Analysis Overview
SHA256
b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198
Threat Level: Known bad
The file b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198 was found to be: Known bad.
Malicious Activity Summary
UPX dump on OEP (original entry point)
UPX dump on OEP (original entry point)
Detects executables containing possible sandbox analysis VM usernames
Reads user/profile data of web browsers
UPX packed file
Checks computer location settings
Enumerates connected drives
Adds Run key to start application
Drops file in System32 directory
Drops file in Windows directory
Drops file in Program Files directory
Unsigned PE
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-08 00:47
Signatures
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-08 00:47
Reported
2024-04-08 00:50
Platform
win7-20240215-en
Max time kernel
150s
Max time network
146s
Command Line
Signatures
Detects executables containing possible sandbox analysis VM usernames
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\FxsTmp\bukkake lesbian hole bondage (Melissa).avi.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\swedish action fucking sleeping cock blondie .rar.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\lesbian public beautyfull .avi.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Windows\System32\LogFiles\Fax\Incoming\beast full movie sweet .rar.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\tyrkish horse lesbian voyeur shower (Kathrin,Melissa).mpg.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\black fetish blowjob several models titts .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\japanese animal sperm girls feet ash (Melissa).zip.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\black animal lesbian hidden cock sm (Sylvia).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\shared\japanese horse gay girls shoes .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\shared\danish nude fucking sleeping mistress .zip.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\russian cum lesbian girls cock (Sandy,Liz).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\japanese nude sperm licking feet castration (Janette).mpg.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\black kicking lingerie voyeur .avi.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\tyrkish action sperm licking shoes .zip.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Program Files\Windows Journal\Templates\bukkake [free] upskirt .zip.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\swedish horse gay several models (Tatjana).mpg.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\danish porn lesbian [free] penetration (Jenna,Samantha).zip.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\brasilian handjob fucking [free] sm .avi.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\lingerie catfight redhair (Jenna,Sylvia).zip.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Shared Gadgets\hardcore uncut titts circumcision .avi.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\microsoft shared\russian nude horse lesbian young .mpg.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\Download\japanese gang bang gay hidden leather .avi.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Program Files\DVD Maker\Shared\italian handjob trambling several models hole high heels .avi.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\lesbian girls hairy .mpg.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\japanese horse xxx [milf] titts wifey (Tatjana).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_00225053e03f4c04\malaysia xxx voyeur titts (Jenna,Curtney).mpg.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_34400a5790d1d336\malaysia gay public hole wifey (Curtney).rar.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_6.1.7600.16385_none_49dd84a06c7c8863\kicking horse voyeur .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_c26c5b8280c6af34\cumshot blowjob [free] 50+ (Sonja,Liz).mpg.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_ddab3bcb3a4ffb45\sperm catfight glans bedroom .avi.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\blowjob [bangbus] hairy .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\japanese horse lingerie full movie hotel .avi.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5d9f7d70ed4643fd\trambling hot (!) fishy (Sonja,Curtney).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_4d274741486b900c\indian porn fucking big redhair .avi.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_94828572f7ddbf0f\french horse licking titts femdom .rar.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_7bfdfb15e7184c41\black nude trambling catfight glans .zip.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8c6fc5a7aa8c435d\fetish xxx hot (!) leather .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ad7c61fb28607522\japanese fetish lesbian lesbian (Melissa).zip.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Windows\Downloaded Program Files\gay [milf] (Liz).mpg.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05\sperm [milf] bedroom .avi.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_d81c96999f75bd77\danish gang bang xxx full movie hole circumcision (Curtney).mpg.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\gay [bangbus] feet latex .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2fc4a33adb648f33\spanish trambling big (Melissa).rar.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_3863e9ef3f804dd9\african xxx uncut black hairunshaved .rar.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\danish cumshot bukkake girls (Jade).mpg.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_293ea1e3e6bc5364\asian beast lesbian mistress (Jenna,Janette).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_60a2cbbf935c42b4\tyrkish beastiality horse masturbation titts stockings (Curtney).zip.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_de-de_5803850b2f40840e\african lingerie girls hole redhair (Sylvia).mpg.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\italian nude horse uncut (Samantha).rar.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0ac4ebfc358e5ec0\action sperm [bangbus] ejaculation .rar.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ea4a469ab7713182\animal hardcore several models titts femdom (Sylvia).avi.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\danish horse hardcore uncut glans leather .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\Downloads\italian horse lingerie [bangbus] .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_99b74194b7347cab\kicking gay public YEâPSè& .avi.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\danish cum fucking big YEâPSè& .mpg.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_es-es_00bfb7e81e458178\beastiality lesbian hidden titts .avi.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8bfc34b93f0fdd42\blowjob [free] glans .mpg.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_it-it_18a6fde3093acac7\malaysia beast [milf] lady .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_515dc677700303ec\blowjob hot (!) (Karin).rar.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_b7f38afb92de484f\german trambling several models upskirt (Anniston,Tatjana).rar.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_16a2bb1dbab1c595\blowjob [bangbus] balls .zip.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_387a16fe7addf3b6\canadian trambling masturbation glans wifey .rar.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\trambling [free] lady .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_6.1.7600.16385_none_a727eb798dcfb185\action lingerie sleeping titts stockings (Tatjana).rar.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_39374e2435a71b47\african blowjob full movie cock .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_f3c374fc18118ca2\tyrkish gang bang trambling hot (!) bedroom .zip.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\beast licking granny .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f25d066604c2ad34\norwegian horse licking .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Windows\winsxs\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_79642285ffd2a388\porn trambling hidden gorgeoushorny .avi.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_aedaf3947d09fbe5\swedish cum fucking [milf] sweet .mpg.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\danish porn blowjob big .avi.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a3772de7111797da\black action sperm [milf] hole YEâPSè& .mpg.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Windows\winsxs\Temp\beast voyeur feet penetration (Janette).rar.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Windows\winsxs\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_6b16fa9f975e1109\russian animal blowjob hot (!) .mpg.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_095efe9c8261401e\french trambling [milf] redhair .mpg.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\italian handjob blowjob several models stockings .rar.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Windows\assembly\tmp\tyrkish fetish gay [bangbus] redhair .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e30b5ec05031d17d\cumshot sperm girls glans .zip.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Windows\security\templates\trambling [bangbus] hole .avi.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_aea650787d30ed8a\sperm [free] gorgeoushorny .mpg.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8bc7919d3f36cee7\japanese action lingerie sleeping feet (Ashley,Tatjana).rar.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Windows\winsxs\InstallTemp\nude bukkake [milf] (Janette).rar.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0af98f1835676d1b\spanish lingerie catfight (Janette).avi.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_1412267f4b3bb985\cum lesbian catfight castration .rar.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_9498b282333b64ec\bukkake full movie (Tatjana).rar.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b4aea777fe683838\asian lingerie several models glans .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5d6ada54ed6d35a2\fetish hardcore sleeping sm (Sonja,Liz).zip.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_6208b91f46896156\blowjob sleeping titts blondie (Samantha).zip.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_39c9d74ef2ad6c7b\blowjob sleeping titts balls .mpg.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe
"C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe"
C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe
"C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe"
C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe
"C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 189.53.249.193.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.9.221.165.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.169.49.247.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.237.148.65.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.67.236.155.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.149.232.105.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.21.189.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 151.141.81.117.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.143.149.65.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.161.216.200.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 7.97.192.198.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.187.69.145.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.110.221.200.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.218.253.231.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.18.8.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 128.135.83.58.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 167.136.123.210.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.66.233.27.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 96.232.161.218.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 111.232.18.174.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.115.3.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 47.203.146.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.180.24.24.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.192.98.27.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.123.186.58.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.102.16.200.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 45.47.212.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.120.37.62.in-addr.arpa | udp |
Files
memory/2916-0-0x0000000000400000-0x000000000041D000-memory.dmp
C:\Program Files\Windows Sidebar\Shared Gadgets\hardcore uncut titts circumcision .avi.exe
| MD5 | 204b32d81841ccec2466250c9409ae23 |
| SHA1 | 73f79bea6f4908ac9e863e1bec22d30dce42c20e |
| SHA256 | b3d4ae9ab8d850f7ad3769702fd1c5ab5f60ca279171e21a3a8dc3e03276af1f |
| SHA512 | 8b3a2731d2a2f5d8b5d0d7b826c78d4bba223515c216274749bab2e456963a3852675987e7ffd32bc6b7c726a95c498368be345ecd0523e088e0cf6ae016b7c0 |
memory/2916-80-0x0000000004BE0000-0x0000000004BFD000-memory.dmp
memory/1892-81-0x0000000000400000-0x000000000041D000-memory.dmp
memory/1892-90-0x0000000004DD0000-0x0000000004DED000-memory.dmp
memory/2696-91-0x0000000000400000-0x000000000041D000-memory.dmp
memory/2916-95-0x0000000000400000-0x000000000041D000-memory.dmp
C:\debug.txt
| MD5 | a82b119ca1535face51aa970cc4412c8 |
| SHA1 | 224116329af6f5fdd4b6a58990d70a3cdaa91338 |
| SHA256 | d1fb0fbf1a031179710e6d76cf7d992c2acad8d7b6bede648909e2cc409bb421 |
| SHA512 | d1fdfa322758df97b68ed9d66d63362afa38de48c64708b1979f72315002eed70d4e8ca418b09024ca5b115c4fcd7bc3148772e53f4af326c2aabeb5c8b122cb |
memory/1892-104-0x0000000000400000-0x000000000041D000-memory.dmp
memory/2696-105-0x0000000000400000-0x000000000041D000-memory.dmp
memory/2916-106-0x0000000000400000-0x000000000041D000-memory.dmp
memory/2916-107-0x0000000004BE0000-0x0000000004BFD000-memory.dmp
memory/1892-110-0x0000000004DD0000-0x0000000004DED000-memory.dmp
memory/2916-111-0x0000000000400000-0x000000000041D000-memory.dmp
memory/2916-114-0x0000000000400000-0x000000000041D000-memory.dmp
memory/2916-117-0x0000000000400000-0x000000000041D000-memory.dmp
memory/2916-122-0x0000000000400000-0x000000000041D000-memory.dmp
memory/2916-125-0x0000000000400000-0x000000000041D000-memory.dmp
memory/2916-128-0x0000000000400000-0x000000000041D000-memory.dmp
memory/2916-131-0x0000000000400000-0x000000000041D000-memory.dmp
memory/2916-134-0x0000000000400000-0x000000000041D000-memory.dmp
memory/2916-137-0x0000000000400000-0x000000000041D000-memory.dmp
memory/2916-140-0x0000000000400000-0x000000000041D000-memory.dmp
memory/2916-143-0x0000000000400000-0x000000000041D000-memory.dmp
memory/2916-146-0x0000000000400000-0x000000000041D000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-08 00:47
Reported
2024-04-08 00:50
Platform
win10v2004-20240226-en
Max time kernel
150s
Max time network
148s
Command Line
Signatures
Detects executables containing possible sandbox analysis VM usernames
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\bukkake girls nipples 50+ (Sarah,Sonja).mpg.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\chinese trambling licking hole .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\SHARED\nude uncut beautyfull .zip.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\fucking hidden .avi.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\nude masturbation YEâPSè& .avi.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\beastiality lesbian hot (!) gorgeoushorny .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\african sperm beast sleeping (Christine).rar.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\american lesbian masturbation pregnant .avi.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\blowjob girls leather .rar.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\norwegian action gay catfight ejaculation .mpg.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\SHARED\canadian action hardcore licking ejaculation .zip.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Windows\System32\LogFiles\Fax\Incoming\blowjob gay catfight glans .mpg.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\dotnet\shared\cumshot handjob hot (!) high heels .zip.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\lesbian xxx catfight (Sarah,Britney).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\handjob girls castration .rar.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Program Files\Microsoft Office\Updates\Download\nude [bangbus] .mpg.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\porn sleeping legs bondage (Sonja,Kathrin).rar.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Templates\swedish horse cum catfight .rar.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Microsoft Shared\norwegian trambling cum [free] .rar.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\swedish kicking [bangbus] mistress .mpg.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\canadian hardcore voyeur high heels .zip.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\chinese fucking cumshot licking wifey .avi.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\russian nude sleeping ejaculation .avi.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\Download\swedish xxx gay catfight .rar.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\norwegian lesbian trambling several models YEâPSè& .zip.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\chinese beastiality trambling [free] nipples (Melissa,Sonja).zip.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Shared Gadgets\german porn several models nipples sm .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\asian fetish big .mpg.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\sperm cum lesbian titts castration .zip.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\swedish sperm fucking hot (!) pregnant .mpg.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.1_none_fa09f84703cb02c5\fucking catfight leather .rar.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_19d22204a1f3fcaf\kicking hot (!) lady .zip.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1288_none_56c05939711f0938\canadian beastiality fetish [bangbus] boobs (Tatjana).avi.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_10.0.19041.207_none_e2f2dfeea7fa44fc\french lesbian fucking voyeur ash upskirt .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedpc-sharedpccsp_31bf3856ad364e35_10.0.19041.1_none_24f622f1fc5a3f3c\beast [free] .zip.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx4-installsqlstatetemplate_sql_b03f5f7f11d50a3a_4.0.15805.0_none_7636d1cd418015c8\beastiality girls girly .avi.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_de-de_21122d7205c6f5b9\lingerie horse lesbian traffic .mpg.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_10.0.19041.1_none_c513167c1d0a90dd\norwegian hardcore several models titts high heels .zip.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.746_none_b53f8b98f2b3a373\tyrkish beast lesbian 40+ .avi.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\lesbian beast girls legs .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.746_none_96167fa49059f7a3\canadian xxx handjob hot (!) .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Windows\mssrv.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_es-es_30d7585a049f5b52\norwegian lesbian lesbian hairy (Tatjana).avi.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_833abdc06c68d338\japanese beastiality catfight wifey (Tatjana).avi.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_de-de_bc04d4fbcc35e12a\gay masturbation 50+ (Anniston,Sarah).mpg.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\sperm catfight swallow .mpg.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.1_none_abfc9db6c377b91f\british gang bang bukkake catfight titts .avi.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx-aspnet-sharedcomponents_b03f5f7f11d50a3a_4.0.19041.1_none_47ca94859da20b28\porn uncut hole .avi.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..s-ime-eashared-ihds_31bf3856ad364e35_10.0.19041.1_none_e8996b7d3512363f\black horse gang bang catfight titts shoes .mpg.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedrealitysvc_31bf3856ad364e35_10.0.19041.1_none_5a23b464e1e0b15e\japanese fetish nude [bangbus] hole young .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_b597a55b603b537d\malaysia beast lesbian catfight granny (Kathrin).mpg.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_a4f93129c473df49\porn horse big YEâPSè& .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Windows\WinSxS\x86_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_10.0.19041.1_none_d980e9752d51efac\cum [free] .zip.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_ee7ea14f7d8a3ee3\african beastiality handjob several models ash mistress .mpg.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_b1ffa0e7b4ed03e2\spanish hardcore horse licking redhair (Samantha,Sonja).zip.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_es-es_8da1621e0a800290\black cumshot catfight mistress .mpg.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-s..-kf-commondownloads_31bf3856ad364e35_10.0.19041.1_none_a914e3e3f19ceda1\animal [free] (Jade).avi.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_8fafa997b9980bea\bukkake beastiality several models .zip.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-m..ineshared.resources_31bf3856ad364e35_10.0.19041.1_en-us_99ddc8ce8d3d6dac\porn [bangbus] castration .avi.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\canadian lesbian hidden ¼ë .mpg.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\Downloads\spanish gay horse girls granny .avi.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.928_none_33e0d5558cdd7c61\trambling horse [free] titts .avi.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_10.0.19041.1_none_de1581e9a275faf8\danish gay beastiality licking glans hotel .zip.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_10.0.19041.1_none_4ac6500cab2b2113\chinese fetish blowjob lesbian blondie (Tatjana).rar.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\action cumshot hidden .rar.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c3d467c525734eb3\italian bukkake lingerie sleeping shoes .avi.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_57eddd48e7a74274\trambling handjob licking feet 40+ .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Windows\WinSxS\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_10.0.19041.1_none_4ab14109a3e1e067\blowjob sperm full movie penetration .avi.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Windows\SoftwareDistribution\Download\SharedFileCache\black horse voyeur sweet (Karin,Kathrin).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_ab42fb092bda9182\african animal sleeping ash (Samantha).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.746_none_2212358fc33cc10f\russian action uncut beautyfull .mpg.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_en-us_64f5aaf4bb13ecef\italian fetish voyeur upskirt .zip.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-u..tyvm-sysprep-shared_31bf3856ad364e35_10.0.19041.1_none_3ba048793ab5eb3f\animal cumshot big sm .avi.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Windows\WinSxS\x86_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_10.0.19041.1_none_34e3bab50607a64b\malaysia lesbian [free] ash .avi.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\indian gay blowjob sleeping nipples black hairunshaved .rar.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_10.0.19041.1_none_0341fea186758116\british beastiality several models nipples shoes .mpg.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..ces-ime-eashared-lm_31bf3856ad364e35_10.0.19041.1_none_4756d423b091d10b\african horse lesbian stockings .avi.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\chinese gay [milf] ejaculation .avi.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx-aspnet-nonwow64-shared_b03f5f7f11d50a3a_4.0.19041.1_none_d66d07dacac85e2d\indian horse hidden girly .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_adfc5e0bfca53431\japanese horse uncut boobs shower .mpg.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1202_none_d8a1416ab7cccdcf\malaysia gang bang handjob sleeping .avi.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-update-upshared_31bf3856ad364e35_10.0.19041.84_none_85259eff919b7c9e\kicking [bangbus] blondie .zip.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_3058d81cfd5218f2\brasilian gang bang sleeping glans stockings .avi.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_it-it_1a80ce63d483fe70\handjob hot (!) wifey (Kathrin,Jade).rar.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_fad1fa0072ef4a3a\tyrkish handjob hidden pregnant .zip.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1_none_a23e6a858fad9595\fucking sperm catfight gorgeoushorny .rar.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Windows\PLA\Templates\tyrkish sperm bukkake lesbian .zip.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_7860bee9439c3ae7\malaysia fucking cum [milf] sm (Anniston,Samantha).mpg.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..se-shared-datafiles_31bf3856ad364e35_10.0.19041.1_none_2f5f00d280dce9f6\cum gang bang full movie granny .mpg.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.1_none_7862ecae0548fb54\american horse cumshot [bangbus] sm (Karin).rar.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Windows\WinSxS\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_10.0.19041.1_none_15ba23b7f1e2b81b\gang bang hardcore voyeur blondie (Sonja).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_ca03036af4a5017e\american porn blowjob big hole .zip.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\french blowjob sleeping vagina traffic .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_5b152a8d329397ec\gang bang full movie balls .zip.exe | C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe
"C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe"
C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe
"C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe"
C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe
"C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe"
C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe
"C:\Users\Admin\AppData\Local\Temp\b8fe00794a93db4d1e83f8c9263b23b75f930496b4c9f5a59341562224b1a198.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.204.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.132.56.73.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.223.169.170.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.97.123.123.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.228.62.11.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.151.250.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 243.73.154.135.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 45.32.136.126.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 147.169.2.86.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.120.228.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.50.149.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 39.226.139.60.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.202.136.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.80.39.230.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 147.152.185.33.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 143.53.59.38.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 242.241.140.125.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 187.84.191.197.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 243.243.181.252.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 127.100.189.19.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 253.10.217.234.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.220.87.224.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 248.54.207.143.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.112.127.174.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.112.243.166.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.121.57.230.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.110.61.82.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.176.16.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 191.201.201.6.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 248.97.74.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.103.128.7.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.193.127.187.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.109.237.73.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.91.229.107.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.99.254.226.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.47.100.57.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 61.116.220.245.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.239.153.211.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 128.147.11.32.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 39.96.209.229.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 44.186.183.107.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.227.101.97.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 115.237.223.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.253.69.105.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.142.182.49.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 246.79.249.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.244.139.241.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.22.215.125.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.22.152.190.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.235.234.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 39.1.75.38.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 60.145.82.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 63.169.6.114.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.231.195.239.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.65.94.65.in-addr.arpa | udp |
Files
memory/3980-0-0x0000000000400000-0x000000000041D000-memory.dmp
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\canadian hardcore voyeur high heels .zip.exe
| MD5 | 01a7632d9994b517820e9c41ed53e6f2 |
| SHA1 | 977fda72a413c1f2c295dec28554de7112a33013 |
| SHA256 | c2b91fc9d47c3066d4432bd4724ab2af314480377248f57d8b1bf74fbedfeb8b |
| SHA512 | 1335e62c61f1ed0a9118d283c46783c4448fcfa17f9126417ec02ddc5d1ba8cfc929595f4c47ac76557a69368388831744b8fced89bd88269965acf4fc14c915 |
memory/2880-26-0x0000000000400000-0x000000000041D000-memory.dmp
memory/4804-154-0x0000000000400000-0x000000000041D000-memory.dmp
memory/4948-158-0x0000000000400000-0x000000000041D000-memory.dmp
memory/3980-185-0x0000000000400000-0x000000000041D000-memory.dmp
memory/2880-186-0x0000000000400000-0x000000000041D000-memory.dmp
memory/4948-188-0x0000000000400000-0x000000000041D000-memory.dmp
memory/4804-187-0x0000000000400000-0x000000000041D000-memory.dmp
memory/3980-190-0x0000000000400000-0x000000000041D000-memory.dmp
memory/3980-191-0x0000000000400000-0x000000000041D000-memory.dmp
memory/3980-197-0x0000000000400000-0x000000000041D000-memory.dmp
memory/3980-207-0x0000000000400000-0x000000000041D000-memory.dmp
memory/3980-211-0x0000000000400000-0x000000000041D000-memory.dmp
memory/3980-216-0x0000000000400000-0x000000000041D000-memory.dmp
memory/3980-220-0x0000000000400000-0x000000000041D000-memory.dmp
memory/3980-224-0x0000000000400000-0x000000000041D000-memory.dmp
memory/3980-228-0x0000000000400000-0x000000000041D000-memory.dmp
memory/3980-232-0x0000000000400000-0x000000000041D000-memory.dmp
memory/3980-236-0x0000000000400000-0x000000000041D000-memory.dmp
memory/3980-240-0x0000000000400000-0x000000000041D000-memory.dmp
memory/3980-244-0x0000000000400000-0x000000000041D000-memory.dmp
memory/3980-248-0x0000000000400000-0x000000000041D000-memory.dmp