Analysis Overview
SHA256
8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3
Threat Level: Known bad
The file 8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3 was found to be: Known bad.
Malicious Activity Summary
UPX dump on OEP (original entry point)
Detects executables containing possible sandbox analysis VM usernames
UPX dump on OEP (original entry point)
Checks computer location settings
Reads user/profile data of web browsers
UPX packed file
Enumerates connected drives
Adds Run key to start application
Drops file in System32 directory
Drops file in Windows directory
Drops file in Program Files directory
Enumerates physical storage devices
Unsigned PE
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-07 23:12
Signatures
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-07 23:12
Reported
2024-04-07 23:15
Platform
win7-20240221-en
Max time kernel
150s
Max time network
149s
Command Line
Signatures
Detects executables containing possible sandbox analysis VM usernames
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\config\systemprofile\american kicking horse several models glans sm .rar.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\indian cum beast lesbian ejaculation .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\bukkake [bangbus] .rar.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\shared\italian porn lingerie [bangbus] feet .rar.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Windows\System32\LogFiles\Fax\Incoming\tyrkish kicking trambling public cock 50+ (Curtney).rar.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\sperm masturbation (Curtney).avi.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\french horse full movie feet .mpg.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\shared\trambling [milf] cock beautyfull (Jade).zip.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\beast several models glans .rar.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\russian handjob fucking full movie .rar.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\DVD Maker\Shared\indian kicking fucking catfight .rar.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\black fetish lesbian licking feet young (Karin).avi.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\beast voyeur hole blondie (Sarah).avi.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\hardcore hot (!) (Sarah).avi.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\black animal beast licking ejaculation .avi.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\swedish action horse hot (!) (Sarah).avi.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Shared Gadgets\swedish horse gay [bangbus] .mpg.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\indian beastiality trambling several models femdom .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\Download\italian horse gay public glans gorgeoushorny .avi.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\horse lesbian .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\tyrkish nude beast hidden Χ (Ashley,Curtney).avi.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\british horse voyeur (Curtney).rar.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Program Files\Windows Journal\Templates\brasilian cumshot sperm several models hole (Anniston,Curtney).rar.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\microsoft shared\black beastiality gay several models feet (Anniston,Liz).avi.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\blowjob full movie .zip.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_05ea1d9b8e2bf020\brasilian horse bukkake uncut (Sylvia).rar.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_ddab3bcb3a4ffb45\japanese nude lingerie hidden wifey (Britney,Sarah).avi.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\lingerie voyeur (Liz).mpg.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_bcc167434bb9b3ea\indian fetish lesbian uncut blondie .zip.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b4aea777fe683838\russian porn fucking hot (!) .rar.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_2e7f079c3208e549\brasilian fetish horse masturbation titts .mpg.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_6208b91f46896156\norwegian lingerie licking titts ash (Curtney).avi.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\sperm sleeping (Sylvia).zip.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_60c2504d62fd4f0e\nude gay lesbian bedroom (Sonja,Janette).mpg.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_965db382b6fef5cb\british trambling lesbian feet .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\Downloads\italian fetish blowjob catfight (Melissa).avi.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\trambling uncut .zip.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_en-us_00f45b041e1e8fd3\gang bang gay public (Liz).mpg.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0af98f1835676d1b\african beast several models cock traffic .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\blowjob licking wifey .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_dba3691c6002e10e\handjob sperm [milf] .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_664dbffec8693dfe\swedish nude hardcore full movie circumcision .rar.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f25d066604c2ad34\african hardcore several models titts .mpg.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ea4a469ab7713182\african blowjob catfight feet black hairunshaved (Sarah).zip.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a3772de7111797da\kicking horse public cock hotel (Melissa).zip.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_39374e2435a71b47\black cum sperm lesbian balls (Christine,Tatjana).rar.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_cd2006602e5ee22e\japanese gang bang sperm hot (!) .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Windows\winsxs\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_6b16fa9f975e1109\brasilian beastiality blowjob voyeur titts circumcision .rar.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_60a2cbbf935c42b4\spanish beast licking hole .rar.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\trambling lesbian .zip.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\horse public hole .avi.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Windows\assembly\tmp\russian porn blowjob uncut lady .avi.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Windows\security\templates\sperm licking cock .avi.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_6f0f7833cb71e18d\brasilian nude lingerie big (Sylvia).rar.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Windows\mssrv.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_aedaf3947d09fbe5\cumshot trambling [milf] stockings .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_6.1.7600.16385_none_2958d4a31d2ec64f\gay several models granny .rar.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Windows\assembly\temp\japanese animal hardcore full movie stockings .avi.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_65b23d3c3a97bfaf\fucking big hole .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_6.1.7600.16385_none_af6f98ff87b0e3cc\horse fucking catfight (Samantha).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_095efe9c8261401e\brasilian handjob hardcore sleeping lady .zip.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_657d9a203abeb154\japanese cumshot lesbian sleeping feet hairy .avi.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_6.1.7600.16385_none_5499606faffb3f9f\brasilian action hardcore [milf] .avi.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-m..-temptable-provider_31bf3856ad364e35_6.1.7600.16385_none_1dd3ce8d1e7524cd\nude lingerie lesbian fishy .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0ac4ebfc358e5ec0\spanish sperm masturbation blondie .avi.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\tyrkish beastiality fucking catfight feet castration .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Windows\PLA\Templates\russian action beast [bangbus] cock upskirt .mpg.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Windows\SoftwareDistribution\Download\hardcore [milf] ìï .mpg.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8d9f242de8497d58\canadian trambling catfight (Sylvia).mpg.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e30b5ec05031d17d\brasilian horse beast catfight (Tatjana).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0993a1b8823a4e79\italian fetish beast girls girly .zip.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\japanese action gay catfight glans wifey .rar.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\japanese beastiality trambling big (Liz).rar.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Windows\Downloaded Program Files\brasilian handjob fucking full movie .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_4fe2107fd06efdd8\lesbian hot (!) cock .mpg.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_9498b282333b64ec\canadian trambling licking 50+ .zip.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\hardcore girls penetration .mpg.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\brasilian cumshot beast sleeping cock high heels (Curtney).mpg.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_de-de_5803850b2f40840e\canadian lesbian [bangbus] .rar.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_6.1.7600.16385_none_49dd84a06c7c8863\french bukkake full movie wifey .mpg.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_dd18b2a07d49aa11\cum horse big .zip.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\lingerie public hole high heels .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_6.1.7600.16385_none_a727eb798dcfb185\malaysia xxx [bangbus] glans .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_f3c374fc18118ca2\danish cum gay public glans blondie (Sylvia).mpg.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_4d274741486b900c\fetish xxx girls leather .zip.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\beast lesbian hole shower .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5d6ada54ed6d35a2\black porn gay hidden lady .mpg.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2fc4a33adb648f33\beastiality bukkake uncut feet latex .mpg.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_5e4ff1f4cf2dee9b\action xxx catfight redhair .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe
"C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe"
C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe
"C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe"
C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe
"C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe"
C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe
"C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 91.141.100.85.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 182.248.138.177.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 93.121.66.100.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.242.50.203.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 165.197.243.171.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.5.49.86.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 159.78.199.49.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.122.205.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 204.19.187.61.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 153.203.78.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 239.233.78.193.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 218.251.119.183.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 214.16.114.198.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.82.37.79.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 224.39.232.30.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.194.91.53.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.132.78.194.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.117.222.195.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.212.14.21.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 213.225.210.41.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.212.75.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.19.49.174.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 167.20.88.58.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 147.72.73.61.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 135.4.69.249.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.143.42.60.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 142.107.64.25.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 207.108.41.63.in-addr.arpa | udp |
Files
memory/2168-0-0x0000000000400000-0x000000000041C000-memory.dmp
C:\Program Files\Windows Sidebar\Shared Gadgets\swedish horse gay [bangbus] .mpg.exe
| MD5 | 5239bc665b0756b1e1df036a5f0a09ad |
| SHA1 | b5818c76aade9049f5ecaf05384c0da3da38f3a6 |
| SHA256 | e4885ad52f528300050ba05d477d6b372b4d31cd74d6b12bc6bff1890b9cc697 |
| SHA512 | 994d4f757c153188529d290cdfd57bd2978a96bac81eeda60ac361f83e0bef622650f7e194ef0c980002583186edcf947d64a4d69d8fc407711bb24ac9d5223b |
memory/2168-52-0x00000000059A0000-0x00000000059BC000-memory.dmp
memory/2468-53-0x0000000000400000-0x000000000041C000-memory.dmp
memory/2168-87-0x0000000005C20000-0x0000000005C3C000-memory.dmp
memory/2532-88-0x0000000000400000-0x000000000041C000-memory.dmp
memory/2476-89-0x0000000000400000-0x000000000041C000-memory.dmp
memory/2168-91-0x0000000000400000-0x000000000041C000-memory.dmp
memory/2468-92-0x0000000000400000-0x000000000041C000-memory.dmp
memory/2476-96-0x0000000000400000-0x000000000041C000-memory.dmp
C:\debug.txt
| MD5 | 5d6a053bcdc33ef081114dafc762fad3 |
| SHA1 | 9ec2f8be583530c60d23788a11944946ab359abc |
| SHA256 | 723126ce575da53cf521716d5c5d01b45598d356889d18979d6d981078751d39 |
| SHA512 | 8a298fd7c553eb4f28d2b63cf2a6b61fbeb76d5cb37cafdf521c12b89f77f01a86c1a6ae961df702be205d778ecca6300738df53a4dacd65209b0baab033fe2a |
memory/2168-105-0x0000000000400000-0x000000000041C000-memory.dmp
memory/2168-109-0x0000000000400000-0x000000000041C000-memory.dmp
memory/2168-113-0x0000000000400000-0x000000000041C000-memory.dmp
memory/2168-117-0x0000000000400000-0x000000000041C000-memory.dmp
memory/2168-123-0x0000000000400000-0x000000000041C000-memory.dmp
memory/2168-127-0x0000000000400000-0x000000000041C000-memory.dmp
memory/2168-131-0x0000000000400000-0x000000000041C000-memory.dmp
memory/2168-135-0x0000000000400000-0x000000000041C000-memory.dmp
memory/2168-139-0x0000000000400000-0x000000000041C000-memory.dmp
memory/2168-143-0x0000000000400000-0x000000000041C000-memory.dmp
memory/2168-147-0x0000000000400000-0x000000000041C000-memory.dmp
memory/2168-151-0x0000000000400000-0x000000000041C000-memory.dmp
memory/2168-155-0x0000000000400000-0x000000000041C000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-07 23:12
Reported
2024-04-07 23:15
Platform
win10v2004-20240226-en
Max time kernel
150s
Max time network
150s
Command Line
Signatures
Detects executables containing possible sandbox analysis VM usernames
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\black action xxx masturbation cock .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\tyrkish animal gay [milf] fishy (Sonja,Curtney).mpg.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\fucking [milf] feet ¼ë (Liz).mpg.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\bukkake masturbation titts .mpg.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\fucking catfight glans .avi.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\brasilian horse lesbian full movie femdom .zip.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\horse lingerie masturbation leather .zip.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\SHARED\lingerie voyeur hole blondie .avi.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\xxx [free] (Sarah).avi.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\african gay girls hole .mpg.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\SHARED\horse [bangbus] (Karin).rar.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Windows\System32\LogFiles\Fax\Incoming\xxx hidden (Karin).mpg.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Microsoft\Temp\hardcore sleeping feet .rar.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Program Files\dotnet\shared\indian kicking fucking catfight .rar.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\blowjob full movie .zip.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Shared Gadgets\black fetish lesbian licking feet young (Karin).avi.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\horse lesbian .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\french fucking licking boots .rar.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\swedish horse xxx catfight feet .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Microsoft Shared\hardcore full movie pregnant .avi.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\italian cumshot bukkake licking .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\swedish action horse hot (!) (Sarah).avi.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\blowjob [free] (Liz).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\beast voyeur hole blondie (Sarah).avi.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\black beastiality gay several models feet (Anniston,Liz).avi.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\black kicking horse uncut (Samantha).mpg.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Templates\brasilian cumshot sperm several models hole (Anniston,Curtney).rar.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\swedish horse gay [bangbus] .mpg.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Program Files\Microsoft Office\Updates\Download\italian horse gay public glans gorgeoushorny .avi.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\Download\fucking girls hole balls (Melissa).rar.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\EU8B19.tmp\american nude beast public .mpg.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\WinSxS\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_10.0.19041.1_none_359f84f8e5af60e2\swedish cumshot lesbian catfight gorgeoushorny .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.906_none_f962ab5f47e1e896\french blowjob masturbation titts 50+ .mpg.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.1_none_fa09f84703cb02c5\trambling [free] .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_62312bfbb33d478a\tyrkish gang bang trambling [free] (Janette).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_93c5f32b7859ec4f\british beast full movie hole latex .avi.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.546_none_cd016aa683e5a345\norwegian horse several models glans sm (Sylvia).avi.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1202_none_e2f5ebbcec2d8fca\african lesbian hot (!) feet .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d38ece58f77171b4\nude lesbian sleeping cock young .rar.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_10.0.19041.1_none_ee94ce5eb8e7e4c0\hardcore [free] femdom (Kathrin,Curtney).mpg.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\spanish horse full movie .rar.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_2610450c30b37cc4\blowjob full movie circumcision (Anniston,Sarah).mpg.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.746_none_a06b29f6c4bab99e\handjob horse licking .mpg.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\lesbian full movie glans latex .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-s..mon-sharedresources_31bf3856ad364e35_10.0.19041.1_none_5417ea1f38dbb76b\swedish nude horse big bedroom .avi.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.1_none_f42978969c79336a\british xxx public circumcision .rar.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_e79b400a6df5fd2c\asian hardcore [free] hairy .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\indian fetish blowjob licking .zip.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_10.0.19041.1_none_4ac6500cab2b2113\malaysia lingerie uncut titts .zip.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_3058d81cfd5218f2\malaysia hardcore big cock sm .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_fad1fa0072ef4a3a\spanish lingerie [milf] feet bondage .zip.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.867_en-us_49453482f1fb5356\gang bang hardcore [bangbus] cock (Jenna,Melissa).rar.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_10.0.19041.1_none_de1581e9a275faf8\german beast uncut (Curtney).mpg.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_89c0bf1761110f07\italian kicking fucking several models (Liz).rar.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_b597a55b603b537d\indian gang bang hardcore [bangbus] glans .mpg.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_de-de_21122d7205c6f5b9\beastiality trambling several models (Tatjana).rar.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.1_none_7862ecae0548fb54\horse trambling [free] .mpg.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.789_en-us_58ebf9ecc407e3c0\italian kicking hardcore full movie hole YEâPSè& .zip.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.572_none_d9e58b774d1b6e80\porn horse public titts bondage .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_10.0.19041.1_none_8c0b126c198fcf70\black nude trambling big 50+ .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_56cd15352969a8d0\brasilian kicking fucking masturbation penetration .avi.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Windows\WinSxS\x86_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_10.0.19041.1_none_d980e9752d51efac\horse xxx hidden .mpg.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_855aff45853749ef\sperm lesbian cock upskirt (Tatjana).mpg.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..se-shared-datafiles_31bf3856ad364e35_10.0.19041.1_none_2f5f00d280dce9f6\spanish horse hot (!) pregnant .zip.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_de-de_bc04d4fbcc35e12a\porn hardcore uncut titts .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Windows\WinSxS\x86_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_10.0.19041.1_none_34e3bab50607a64b\malaysia hardcore hidden feet shoes .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\templates\beast uncut .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_4c786ae2f508e6d5\black animal horse voyeur young (Kathrin,Samantha).rar.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-u..ell-sharedutilities_31bf3856ad364e35_10.0.19041.546_none_a93e4a2569276206\american beastiality sperm uncut titts swallow .zip.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_de-de_e4e52f411b7b0526\cumshot sperm catfight young .zip.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_10.0.19041.1_none_551afa5edf8be30e\american fetish lingerie hidden feet .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1_none_3cfd44d351b1a8ab\spanish gay hidden glans .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_f3b35d713ce0fc7f\handjob blowjob catfight beautyfull .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_10.0.19041.1_none_03040a328f65b761\asian beast hot (!) titts .rar.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Windows\WinSxS\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_10.0.19041.1_none_15ba23b7f1e2b81b\swedish animal lesbian hot (!) (Liz).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\Downloads\danish beastiality horse [free] penetration .avi.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_57eddd48e7a74274\cum bukkake voyeur granny .zip.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_es-es_8da1621e0a800290\asian beast [free] hairy (Kathrin,Curtney).mpg.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\italian gang bang trambling sleeping titts (Christine,Karin).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.1_none_abfc9db6c377b91f\black handjob lesbian masturbation (Samantha).mpg.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx4-_dataperfcou.._shared12_neutral_h_b03f5f7f11d50a3a_4.0.15805.0_none_24ed4511dcc3019e\russian animal blowjob licking fishy (Gina,Liz).rar.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-security-ntlmshared_31bf3856ad364e35_10.0.19041.1_none_7d9dab4e456449b1\gang bang gay [bangbus] hole balls .zip.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Windows\SystemResources\Windows.ShellCommon.SharedResources\american horse fucking [milf] feet (Sonja,Karin).rar.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-composable-sharepicker_31bf3856ad364e35_10.0.19041.1_none_c87e96327faffd0e\beast catfight (Tatjana).rar.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_es-es_e5c3ad79c4e34ebb\cum lesbian masturbation .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_ee7ea14f7d8a3ee3\german xxx big girly .mpg.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_14c898cc82025c76\norwegian bukkake [free] wifey (Sandy,Jade).mpg.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.84_none_81616275259e37fe\gang bang lesbian [free] glans .rar.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.746_none_2212358fc33cc10f\asian trambling [free] .rar.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx4-uninstallsqlstatetemplate_sql_b03f5f7f11d50a3a_4.0.15805.0_none_db70a8ec1b999dd5\blowjob licking .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Windows\WinSxS\x86_microsoft-windows-m..-temptable-provider_31bf3856ad364e35_10.0.19041.1_none_77cfea69a421a4a1\canadian bukkake several models (Janette).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.928_none_33e0d5558cdd7c61\cum sperm uncut hotel .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_ab42fb092bda9182\canadian trambling masturbation titts .rar.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_10.0.19041.1_none_ae957c4c35a7bf73\spanish fucking [milf] glans stockings (Tatjana).avi.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_6242879b1c08046f\chinese blowjob uncut stockings (Sonja,Curtney).zip.exe | C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe
"C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe"
C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe
"C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe"
C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe
"C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe"
C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe
"C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.204.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 177.249.84.238.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.118.77.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 124.206.230.47.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.146.68.251.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 51.156.247.226.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 126.168.97.210.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 85.37.45.203.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 61.102.25.110.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.73.49.194.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 239.17.47.194.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.88.84.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.4.171.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 39.146.221.101.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.98.68.58.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.185.68.205.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.132.29.38.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 62.186.160.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 162.38.237.188.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.245.212.73.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 255.253.129.161.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 255.57.30.81.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.157.207.28.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 239.76.247.57.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 252.227.183.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.138.65.114.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.114.217.65.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 188.53.197.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.49.111.230.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 153.195.103.106.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.93.149.79.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 252.11.71.161.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.33.138.229.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.34.47.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.10.212.182.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 219.255.31.246.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 44.207.156.147.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.18.154.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.150.136.117.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 162.254.228.33.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.122.115.175.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.192.130.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.45.209.249.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 125.160.124.75.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.116.9.61.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 251.192.120.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.251.235.238.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 223.197.198.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.188.97.234.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.39.235.21.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.51.10.132.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.164.47.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.44.151.232.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 123.89.152.38.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.154.26.175.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 118.204.137.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.3.151.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 184.227.199.182.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.69.116.129.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.253.125.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 253.155.62.9.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.42.212.135.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.15.17.27.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.19.156.63.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 61.150.117.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 114.83.106.79.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 245.128.243.200.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.71.155.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.144.102.122.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 201.200.52.48.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.32.50.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.106.30.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 166.160.11.15.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.177.120.7.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 181.158.24.94.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.113.34.111.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.64.62.254.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.152.119.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.122.29.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.238.214.116.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.47.133.82.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.185.82.50.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 204.110.158.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 148.146.103.5.in-addr.arpa | udp |
| US | 8.8.8.8:53 | udp |
Files
memory/628-0-0x0000000000400000-0x000000000041C000-memory.dmp
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\swedish horse gay [bangbus] .mpg.exe
| MD5 | 5239bc665b0756b1e1df036a5f0a09ad |
| SHA1 | b5818c76aade9049f5ecaf05384c0da3da38f3a6 |
| SHA256 | e4885ad52f528300050ba05d477d6b372b4d31cd74d6b12bc6bff1890b9cc697 |
| SHA512 | 994d4f757c153188529d290cdfd57bd2978a96bac81eeda60ac361f83e0bef622650f7e194ef0c980002583186edcf947d64a4d69d8fc407711bb24ac9d5223b |
memory/4996-36-0x0000000000400000-0x000000000041C000-memory.dmp
memory/4524-157-0x0000000000400000-0x000000000041C000-memory.dmp
memory/3336-159-0x0000000000400000-0x000000000041C000-memory.dmp
memory/628-184-0x0000000000400000-0x000000000041C000-memory.dmp
memory/4996-185-0x0000000000400000-0x000000000041C000-memory.dmp
memory/4524-186-0x0000000000400000-0x000000000041C000-memory.dmp
memory/628-189-0x0000000000400000-0x000000000041C000-memory.dmp
memory/628-195-0x0000000000400000-0x000000000041C000-memory.dmp
memory/628-205-0x0000000000400000-0x000000000041C000-memory.dmp
memory/628-209-0x0000000000400000-0x000000000041C000-memory.dmp
memory/628-214-0x0000000000400000-0x000000000041C000-memory.dmp
memory/628-218-0x0000000000400000-0x000000000041C000-memory.dmp
memory/628-222-0x0000000000400000-0x000000000041C000-memory.dmp
memory/628-226-0x0000000000400000-0x000000000041C000-memory.dmp
memory/628-230-0x0000000000400000-0x000000000041C000-memory.dmp
memory/628-234-0x0000000000400000-0x000000000041C000-memory.dmp
memory/628-238-0x0000000000400000-0x000000000041C000-memory.dmp
memory/628-242-0x0000000000400000-0x000000000041C000-memory.dmp
memory/628-246-0x0000000000400000-0x000000000041C000-memory.dmp