkake kicking girls vagina bedroom .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8c6fc5a7aa8c435d\tyrkish cumshot big .mpg.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8d9f242de8497d58\malaysia xxx hot (!) .rar.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_39374e2435a71b47\french gang bang action masturbation bedroom .mpg.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\black beast public (Christine,Samantha).avi.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_94828572f7ddbf0f\porn xxx [milf] blondie .rar.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Windows\winsxs\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_6b16fa9f975e1109\french nude handjob public circumcision .rar.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_6.1.7600.16385_none_2958d4a31d2ec64f\japanese lesbian cum masturbation (Melissa).rar.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\swedish lingerie voyeur .zip.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_05ea1d9b8e2bf020\action hot (!) legs redhair .mpg.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\canadian gay [bangbus] boobs .mpg.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_c26c5b8280c6af34\blowjob fetish [bangbus] castration .avi.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Windows\assembly\temp\black animal animal [bangbus] YEâPSè& .rar.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_2e7f079c3208e549\german kicking full movie upskirt (Karin).rar.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0993a1b8823a4e79\xxx beastiality sleeping gorgeoushorny (Ashley,Britney).avi.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Windows\winsxs\Temp\japanese cumshot nude big .rar.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_657d9a203abeb154\swedish trambling [free] sm .avi.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_6208b91f46896156\danish fucking lesbian girls bondage (Melissa).rar.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_cd2006602e5ee22e\horse horse girls (Sandy,Tatjana).rar.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_515dc677700303ec\german cum lingerie full movie (Sonja).rar.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_4d274741486b900c\american hardcore big 50+ (Jade).zip.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_f27c4f066f5c6701\brasilian horse horse full movie .rar.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_a945e2c500c90142\russian hardcore masturbation legs (Samantha,Anniston).avi.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_963e6ae24c653bfe\british cum hidden .mpg.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\danish horse lesbian masturbation .rar.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_de-de_5803850b2f40840e\animal action catfight hole .zip.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_39c9d74ef2ad6c7b\gay hardcore big femdom .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_f0ca3430257ea13f\swedish beast several models boots .rar.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_5e4ff1f4cf2dee9b\indian cum [bangbus] .mpg.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_664dbffec8693dfe\kicking action several models femdom .rar.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Windows\SoftwareDistribution\Download\lesbian trambling lesbian ìï .zip.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_en-us_00f45b041e1e8fd3\hardcore gay lesbian .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_it-it_18a6fde3093acac7\african porn masturbation femdom (Ashley).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_1412267f4b3bb985\african beast kicking girls bondage .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_dba3691c6002e10e\gay lesbian [bangbus] girly (Sonja,Samantha).rar.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_095efe9c8261401e\italian gay [bangbus] (Sarah,Janette).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_d8216ed3d8746200\blowjob licking vagina (Britney,Anniston).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Windows\security\templates\norwegian trambling gang bang big (Sandy,Sonja).rar.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_d81c96999f75bd77\cumshot big leather .mpg.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0af98f1835676d1b\british blowjob licking bedroom (Sonja).mpg.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_6.1.7600.16385_none_a727eb798dcfb185\horse sperm several models 40+ .zip.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\black beast full movie .avi.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\tyrkish beastiality several models girly .zip.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_16a2bb1dbab1c595\tyrkish lesbian catfight (Sandy,Sylvia).mpg.exe | C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe
"C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe"
C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe
"C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe"
C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe
"C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe"
C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe
"C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 44.31.194.197.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 189.55.18.27.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 122.149.123.239.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.245.9.11.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 230.190.48.221.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.168.238.136.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.179.6.243.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.229.55.97.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.223.149.249.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 176.52.52.148.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.75.235.100.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.62.141.22.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.21.194.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.215.42.80.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 185.131.131.27.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.94.221.219.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.90.214.42.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 85.77.94.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 243.177.236.156.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.158.198.53.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.134.109.147.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.74.174.65.in-addr.arpa | udp |
Files
memory/2456-0-0x0000000000400000-0x0000000000420000-memory.dmp
C:\Program Files\Windows Sidebar\Shared Gadgets\canadian cum cumshot big bondage .rar.exe
| MD5 | 4b89b6f640005d0edbbc1cb03d6cc0da |
| SHA1 | 1a7904b8e78a61d2e46a0931d58bcdf5196d48ca |
| SHA256 | 5562e3940d01f2151122054a9a44bfaeb3cf71cc616b73e209e45d34fe6732c9 |
| SHA512 | 787ff9baa50df93ffcdd83fd937698d9c08ca2b80d844a71b30455d65fea204d20024c917f9d4ee3efc9cfc0110f9654f9f847141ab951f684b4f7cdba5c71f8 |
memory/2456-14-0x0000000004A60000-0x0000000004A80000-memory.dmp
memory/2576-15-0x0000000000400000-0x0000000000420000-memory.dmp
memory/2576-53-0x0000000004A40000-0x0000000004A60000-memory.dmp
memory/2388-54-0x0000000000400000-0x0000000000420000-memory.dmp
memory/2456-56-0x00000000050C0000-0x00000000050E0000-memory.dmp
memory/2456-92-0x0000000000400000-0x0000000000420000-memory.dmp
memory/2456-94-0x0000000004A60000-0x0000000004A80000-memory.dmp
memory/2576-95-0x0000000000400000-0x0000000000420000-memory.dmp
memory/2576-97-0x0000000004A40000-0x0000000004A60000-memory.dmp
memory/2388-98-0x0000000000400000-0x0000000000420000-memory.dmp
memory/2456-99-0x00000000050C0000-0x00000000050E0000-memory.dmp
memory/2496-103-0x0000000000400000-0x0000000000420000-memory.dmp
C:\debug.txt
| MD5 | 2a6e668b6bd0d25c0a3b429ba53102e3 |
| SHA1 | 2e4411006e20fad6ba897ec18732dc5345f419bf |
| SHA256 | fb356dd27824b102c4dcaecc407a5b23764396b56b5e26ed25318654b67a6d24 |
| SHA512 | d4a500177fe3804482cca863cb43a5853773c974b73d4853ea51695b89b87ee19b29cc94df4893581e8fa942b77bc4aecc63d594dce621a720d276e93e4c643a |