Analysis Overview
SHA256
8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c
Threat Level: Known bad
The file 8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c was found to be: Known bad.
Malicious Activity Summary
UPX dump on OEP (original entry point)
Detects executables containing possible sandbox analysis VM usernames
UPX dump on OEP (original entry point)
Checks computer location settings
UPX packed file
Reads user/profile data of web browsers
Enumerates connected drives
Adds Run key to start application
Drops file in System32 directory
Drops file in Program Files directory
Drops file in Windows directory
Unsigned PE
Enumerates physical storage devices
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-07 23:19
Signatures
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-07 23:19
Reported
2024-04-07 23:22
Platform
win7-20240319-en
Max time kernel
150s
Max time network
152s
Command Line
Signatures
Detects executables containing possible sandbox analysis VM usernames
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\FxsTmp\lesbian [milf] .avi.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\shared\black handjob xxx big YEâPSè& .avi.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\sperm [bangbus] titts gorgeoushorny (Curtney).mpg.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\fucking licking .zip.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\black fetish hardcore [free] boots .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\shared\sperm masturbation sweet .zip.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Windows\System32\LogFiles\Fax\Incoming\indian cum horse catfight penetration .avi.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\danish beastiality bukkake full movie sweet .mpg.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\horse hot (!) hotel (Christine,Jade).rar.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\hardcore [milf] balls .mpg.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Common Files\microsoft shared\russian fetish blowjob licking ìï (Britney,Liz).mpg.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\lesbian [free] (Curtney).zip.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\danish horse xxx girls hole 50+ .avi.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Program Files\Windows Journal\Templates\trambling [bangbus] black hairunshaved .mpg.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Shared Gadgets\swedish kicking sperm sleeping 40+ .rar.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\handjob trambling masturbation feet .mpg.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\american kicking bukkake catfight gorgeoushorny .zip.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Program Files\DVD Maker\Shared\sperm sleeping .mpg.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\indian handjob trambling [milf] 40+ .rar.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\swedish fetish fucking catfight hole .avi.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\blowjob several models glans redhair .mpg.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\Download\xxx hot (!) .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\tyrkish animal xxx voyeur blondie .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\danish beastiality hardcore hidden titts blondie (Curtney).mpg.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\blowjob full movie feet (Kathrin,Sylvia).rar.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\italian nude gay hot (!) (Liz).rar.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Windows\SoftwareDistribution\Download\sperm [free] cock young (Melissa).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_293ea1e3e6bc5364\african hardcore catfight titts .avi.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_bacc7ceffc55dca2\american fetish sperm public 50+ .mpg.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_60c2504d62fd4f0e\american kicking blowjob voyeur (Sarah).rar.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_965db382b6fef5cb\horse blowjob voyeur .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\japanese cum xxx lesbian 50+ .avi.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\Downloads\beast hot (!) feet upskirt .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f25d066604c2ad34\malaysia horse several models titts circumcision .mpg.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_94828572f7ddbf0f\african beast [free] .zip.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8d9f242de8497d58\chinese sperm full movie titts .avi.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_aea650787d30ed8a\french lingerie licking lady .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_dd18b2a07d49aa11\handjob blowjob catfight granny .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\lingerie several models .mpg.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8bc7919d3f36cee7\horse voyeur feet (Britney,Liz).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_664dbffec8693dfe\porn gay sleeping granny .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_bcc167434bb9b3ea\gang bang trambling big (Melissa).rar.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a3772de7111797da\cum trambling full movie feet black hairunshaved .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8bfc34b93f0fdd42\porn lesbian voyeur redhair .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0ac4ebfc358e5ec0\spanish blowjob uncut leather .avi.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_a945e2c500c90142\porn gay full movie titts .avi.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\russian animal horse [free] pregnant .mpg.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\beast [free] feet swallow .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_6.1.7600.16385_none_6377027f0030a06a\danish porn bukkake [bangbus] (Samantha).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_f3c374fc18118ca2\trambling hot (!) traffic .rar.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\fucking [bangbus] gorgeoushorny .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\italian fetish gay uncut titts .mpg.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_6.1.7600.16385_none_5499606faffb3f9f\fucking hidden feet boots .zip.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_6.1.7600.16385_none_a727eb798dcfb185\black gang bang beast hot (!) (Sylvia).avi.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_39374e2435a71b47\horse xxx hidden hole (Sonja,Melissa).avi.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_cd2006602e5ee22e\gang bang beast lesbian .zip.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\danish kicking beast girls 50+ .rar.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\italian cum trambling uncut girly .rar.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Windows\security\templates\gay lesbian .rar.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ad7c61fb28607522\brasilian handjob xxx voyeur .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_f0ca3430257ea13f\spanish hardcore uncut traffic .zip.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Windows\winsxs\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_6b16fa9f975e1109\swedish porn lingerie [free] .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_3863e9ef3f804dd9\french lesbian [milf] redhair .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-m..-temptable-provider_31bf3856ad364e35_6.1.7600.16385_none_1dd3ce8d1e7524cd\asian blowjob hot (!) swallow .zip.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_1412267f4b3bb985\canadian hardcore sleeping fishy .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Windows\winsxs\InstallTemp\canadian gay uncut titts traffic (Karin).avi.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_3d98a610fed70b75\chinese lesbian hot (!) redhair .zip.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Windows\Downloaded Program Files\trambling voyeur lady (Anniston,Melissa).avi.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\italian animal sperm full movie feet shoes .zip.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\brasilian kicking lesbian licking cock wifey .mpg.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0af98f1835676d1b\indian animal gay [milf] .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_3c93ac15fd731acf\fucking girls leather .rar.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_387a16fe7addf3b6\brasilian gang bang fucking big pregnant (Ashley,Janette).avi.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_94ab98ac6d213009\german xxx voyeur .zip.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_6.1.7600.16385_none_2958d4a31d2ec64f\norwegian sperm [bangbus] feet YEâPSè& .avi.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_34400a5790d1d336\african xxx uncut shower .zip.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_6.1.7600.16385_none_49dd84a06c7c8863\chinese trambling girls feet .rar.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_b7f38afb92de484f\indian nude lingerie lesbian bondage .rar.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\xxx [bangbus] cock mistress (Jade).mpg.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_00225053e03f4c04\african horse lesbian (Karin).avi.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\lingerie catfight .zip.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\beast masturbation beautyfull .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ea4a469ab7713182\norwegian gay licking (Janette).mpg.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_3b85bcbe4734e96a\malaysia blowjob girls feet .zip.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_6f0f7833cb71e18d\beastiality xxx several models (Janette).rar.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2fc4a33adb648f33\beast sleeping glans .rar.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_d8216ed3d8746200\trambling lesbian feet castration .avi.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_6.1.7600.16385_none_af6f98ff87b0e3cc\french horse [bangbus] .zip.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\gay uncut .mpg.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe
"C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe"
C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe
"C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe"
C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe
"C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe"
C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe
"C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 231.221.37.31.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.45.61.231.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.24.31.130.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.238.144.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.10.119.218.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.148.201.143.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.138.162.210.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.18.153.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.18.215.16.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 61.156.92.232.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.52.96.210.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 125.54.203.111.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.194.124.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.166.237.90.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.82.246.102.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 126.207.154.72.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 204.177.147.203.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 199.139.133.1.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 126.92.82.63.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.197.107.198.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.154.236.241.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.141.79.210.in-addr.arpa | udp |
Files
memory/1068-0-0x0000000000400000-0x000000000041E000-memory.dmp
C:\Program Files\Windows Sidebar\Shared Gadgets\swedish kicking sperm sleeping 40+ .rar.exe
| MD5 | 7b6597cb2fc673dc109add7f5154d58b |
| SHA1 | 673c09d644bcb965ff6aa56ecf6fbce9ccad4742 |
| SHA256 | b3b2aa8ffe5fb3ba37b0f5010b76834a41801079635136cc308db9734ba86090 |
| SHA512 | ac6982886de4a168ca6aaf8150d81f245dfb62d8bd280d328fc6421a50ea5f823923f3fe958adfd165cf2dd4427c6d68d3e50991fa5128fe021ebacb0753a41b |
memory/2336-7-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2596-54-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1068-53-0x0000000004870000-0x000000000488E000-memory.dmp
memory/2336-55-0x0000000002090000-0x00000000020AE000-memory.dmp
memory/1068-88-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2336-89-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2596-90-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2732-91-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1068-92-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1068-93-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1068-95-0x0000000004870000-0x000000000488E000-memory.dmp
memory/1068-99-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1068-103-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1068-117-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1068-121-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1068-125-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1068-129-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1068-135-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1068-139-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1068-143-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1068-147-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1068-151-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1068-155-0x0000000000400000-0x000000000041E000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-07 23:19
Reported
2024-04-07 23:22
Platform
win10v2004-20240319-en
Max time kernel
150s
Max time network
156s
Command Line
Signatures
Detects executables containing possible sandbox analysis VM usernames
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\config\systemprofile\fucking catfight redhair .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\tyrkish action beast [free] cock (Sonja,Janette).mpg.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\black animal bukkake sleeping cock .avi.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\canadian lingerie catfight sm .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\SHARED\bukkake several models sm (Anniston,Melissa).mpg.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Windows\System32\LogFiles\Fax\Incoming\trambling several models gorgeoushorny .zip.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\lingerie big .avi.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\black gang bang beast uncut hole .mpg.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\indian beastiality horse full movie .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\danish action hardcore voyeur cock beautyfull .avi.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\SHARED\hardcore [milf] titts .zip.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\lesbian several models blondie .zip.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\Microsoft Office\root\Templates\tyrkish handjob bukkake several models 40+ .rar.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\tyrkish cumshot lesbian hidden hole fishy (Janette).avi.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\spanish lesbian hidden castration .avi.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Install\{D3EA2F86-0081-495C-8439-1E64CA71F999}\EDGEMITMP_57EE5.tmp\lingerie uncut (Samantha).zip.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\swedish fetish trambling catfight .zip.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\Download\hardcore masturbation girly .avi.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\sperm [milf] feet traffic .rar.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\russian nude bukkake catfight ash .mpg.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Program Files\dotnet\shared\tyrkish cum beast big (Samantha).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\blowjob licking hairy .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Shared Gadgets\xxx [milf] hole shoes .rar.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\black horse trambling lesbian .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\russian action horse full movie .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Program Files\Microsoft Office\Updates\Download\danish porn trambling lesbian titts circumcision .avi.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\black cum trambling voyeur hole high heels (Melissa).avi.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Microsoft Shared\indian cumshot beast masturbation .zip.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\american animal bukkake full movie cock .avi.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\american beastiality gay hot (!) .zip.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\danish kicking hardcore lesbian titts castration .rar.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SoftwareDistribution\Download\trambling lesbian shower .rar.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1151_none_fbdc4c5f677dc2ec\gang bang horse hidden glans latex (Melissa).mpg.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_10.0.19041.1_none_8c0b126c198fcf70\nude fucking several models 50+ (Christine,Sylvia).avi.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1288_none_56c05939711f0938\british horse [free] (Sarah).mpg.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Windows\WinSxS\x86_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_10.0.19041.1_none_34e3bab50607a64b\gay voyeur .zip.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Windows\WinSxS\x86_netfx4-installsqlstatetemplate_sql_b03f5f7f11d50a3a_4.0.15805.0_none_bde408a455fc3ece\fetish lingerie catfight cock .rar.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\Downloads\blowjob uncut young .rar.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_93c5f32b7859ec4f\african xxx public cock .rar.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx4-uninstallsqlstatetemplate_sql_b03f5f7f11d50a3a_4.0.15805.0_none_db70a8ec1b999dd5\kicking trambling masturbation titts shower (Samantha).mpg.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.84_none_81616275259e37fe\spanish trambling public redhair .avi.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.1_none_fa09f84703cb02c5\danish kicking bukkake full movie hole YEâPSè& .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_67a96afcfa248327\french horse lesbian .mpg.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.1_none_0bc0f3d4cd7dc8fd\blowjob catfight (Tatjana).avi.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_es-es_bf79b5fcc06b3128\porn trambling voyeur black hairunshaved .rar.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.1_none_abfc9db6c377b91f\norwegian gay [bangbus] glans (Sonja,Karin).zip.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.1_none_6e0e425bd0e83959\handjob xxx [free] feet castration .avi.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.1_none_a7ad1894592cfa12\norwegian sperm hot (!) upskirt .mpg.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_10.0.19041.1_none_ae957c4c35a7bf73\horse bukkake catfight granny .rar.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_10.0.19041.746_none_e2c6a972a81b8d2c\brasilian horse lesbian licking circumcision .avi.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_fe0807c37141be7a\lingerie full movie hole Ôï (Liz).avi.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_57eddd48e7a74274\cumshot xxx big young .mpg.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_10.0.19041.207_none_e2f2dfeea7fa44fc\russian handjob blowjob public bedroom .rar.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.84_none_c494b3b28da10665\beastiality fucking voyeur (Liz).zip.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_10.0.19041.1_none_359f84f8e5af60e2\african xxx public pregnant .rar.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_ca03036af4a5017e\hardcore masturbation hole gorgeoushorny .avi.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_6c85d64de79e0985\malaysia xxx sleeping .rar.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.746_none_de598551b74a3964\french lingerie sleeping bondage .zip.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d38ece58f77171b4\swedish nude blowjob public hole .avi.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_833abdc06c68d338\russian horse beast catfight girly .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_bca64d70c79f104b\african bukkake big fishy .zip.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_62312bfbb33d478a\indian action fucking public cock (Britney,Sarah).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.964_none_1c1a193f5bfcf136\russian cum beast public beautyfull .avi.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_it-it_56adcc94becfef03\british sperm girls swallow .mpg.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.906_none_f962ab5f47e1e896\italian cumshot gay girls (Samantha).avi.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Windows\WinSxS\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_10.0.19041.1_none_a723631dce180fe0\hardcore [free] .zip.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\tyrkish cum beast sleeping circumcision .avi.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-u..ell-sharedutilities_31bf3856ad364e35_10.0.19041.1_none_813610a8a9b59e0a\american kicking lingerie sleeping girly .rar.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_10.0.19041.746_none_292c449ed2edefa3\fucking licking .mpg.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.1_none_b201c2e68d8dbc0d\hardcore hot (!) glans .rar.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_2426cc56d654beaa\sperm several models glans ash .avi.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1_none_a23e6a858fad9595\porn horse voyeur ejaculation .zip.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Windows\SystemResources\Windows.ShellCommon.SharedResources\indian beastiality hardcore sleeping mistress .mpg.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-m..ineshared.resources_31bf3856ad364e35_10.0.19041.1_en-us_99ddc8ce8d3d6dac\african horse sleeping glans boots .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_fd7349c396c417ae\porn xxx sleeping (Sarah).mpg.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.1_none_b6514808f7d87b1a\cum lingerie hidden .avi.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_10.0.19041.1_none_de1581e9a275faf8\russian beastiality hardcore [milf] hole .rar.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.746_none_d404daff82e97769\african hardcore masturbation glans .rar.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_10.0.19041.1_none_ee94ce5eb8e7e4c0\norwegian trambling several models hole .mpg.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\hardcore [free] feet (Sandy,Liz).avi.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_621728fcd3c9d5f6\asian bukkake hidden wifey (Sonja,Sarah).rar.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\danish horse lingerie girls cock .avi.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5fdc43acc1be690d\african bukkake uncut cock ash .mpg.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_bfae5918c0443f83\norwegian trambling hot (!) titts pregnant .rar.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_10.0.19041.1_none_096bb4dc0d5d63a0\blowjob licking glans (Christine,Tatjana).zip.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-update-upshared_31bf3856ad364e35_10.0.19041.1151_none_025296d718a7b3a8\beast hot (!) girly .mpg.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Windows\mssrv.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Windows\SystemResources\Windows.UI.ShellCommon\SharePickerUI\fucking [free] granny .rar.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedpc-sharedpccsp_31bf3856ad364e35_10.0.19041.746_none_4cfe603abbcbfd86\african blowjob hidden (Janette).zip.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_es-es_8da1621e0a800290\spanish xxx full movie .rar.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Windows\WinSxS\msil_microsoft.powershel..filedownloadmanager_31bf3856ad364e35_10.0.19041.1_none_cb69bad627df9263\italian cum horse sleeping hole .zip.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.546_none_cd016aa683e5a345\sperm full movie glans shower .mpg.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.844_none_67b5915b5651dd8a\indian beastiality trambling [bangbus] .zip.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_89c0bf1761110f07\french trambling [free] feet (Jenna,Tatjana).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_10.0.19041.1_none_a3d9a07cf2290837\asian trambling public cock .avi.exe | C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe
"C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe"
C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe
"C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe"
C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe
"C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe"
C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe
"C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=776 --field-trial-handle=3408,i,16599691418790971742,134777455365707676,262144 --variations-seed-version /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 73.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.228.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.114.53.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.118.77.104.in-addr.arpa | udp |
| GB | 13.105.221.15:443 | tcp | |
| NL | 142.251.36.42:443 | tcp | |
| US | 8.8.8.8:53 | 80.186.24.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 143.22.221.254.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 220.143.32.155.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.53.233.220.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.248.76.237.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.32.218.119.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 135.230.35.248.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.133.74.236.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.223.178.12.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 244.184.255.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.34.195.42.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 231.146.17.196.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.167.185.97.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.248.177.255.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.158.75.12.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.226.5.121.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.95.92.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.11.224.223.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.40.5.180.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.8.221.234.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.4.200.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.151.89.161.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 162.165.148.17.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.76.191.105.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 181.5.237.71.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 187.243.142.130.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.141.42.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.118.73.255.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.114.54.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.60.49.77.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.21.177.50.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.13.5.167.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 87.81.170.61.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 45.19.74.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.34.172.232.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 214.220.213.86.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.110.81.240.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.13.115.155.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.165.123.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 63.160.20.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 235.76.30.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 208.30.12.62.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 151.55.74.109.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.183.76.143.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.113.22.190.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.103.110.76.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.168.142.224.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.203.231.249.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 188.100.14.57.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.65.211.166.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.143.182.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 142.217.75.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 160.73.153.234.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 231.59.193.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 215.71.253.240.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.190.142.11.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.109.138.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 179.237.241.73.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.214.206.55.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 166.1.140.192.in-addr.arpa | udp |
Files
memory/5116-0-0x0000000000400000-0x000000000041E000-memory.dmp
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\tyrkish cumshot lesbian hidden hole fishy (Janette).avi.exe
| MD5 | 56b6407fecd88f164cb93a2513a84db4 |
| SHA1 | 280b6aaf70fba1840eab53aa5da48439ba7770a3 |
| SHA256 | 9d33bb3480b37963e4692cfae152afe88670288d15575aab4bf4b4abc7298042 |
| SHA512 | e32850c31e8fe5ee8f91b6893af2889cccadca83e55d91c01dfb5eb96f493e732f4debae55e7c99a6ad7e2a42221f0f46a8c1377570d94889d9951ff540a2704 |
memory/1924-20-0x0000000000400000-0x000000000041E000-memory.dmp
memory/5116-85-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1068-87-0x0000000000400000-0x000000000041E000-memory.dmp
memory/4044-96-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1924-165-0x0000000000400000-0x000000000041E000-memory.dmp
memory/5116-192-0x0000000000400000-0x000000000041E000-memory.dmp
memory/5116-193-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1068-194-0x0000000000400000-0x000000000041E000-memory.dmp
memory/4044-196-0x0000000000400000-0x000000000041E000-memory.dmp
memory/5116-197-0x0000000000400000-0x000000000041E000-memory.dmp
memory/5116-201-0x0000000000400000-0x000000000041E000-memory.dmp
memory/5116-208-0x0000000000400000-0x000000000041E000-memory.dmp
memory/5116-214-0x0000000000400000-0x000000000041E000-memory.dmp
memory/5116-224-0x0000000000400000-0x000000000041E000-memory.dmp
memory/5116-228-0x0000000000400000-0x000000000041E000-memory.dmp
memory/5116-233-0x0000000000400000-0x000000000041E000-memory.dmp
memory/5116-237-0x0000000000400000-0x000000000041E000-memory.dmp
memory/5116-241-0x0000000000400000-0x000000000041E000-memory.dmp
memory/5116-245-0x0000000000400000-0x000000000041E000-memory.dmp
memory/5116-249-0x0000000000400000-0x000000000041E000-memory.dmp
memory/5116-253-0x0000000000400000-0x000000000041E000-memory.dmp