Analysis Overview
SHA256
048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e
Threat Level: Known bad
The file 048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e was found to be: Known bad.
Malicious Activity Summary
UPX dump on OEP (original entry point)
Detects executables containing possible sandbox analysis VM usernames
UPX dump on OEP (original entry point)
Reads user/profile data of web browsers
UPX packed file
Checks computer location settings
Adds Run key to start application
Enumerates connected drives
Drops file in System32 directory
Drops file in Program Files directory
Drops file in Windows directory
Unsigned PE
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-07 18:14
Signatures
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-07 18:14
Reported
2024-04-07 18:16
Platform
win7-20240319-en
Max time kernel
150s
Max time network
149s
Command Line
Signatures
Detects executables containing possible sandbox analysis VM usernames
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\IME\shared\malaysia nude [milf] fishy .zip.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\fucking cum girls stockings .mpg.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\black blowjob masturbation hole (Sonja,Jenna).rar.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\danish beast animal sleeping vagina (Sylvia,Anniston).zip.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\beast nude hidden cock .zip.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\fetish xxx several models (Tatjana).mpg.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\beastiality catfight girly (Curtney,Melissa).rar.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\shared\horse cumshot full movie titts redhair .mpg.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Windows\System32\LogFiles\Fax\Incoming\lesbian porn catfight high heels .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\british hardcore blowjob licking stockings (Christine,Christine).mpg.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\Common Files\Microsoft Shared\french lingerie hardcore [free] fishy .zip.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Program Files\Windows Journal\Templates\nude fucking [free] (Sandy,Karin).avi.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\russian nude beast voyeur .zip.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\american horse horse voyeur (Samantha,Ashley).rar.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Program Files\DVD Maker\Shared\danish blowjob sleeping .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\brasilian porn sleeping ash castration (Ashley,Anniston).zip.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\indian gay gay lesbian stockings (Janette).zip.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\porn sperm [milf] YEâPSè& (Britney).mpg.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Shared Gadgets\russian nude cumshot voyeur bondage .zip.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\Download\italian trambling [bangbus] swallow .rar.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\microsoft shared\gay sleeping swallow .mpg.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\brasilian horse sperm [free] cock .zip.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\xxx gang bang girls (Kathrin).mpg.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\brasilian horse trambling sleeping redhair (Sonja).mpg.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\tyrkish porn uncut .rar.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_60a2cbbf935c42b4\spanish action animal voyeur vagina (Melissa,Melissa).rar.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5d9f7d70ed4643fd\british lingerie voyeur high heels .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e30b5ec05031d17d\spanish kicking hardcore girls femdom .rar.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8bfc34b93f0fdd42\cum cum licking .rar.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_7bfdfb15e7184c41\gay public femdom .rar.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_6.1.7600.16385_none_2958d4a31d2ec64f\nude hardcore [bangbus] (Liz,Sonja).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Windows\assembly\tmp\japanese cumshot blowjob [free] shower (Sarah,Jenna).zip.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_dba3691c6002e10e\german handjob masturbation nipples hotel .zip.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_963e6ae24c653bfe\german lingerie sperm hidden bedroom .zip.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_515dc677700303ec\porn several models (Karin,Samantha).zip.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_ddab3bcb3a4ffb45\beast hardcore big (Melissa,Sylvia).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\porn gang bang masturbation feet stockings .zip.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\british porn big ejaculation (Karin,Karin).avi.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_34400a5790d1d336\african trambling voyeur cock (Tatjana,Samantha).mpg.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\trambling lingerie hot (!) ash mistress (Janette).avi.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\russian fucking voyeur sweet .rar.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_6.1.7600.16385_none_af6f98ff87b0e3cc\beastiality action [bangbus] gorgeoushorny (Sonja).mpg.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_b7f38afb92de484f\action lesbian ash (Ashley,Kathrin).mpg.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_387a16fe7addf3b6\cum hidden nipples mistress (Melissa).zip.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\fetish cum uncut hole .avi.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_94828572f7ddbf0f\xxx lesbian (Sarah,Janette).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b4aea777fe683838\american gay full movie pregnant .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_1412267f4b3bb985\japanese beast hot (!) swallow .avi.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_16a2bb1dbab1c595\german gang bang full movie .avi.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\bukkake public Ôë .zip.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f25d066604c2ad34\lingerie big redhair .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_de-de_5803850b2f40840e\japanese beast several models sweet (Liz,Kathrin).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0af98f1835676d1b\beast sleeping blondie (Kathrin,Sylvia).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\african sperm action full movie .zip.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\canadian action hidden sm .avi.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05\malaysia gay blowjob voyeur cock redhair .zip.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_00225053e03f4c04\spanish cumshot masturbation glans leather .avi.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a3772de7111797da\bukkake uncut bondage .mpg.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0ac4ebfc358e5ec0\xxx several models (Sandy).mpg.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_dd18b2a07d49aa11\action masturbation balls (Sarah,Jenna).zip.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\horse uncut (Sarah).rar.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\norwegian cumshot sleeping hotel .zip.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_6.1.7600.16385_none_49dd84a06c7c8863\japanese cum fetish public legs leather .zip.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_a945e2c500c90142\african kicking lesbian .zip.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_657d9a203abeb154\canadian bukkake beastiality full movie titts ìï .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_965db382b6fef5cb\british fetish full movie cock .avi.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_3d98a610fed70b75\spanish cum horse public lady .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_5e4ff1f4cf2dee9b\chinese bukkake [milf] .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\brasilian lesbian public boobs ejaculation .mpg.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_65b23d3c3a97bfaf\tyrkish lingerie girls girly .rar.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_c26c5b8280c6af34\cum horse hot (!) (Samantha,Anniston).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_3b85bcbe4734e96a\swedish fucking beastiality [bangbus] (Jade).rar.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\Downloads\trambling uncut YEâPSè& .zip.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Windows\SoftwareDistribution\Download\african horse kicking full movie (Liz).zip.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_99b74194b7347cab\black beastiality fetish hidden titts .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_9498b282333b64ec\british bukkake public .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\fetish licking boobs hairy .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5d6ada54ed6d35a2\hardcore animal [free] .mpg.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_6208b91f46896156\beast girls .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Windows\winsxs\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_79642285ffd2a388\german horse kicking masturbation (Samantha,Christine).avi.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\horse public (Karin).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\fucking gang bang uncut (Kathrin,Sonja).zip.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8d9f242de8497d58\lesbian full movie .zip.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_bacc7ceffc55dca2\beast gang bang full movie .mpg.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_3863e9ef3f804dd9\brasilian horse nude voyeur pregnant (Britney).mpg.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_d81c96999f75bd77\german gay masturbation swallow .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_4fe2107fd06efdd8\swedish porn voyeur .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_97a45841ff925aa0\german beastiality nude [free] (Jenna,Sarah).avi.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_cd2006602e5ee22e\spanish cumshot hidden ash bondage .rar.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe
"C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe"
C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe
"C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe"
C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe
"C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe"
C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe
"C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 234.158.23.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.36.29.15.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.85.183.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.249.22.160.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.93.84.125.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.79.241.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.21.18.78.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 204.6.38.58.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 170.117.134.248.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.203.186.155.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.123.38.251.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.218.170.60.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 239.197.157.131.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.115.139.245.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.1.160.190.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.206.60.246.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 219.188.97.244.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.26.198.28.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.228.163.143.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.145.59.138.in-addr.arpa | udp |
Files
memory/1068-0-0x0000000000400000-0x000000000041E000-memory.dmp
C:\Program Files\Windows Sidebar\Shared Gadgets\russian nude cumshot voyeur bondage .zip.exe
| MD5 | b8995611a7dda64d23465daeac22db8a |
| SHA1 | 80ec4391be1f4e36839c9a0c863871f11252b1de |
| SHA256 | a63d8385bf3e57919fbff19d2ba4e43461f63915b798bd135878deaab4920cfb |
| SHA512 | 9dee4ce7d58d939ad13fb0174a16e8f8391628a7d17a924a2e1b7d744c99814e4c722c7c31cee36d86b7f8dd99501a54ab166e86e2e66ffbd2d5a3d488cbd6c1 |
memory/1068-16-0x0000000004A30000-0x0000000004A4E000-memory.dmp
memory/2580-17-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2580-54-0x00000000045C0000-0x00000000045DE000-memory.dmp
memory/2416-55-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2976-56-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1068-89-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2580-90-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2416-91-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2976-92-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1068-93-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1068-94-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1068-96-0x0000000004A30000-0x0000000004A4E000-memory.dmp
memory/2580-97-0x00000000045C0000-0x00000000045DE000-memory.dmp
memory/1068-101-0x0000000004FF0000-0x000000000500E000-memory.dmp
memory/1068-102-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1068-116-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1068-120-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1068-124-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1068-128-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1068-132-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1068-138-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1068-142-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1068-146-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1068-150-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1068-154-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1068-158-0x0000000000400000-0x000000000041E000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-07 18:14
Reported
2024-04-07 18:16
Platform
win10v2004-20240226-en
Max time kernel
150s
Max time network
152s
Command Line
Signatures
Detects executables containing possible sandbox analysis VM usernames
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\System32\LogFiles\Fax\Incoming\danish gang bang lingerie hot (!) hairy .mpg.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\indian fetish blowjob girls hole mistress .avi.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\brasilian gang bang blowjob girls hole .mpg.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\trambling uncut cock femdom (Jade).rar.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\brasilian porn hardcore hot (!) .avi.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\russian cumshot trambling [milf] bedroom .mpg.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\italian horse blowjob hidden titts .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\lingerie masturbation cock hotel .rar.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\japanese kicking beast uncut .mpg.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\SHARED\swedish gang bang sperm big castration .mpg.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\sperm hot (!) (Sarah).zip.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\SHARED\brasilian kicking gay hot (!) castration .mpg.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Common Files\Microsoft Shared\brasilian cum xxx hidden .mpg.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\swedish fetish trambling catfight hole (Britney,Melissa).zip.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\italian gang bang xxx big sweet .avi.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\Download\tyrkish porn sperm hot (!) .mpg.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\brasilian animal xxx [free] titts .rar.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Program Files\Microsoft Office\Updates\Download\horse [free] boots .rar.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\italian animal trambling big hole .avi.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\hardcore public hole castration (Tatjana).mpg.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\swedish porn fucking full movie 40+ .mpg.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\black nude xxx hot (!) titts stockings .zip.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\indian fetish trambling [free] 50+ .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\hardcore lesbian (Jade).mpg.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Shared Gadgets\bukkake masturbation (Samantha).mpg.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\bukkake several models hotel .rar.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\tyrkish fetish hardcore sleeping glans upskirt .rar.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\brasilian fetish horse voyeur feet leather .zip.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Program Files\dotnet\shared\black fetish horse girls ejaculation .mpg.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Templates\japanese porn fucking licking (Jade).zip.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\WinSxS\amd64_netfx4-installsqlstatetemplate_sql_b03f5f7f11d50a3a_4.0.15805.0_none_7636d1cd418015c8\indian gang bang horse masturbation boots .rar.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_ca03036af4a5017e\canadian sperm voyeur ash .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\brasilian cumshot hardcore uncut (Tatjana).mpg.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.746_none_d01527cffa9c25bc\german sperm masturbation feet .mpg.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.906_none_ef0e010d1381269b\japanese porn fucking full movie circumcision .rar.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_10.0.19041.1_none_096bb4dc0d5d63a0\asian blowjob girls granny .zip.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-t..ervices-tsfairshare_31bf3856ad364e35_10.0.19041.1_none_e32b64807ab11fd2\chinese gay lesbian 50+ .zip.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\beast [milf] feet wifey .mpg.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_5b152a8d329397ec\canadian horse masturbation cock .zip.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.1_none_fa09f84703cb02c5\japanese beastiality gay big cock .avi.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Windows\SystemResources\Windows.UI.ShellCommon\SharePickerUI\indian kicking xxx full movie .avi.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-security-ntlmshared_31bf3856ad364e35_10.0.19041.1_none_734900fc110387b6\french lesbian masturbation cock girly (Tatjana).mpg.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.746_none_96167fa49059f7a3\animal beast voyeur circumcision .zip.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-u..ell-sharedutilities_31bf3856ad364e35_10.0.19041.546_none_a93e4a2569276206\chinese lesbian hidden cock leather .mpg.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\templates\blowjob sleeping cock .zip.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1202_none_d8a1416ab7cccdcf\danish handjob hardcore several models fishy .mpg.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.1_none_abfc9db6c377b91f\canadian fucking [free] high heels .rar.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-u..ell-sharedutilities_31bf3856ad364e35_10.0.19041.1_none_813610a8a9b59e0a\cum gay several models titts sm (Sarah).avi.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_bca64d70c79f104b\cumshot beast voyeur .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.964_none_1c1a193f5bfcf136\horse licking hole .rar.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_de-de_bc04d4fbcc35e12a\action beast several models .avi.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_en-us_64f5aaf4bb13ecef\malaysia fucking masturbation (Janette).avi.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedpc-sharedpccsp_31bf3856ad364e35_10.0.19041.746_none_4cfe603abbcbfd86\italian porn beast hidden (Janette).avi.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-w..acejoin-gptemplates_31bf3856ad364e35_10.0.19041.1_none_609f27436445f4da\fetish gay sleeping mature (Sonja,Sylvia).rar.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\beast big feet .zip.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\beast girls feet lady .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_19d22204a1f3fcaf\swedish nude sperm [free] cock gorgeoushorny .zip.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_93c5f32b7859ec4f\gang bang bukkake licking gorgeoushorny .mpg.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx4-uninstallsqlstatetemplate_sql_b03f5f7f11d50a3a_4.0.15805.0_none_db70a8ec1b999dd5\black horse hardcore masturbation feet bondage .avi.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Windows\CbsTemp\tyrkish porn lesbian hidden hole sweet (Jade).mpg.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.1_none_4a03fd12cb3f16c2\indian cum bukkake lesbian feet .rar.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Windows\WinSxS\Temp\russian handjob lingerie hot (!) swallow (Britney,Janette).rar.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.1_none_b6514808f7d87b1a\sperm masturbation feet ejaculation (Samantha).avi.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.746_none_a06b29f6c4bab99e\german bukkake licking upskirt .rar.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_adfc5e0bfca53431\cum beast masturbation (Karin).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_de-de_881b257d159a5de8\japanese cum xxx several models glans .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-a..gement-uevtemplates_31bf3856ad364e35_10.0.19041.1_none_0d66b54875835a49\french gay catfight feet shoes (Karin).zip.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.867_none_c29826784f9429f8\cumshot xxx masturbation leather .avi.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.1_none_a7ad1894592cfa12\malaysia xxx big .rar.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedrealitysvc_31bf3856ad364e35_10.0.19041.1_none_5a23b464e1e0b15e\canadian fucking [free] titts boots (Janette).avi.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-update-upshared_31bf3856ad364e35_10.0.19041.84_none_85259eff919b7c9e\lingerie [bangbus] feet lady .mpg.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_it-it_bdb6c49fcea35732\swedish cumshot lesbian licking ejaculation .mpg.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_10.0.19041.1_none_de1581e9a275faf8\malaysia beast [milf] feet blondie .zip.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_en-us_e5f85095c4bc5d16\porn blowjob hot (!) bedroom (Jenna,Janette).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1_none_3cfd44d351b1a8ab\chinese xxx masturbation swallow .zip.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_07787dd7ae0cf4f6\cumshot horse public hole Ôï .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.746_none_d404daff82e97769\black gang bang sperm catfight wifey (Britney,Samantha).mpg.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1288_none_56c05939711f0938\russian gang bang gay [free] traffic .avi.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_10.0.19041.746_none_292c449ed2edefa3\xxx full movie .avi.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_b597a55b603b537d\norwegian trambling sleeping hotel .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\swedish kicking beast full movie hotel .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\lingerie voyeur .rar.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_5d54c0aac5c3c12c\blowjob catfight sweet .zip.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_1bbb9ab9fc52bac9\porn xxx girls glans circumcision (Curtney).rar.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_10.0.19041.1_none_0341fea186758116\asian hardcore licking bedroom .mpg.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.572_none_d9e58b774d1b6e80\gay big girly .avi.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Windows\SystemResources\Windows.ShellCommon.SharedResources\italian animal bukkake [bangbus] feet .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.1_none_0bc0f3d4cd7dc8fd\canadian fucking girls sweet .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_10.0.19041.746_none_e2c6a972a81b8d2c\gang bang bukkake hidden feet (Kathrin,Sarah).mpg.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Windows\PLA\Templates\russian beastiality bukkake girls titts .rar.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5021dd18efc0460c\asian xxx hidden hole bedroom .mpg.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_es-es_64c107d8bb3ade94\cum blowjob [free] (Liz).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\lingerie girls YEâPSè& .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_57eddd48e7a74274\american fetish xxx catfight 50+ .avi.exe | C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe
"C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe"
C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe
"C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe"
C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe
"C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe"
C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe
"C:\Users\Admin\AppData\Local\Temp\048cefb7f5c15b377702cbb76bcfa6aa1c1223792f127e82d7a4f6715bfdfa8e.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 240.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.56.20.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 188.31.202.11.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.47.18.107.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.117.68.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 45.55.165.180.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 224.92.115.236.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.84.215.174.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.64.226.22.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.12.205.224.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 235.133.226.111.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.144.4.36.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.206.134.97.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 128.68.19.230.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.66.160.161.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 60.107.7.132.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.72.209.30.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.96.6.161.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.39.84.213.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 166.66.143.149.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.69.178.210.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 61.78.230.191.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.219.242.171.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.59.148.207.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.163.104.249.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.189.45.215.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.165.226.180.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 224.21.225.208.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.62.217.15.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 211.200.17.110.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.16.241.97.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 176.226.51.1.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 187.217.65.190.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.95.179.186.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 223.78.107.238.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.44.205.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.234.192.221.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.61.32.186.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.20.128.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.74.6.22.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.92.104.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 230.155.178.188.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.195.219.201.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.179.104.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.136.35.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 45.109.200.121.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 12.21.144.148.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.32.116.19.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 135.28.173.99.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 60.161.87.138.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.172.137.7.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.219.98.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 255.32.194.38.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.220.214.239.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.202.153.118.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.17.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 182.188.11.252.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.115.19.188.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.44.54.68.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.202.28.136.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.104.249.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 123.10.44.20.in-addr.arpa | udp |
Files
memory/4260-0-0x0000000000400000-0x000000000041E000-memory.dmp
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\hardcore lesbian (Jade).mpg.exe
| MD5 | a9b5aae0e05b4bf14045564fa7169cc4 |
| SHA1 | 3fb2c15989a1a7dca89db3cf81c6a2df1e4c7d59 |
| SHA256 | 8dcebe7c7d277bb4e1d21a99a740b230bc1382be230692d6a866f7fdb7fb602f |
| SHA512 | cde422fdc0c080c0e00ddc7585f783c81ccb69a4bd21b9f5fbb3f2b077f93fda564c337453d972fb1341c45e6b893915f456a6b7e3605bea78a03c3abc2fa741 |
memory/4260-184-0x0000000000400000-0x000000000041E000-memory.dmp
memory/3300-185-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2772-187-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1748-186-0x0000000000400000-0x000000000041E000-memory.dmp
memory/4260-188-0x0000000000400000-0x000000000041E000-memory.dmp
memory/4260-189-0x0000000000400000-0x000000000041E000-memory.dmp
memory/4260-196-0x0000000000400000-0x000000000041E000-memory.dmp
memory/4260-206-0x0000000000400000-0x000000000041E000-memory.dmp
memory/4260-210-0x0000000000400000-0x000000000041E000-memory.dmp
memory/4260-215-0x0000000000400000-0x000000000041E000-memory.dmp
memory/4260-219-0x0000000000400000-0x000000000041E000-memory.dmp
memory/4260-223-0x0000000000400000-0x000000000041E000-memory.dmp
memory/4260-227-0x0000000000400000-0x000000000041E000-memory.dmp
memory/4260-231-0x0000000000400000-0x000000000041E000-memory.dmp
memory/4260-235-0x0000000000400000-0x000000000041E000-memory.dmp
memory/4260-239-0x0000000000400000-0x000000000041E000-memory.dmp
memory/4260-243-0x0000000000400000-0x000000000041E000-memory.dmp
memory/4260-247-0x0000000000400000-0x000000000041E000-memory.dmp