Analysis Overview
SHA256
8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62
Threat Level: Known bad
The file 8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62 was found to be: Known bad.
Malicious Activity Summary
UPX dump on OEP (original entry point)
Detects executables containing possible sandbox analysis VM usernames
UPX dump on OEP (original entry point)
Checks computer location settings
UPX packed file
Reads user/profile data of web browsers
Adds Run key to start application
Enumerates connected drives
Drops file in System32 directory
Drops file in Program Files directory
Drops file in Windows directory
Unsigned PE
Enumerates physical storage devices
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-07 23:18
Signatures
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-07 23:18
Reported
2024-04-07 23:20
Platform
win7-20240221-en
Max time kernel
150s
Max time network
151s
Command Line
Signatures
Detects executables containing possible sandbox analysis VM usernames
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\black kicking hardcore big boobs wifey (Samantha).mpg.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\handjob girls (Jade).mpg.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Windows\System32\LogFiles\Fax\Incoming\fetish gay [free] circumcision (Gina).rar.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\american gay [milf] nipples .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\fetish horse big cock .mpg.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\shared\porn handjob catfight .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\horse handjob several models feet mature .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\trambling lesbian (Sylvia,Curtney).zip.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\shared\french gay licking .avi.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\indian handjob [milf] shower .rar.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\Common Files\Microsoft Shared\kicking cum big glans traffic .zip.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Shared Gadgets\lesbian cumshot uncut ash sweet .rar.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\swedish fetish licking wifey .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\african hardcore public .mpg.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\Download\brasilian animal hardcore hot (!) (Kathrin).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\fucking hot (!) lady .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\swedish trambling full movie (Karin).mpg.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\japanese cumshot fetish masturbation nipples ¤ã (Samantha,Ashley).avi.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Program Files\DVD Maker\Shared\cum big upskirt .mpg.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\african action nude public (Liz,Christine).zip.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\horse [bangbus] vagina (Christine).avi.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Program Files\Windows Journal\Templates\lesbian several models .zip.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\microsoft shared\norwegian sperm uncut granny (Jade).zip.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\xxx licking pregnant .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\fetish bukkake catfight .avi.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\cumshot blowjob hot (!) mistress (Jade,Sandy).zip.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\swedish action animal catfight mature .avi.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\Downloads\swedish xxx porn [milf] young .mpg.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_65b23d3c3a97bfaf\chinese xxx xxx [milf] beautyfull .avi.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_en-us_00f45b041e1e8fd3\black xxx trambling [bangbus] balls .avi.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-m..-temptable-provider_31bf3856ad364e35_6.1.7600.16385_none_1dd3ce8d1e7524cd\tyrkish animal [milf] .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_d81c96999f75bd77\black hardcore animal full movie cock ejaculation .avi.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8c6fc5a7aa8c435d\gay public shower (Sandy,Kathrin).mpg.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2fc4a33adb648f33\chinese handjob several models high heels .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ad7c61fb28607522\nude fetish voyeur glans .mpg.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_b7f38afb92de484f\tyrkish horse voyeur boobs .zip.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_6f0f7833cb71e18d\danish animal [free] (Samantha).rar.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Windows\winsxs\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_79642285ffd2a388\brasilian handjob girls boobs hairy .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_515dc677700303ec\indian lingerie masturbation boobs girly (Karin,Samantha).rar.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\lingerie action uncut .avi.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Windows\winsxs\Temp\horse public femdom .mpg.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_965db382b6fef5cb\blowjob licking .mpg.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0993a1b8823a4e79\japanese blowjob licking cock (Curtney).mpg.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_095efe9c8261401e\handjob [free] wifey .rar.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\malaysia xxx big hairy .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Windows\assembly\tmp\norwegian horse cum big hole young .avi.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_60a2cbbf935c42b4\cum public .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_f3c374fc18118ca2\black hardcore masturbation cock 50+ .avi.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_6208b91f46896156\animal porn public (Melissa,Kathrin).avi.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_bacc7ceffc55dca2\horse masturbation latex .rar.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_9498b282333b64ec\chinese lingerie action hidden nipples leather .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_6.1.7600.16385_none_2958d4a31d2ec64f\japanese kicking [free] blondie (Sonja).avi.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\swedish cumshot sperm lesbian mature .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_4fe2107fd06efdd8\indian kicking several models leather .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_es-es_00bfb7e81e458178\horse beast voyeur ash .zip.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_97a45841ff925aa0\kicking hot (!) gorgeoushorny .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_aedaf3947d09fbe5\bukkake horse public gorgeoushorny .rar.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\cumshot lesbian nipples high heels .mpg.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_6.1.7600.16385_none_5499606faffb3f9f\british porn beastiality hidden .avi.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Windows\winsxs\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_6b16fa9f975e1109\italian cumshot xxx uncut (Curtney).avi.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Windows\assembly\temp\russian nude hidden shower .rar.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5d9f7d70ed4643fd\asian animal [bangbus] ìï .rar.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8d9f242de8497d58\nude licking lady (Gina,Sylvia).avi.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8bfc34b93f0fdd42\malaysia gang bang lingerie several models shower .rar.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\tyrkish fucking trambling public vagina .avi.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5d6ada54ed6d35a2\horse beast [milf] upskirt (Anniston).zip.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_3c93ac15fd731acf\japanese beastiality masturbation .mpg.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_99b74194b7347cab\beastiality horse lesbian cock pregnant .rar.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05\tyrkish cum lesbian 40+ .avi.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b4aea777fe683838\lesbian animal licking .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_39374e2435a71b47\nude licking YEâPSè& .avi.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\horse beastiality lesbian feet granny (Sonja,Karin).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\tyrkish hardcore porn [bangbus] bedroom (Sylvia).mpg.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\Downloads\nude catfight feet .zip.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_00225053e03f4c04\gang bang beastiality hot (!) .rar.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a3772de7111797da\black cum sleeping boots .zip.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_f0ca3430257ea13f\hardcore horse girls (Sonja,Jade).rar.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_16a2bb1dbab1c595\nude nude girls .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\canadian action hardcore [bangbus] lady .zip.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Windows\Downloaded Program Files\gang bang action big .mpg.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_94828572f7ddbf0f\japanese fetish lesbian hairy .avi.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_it-it_18a6fde3093acac7\indian cumshot voyeur .mpg.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Windows\PLA\Templates\canadian bukkake sperm hot (!) hole boots .avi.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_34400a5790d1d336\norwegian horse public ìï (Samantha).rar.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_6.1.7600.16385_none_49dd84a06c7c8863\animal [bangbus] glans ash .zip.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_ddab3bcb3a4ffb45\malaysia handjob public cock (Janette,Christine).zip.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_60c2504d62fd4f0e\nude masturbation YEâPSè& .zip.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_aea650787d30ed8a\canadian porn horse [bangbus] 50+ .rar.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\russian animal several models (Curtney).avi.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe
"C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe"
C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe
"C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe"
C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe
"C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe"
C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe
"C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 103.84.134.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.95.203.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 143.14.71.125.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.41.149.144.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.151.148.239.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.65.21.113.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 179.46.165.70.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.52.67.138.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 190.103.245.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 248.40.2.68.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 174.129.46.124.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.21.216.121.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.158.77.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.153.159.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.202.42.139.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.46.138.135.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.91.221.233.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 224.111.224.171.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 255.136.158.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 120.190.66.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.121.184.114.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.161.238.33.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.68.92.85.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 170.119.195.237.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.85.27.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.236.97.118.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 63.214.188.10.in-addr.arpa | udp |
Files
memory/2192-0-0x0000000000400000-0x000000000041E000-memory.dmp
C:\Program Files\Windows Sidebar\Shared Gadgets\lesbian cumshot uncut ash sweet .rar.exe
| MD5 | 216f26dc8ce1f660053fb257d739c6cc |
| SHA1 | 6fa5cbe4f203d371a181dc67c208933524624b6c |
| SHA256 | fa8d7f0aec3384285c82939d7bfa13e161cb4adf6a1a0a38cd35b208d5cac051 |
| SHA512 | ff7e8746cbcd1067440c4ac6d236fe5c862288539d7db9d5d7e18ee9b4dc8aedb8a00bdb0da3ece60c118b4caafebad2c7adf58c799fd13220bc3eef834ddd3f |
memory/2192-59-0x0000000005290000-0x00000000052AE000-memory.dmp
memory/1364-60-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2192-89-0x0000000005290000-0x00000000052AE000-memory.dmp
memory/1364-90-0x00000000020C0000-0x00000000020DE000-memory.dmp
memory/2580-91-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2192-93-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1372-95-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2580-96-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2192-99-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2192-108-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2192-109-0x0000000005290000-0x00000000052AE000-memory.dmp
memory/2192-110-0x0000000005290000-0x00000000052AE000-memory.dmp
memory/1364-112-0x00000000020C0000-0x00000000020DE000-memory.dmp
memory/2192-115-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2192-119-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2192-123-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2192-129-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2192-133-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2192-137-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2192-141-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2192-145-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2192-149-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2192-153-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2192-157-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2192-161-0x0000000000400000-0x000000000041E000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-07 23:18
Reported
2024-04-07 23:20
Platform
win10v2004-20240226-en
Max time kernel
150s
Max time network
151s
Command Line
Signatures
Detects executables containing possible sandbox analysis VM usernames
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\IME\SHARED\danish gang bang hardcore uncut .zip.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\bukkake voyeur .avi.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\gay sleeping (Sarah).avi.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\SHARED\xxx full movie (Janette).avi.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Windows\System32\LogFiles\Fax\Incoming\horse masturbation hole castration .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\american kicking trambling hidden (Liz).avi.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\russian fetish trambling sleeping titts .rar.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\trambling full movie feet balls (Samantha).avi.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\norwegian gay sleeping shower .zip.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\beast sleeping shoes .avi.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\hardcore masturbation hole castration .avi.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\trambling [bangbus] (Melissa).avi.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\black cum xxx [free] fishy .avi.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Templates\sperm big feet granny (Jade).avi.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\lingerie catfight boots .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Program Files\Microsoft Office\Updates\Download\russian fetish lingerie [bangbus] (Liz).rar.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Shared Gadgets\tyrkish fetish beast voyeur YEâPSè& (Sandy,Karin).mpg.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\Download\tyrkish fetish trambling big .zip.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\indian cumshot lesbian girls titts stockings .zip.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\gay masturbation feet hotel .rar.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\indian horse gay hot (!) glans stockings .zip.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\cum gay several models feet granny (Janette).mpg.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\horse hot (!) hole pregnant .rar.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\xxx licking (Melissa).mpg.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\cumshot gay [free] (Sylvia).zip.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\malaysia bukkake lesbian feet YEâPSè& (Samantha).rar.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Microsoft Shared\brasilian beastiality lingerie several models feet leather (Janette).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\tyrkish beastiality lingerie licking (Melissa).rar.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Program Files\dotnet\shared\american cum beast voyeur cock .mpg.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\american fetish beast big .avi.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\security\templates\tyrkish horse hardcore full movie titts .mpg.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_en-us_64f5aaf4bb13ecef\russian cum bukkake full movie .zip.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-w..acejoin-gptemplates_31bf3856ad364e35_10.0.19041.1_none_609f27436445f4da\action trambling several models mistress .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Windows\assembly\temp\danish animal blowjob hot (!) shower .rar.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_it-it_4c5922428a6f2d08\asian fucking several models (Melissa).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_es-es_8da1621e0a800290\sperm full movie glans .avi.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx-aspnet-sharedcomponents_b03f5f7f11d50a3a_4.0.19041.1_none_47ca94859da20b28\sperm [free] upskirt .mpg.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Windows\WinSxS\x86_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_10.0.19041.1_none_d980e9752d51efac\african hardcore licking ash (Sonja,Janette).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Windows\SystemResources\Windows.UI.ShellCommon\SharePickerUI\black kicking horse girls titts traffic (Liz).rar.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_3a3c49005c947bac\trambling uncut 50+ (Britney,Sylvia).mpg.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Windows\mssrv.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1_none_3cfd44d351b1a8ab\norwegian fucking [free] hole lady (Sylvia).rar.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx-aspnet-nonwow64-shared_b03f5f7f11d50a3a_4.0.19041.1_none_d66d07dacac85e2d\beastiality beast girls glans .zip.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_de-de_21122d7205c6f5b9\horse full movie black hairunshaved .zip.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_10.0.19041.207_none_e2f2dfeea7fa44fc\animal fucking full movie (Janette).mpg.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-t..ervices-tsfairshare_31bf3856ad364e35_10.0.19041.1_none_e32b64807ab11fd2\black kicking lesbian public hole girly (Karin).rar.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.789_en-us_58ebf9ecc407e3c0\african hardcore [free] .mpg.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_621728fcd3c9d5f6\kicking xxx public lady .avi.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_bfae5918c0443f83\cum beast licking .rar.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_en-us_8dd6053a0a5910eb\porn trambling several models swallow .rar.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-security-ntlmshared_31bf3856ad364e35_10.0.19041.1_none_7d9dab4e456449b1\action gay hot (!) (Tatjana).zip.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_57eddd48e7a74274\russian cumshot hardcore [milf] feet .zip.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_19d22204a1f3fcaf\canadian fucking licking titts .rar.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.746_none_d404daff82e97769\spanish xxx girls glans swallow (Jade).mpg.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_14c898cc82025c76\russian gang bang trambling catfight cock .rar.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedpc-sharedpccsp_31bf3856ad364e35_10.0.19041.746_none_4cfe603abbcbfd86\action horse [milf] titts castration .rar.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\hardcore [bangbus] feet .rar.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_adfc5e0bfca53431\spanish hardcore full movie glans traffic .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_fd7349c396c417ae\lingerie masturbation cock .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-s..-kf-commondownloads_31bf3856ad364e35_10.0.19041.1_none_a914e3e3f19ceda1\lesbian [milf] feet .avi.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-update-upshared_31bf3856ad364e35_10.0.19041.84_none_85259eff919b7c9e\brasilian kicking xxx [free] .rar.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_62312bfbb33d478a\chinese xxx voyeur hole blondie (Jade).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_fad1fa0072ef4a3a\gang bang xxx girls glans .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\xxx [milf] mistress .avi.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_ab42fb092bda9182\italian action fucking hidden .mpg.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_887b2378b7b5651d\chinese beast masturbation (Liz).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Windows\assembly\tmp\american cumshot gay masturbation titts fishy (Curtney).mpg.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\indian kicking bukkake full movie .rar.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1202_none_d8a1416ab7cccdcf\german blowjob public cock upskirt .mpg.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_de-de_3d077a9cd5de5151\gang bang bukkake full movie hole sm (Curtney).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-update-upshared_31bf3856ad364e35_10.0.19041.1151_none_025296d718a7b3a8\asian xxx hidden glans .rar.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_10.0.19041.1_none_01240756137c3159\german hardcore licking .avi.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\swedish nude lingerie [milf] feet hairy .zip.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_2fe79eae2833b9b1\french beast catfight black hairunshaved .zip.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-security-ntlmshared_31bf3856ad364e35_10.0.19041.1_none_734900fc110387b6\canadian fucking public cock .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.1_none_7862ecae0548fb54\french beast [bangbus] (Karin).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Windows\InputMethod\SHARED\danish gang bang lesbian masturbation ash .rar.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_10.0.19041.1_none_de1581e9a275faf8\animal blowjob [bangbus] traffic (Jenna,Sarah).rar.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Windows\WinSxS\msil_microsoft.powershel..filedownloadmanager_31bf3856ad364e35_10.0.19041.1_none_cb69bad627df9263\tyrkish porn blowjob catfight cock lady (Karin).mpg.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..ces-ime-eashared-lm_31bf3856ad364e35_10.0.19041.1_none_4756d423b091d10b\chinese lesbian masturbation feet beautyfull (Janette).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-m..ineshared.resources_31bf3856ad364e35_10.0.19041.1_en-us_a4327320c19e2fa7\handjob fucking sleeping (Samantha).avi.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_en-us_310bfb76047869ad\gang bang blowjob [free] titts ejaculation (Jade).rar.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_it-it_56adcc94becfef03\horse fucking [milf] glans .avi.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_10.0.19041.1_none_551afa5edf8be30e\sperm catfight glans circumcision .avi.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\templates\hardcore voyeur cock stockings .avi.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.1_none_c6da8048542fddc7\indian beastiality xxx [milf] .zip.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\horse hidden cock shoes (Janette).avi.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_10.0.19041.1_none_a3d9a07cf2290837\cumshot lesbian lesbian .rar.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_it-it_bdb6c49fcea35732\british fucking full movie glans balls .mpg.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_6c6bd34f082a97f1\indian handjob xxx [milf] hole mistress .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Windows\SystemResources\Windows.ShellCommon.SharedResources\lingerie sleeping .mpg.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5021dd18efc0460c\cumshot beast public cock boots .rar.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_e79b400a6df5fd2c\indian nude lingerie lesbian titts fishy (Tatjana).avi.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_07787dd7ae0cf4f6\norwegian lingerie big cock ash (Sylvia).avi.exe | C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe
"C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe"
C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe
"C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe"
C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe
"C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe"
C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe
"C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 249.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.118.77.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.209.167.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 132.164.15.226.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 251.118.243.99.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 219.80.99.252.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 242.227.247.156.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.154.237.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 159.89.12.22.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.67.185.227.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.8.220.15.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.34.187.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.220.232.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.234.114.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 39.105.55.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 61.250.38.97.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 51.192.44.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.99.144.57.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 120.92.62.55.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 248.222.50.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.160.214.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 214.230.77.167.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.55.208.113.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.210.138.56.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.210.244.79.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 250.64.224.247.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 242.6.51.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.112.130.70.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 244.151.155.213.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.124.54.219.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.93.181.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.202.27.98.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.220.120.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.197.119.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.34.148.228.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 246.219.47.102.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.106.58.124.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 247.226.57.79.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 176.145.68.75.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.127.17.254.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 87.156.178.118.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 61.175.183.186.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 60.122.152.170.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.104.113.111.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.48.170.182.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.114.30.38.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.71.59.125.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.19.183.210.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.197.103.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 246.236.158.210.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.206.162.175.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.158.145.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.136.1.105.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 114.33.208.112.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.112.251.135.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 132.251.89.240.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 167.203.13.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 102.14.218.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 47.95.119.218.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.182.157.211.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.138.235.83.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 165.135.206.86.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.101.106.89.in-addr.arpa | udp |
Files
memory/1092-0-0x0000000000400000-0x000000000041E000-memory.dmp
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\american fetish beast big .avi.exe
| MD5 | b974a907218bc9279603825878bd32cf |
| SHA1 | e9581c7a8defdbc5cbc64a026216a0566254af2c |
| SHA256 | 418b4ea406d0d6856d9dd90d5020056c8df037903a8fee3bdf21ad765bebb4ba |
| SHA512 | 0ceba30caa8f3468340c53d2f408830befc89969d2a30102c41441831881864f34a77a2778912532002fb83d40162933c8f09e33a8faaad24d35378c040c4e77 |
memory/3560-160-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1952-161-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1092-180-0x0000000000400000-0x000000000041E000-memory.dmp
memory/4600-181-0x0000000000400000-0x000000000041E000-memory.dmp
memory/3560-182-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1092-185-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1092-186-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1092-192-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1092-202-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1092-206-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1092-211-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1092-215-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1092-219-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1092-223-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1092-227-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1092-231-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1092-235-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1092-239-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1092-243-0x0000000000400000-0x000000000041E000-memory.dmp