Analysis Overview
SHA256
01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa
Threat Level: Known bad
The file 01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa was found to be: Known bad.
Malicious Activity Summary
UPX dump on OEP (original entry point)
UPX dump on OEP (original entry point)
Detects executables containing possible sandbox analysis VM usernames
UPX packed file
Checks computer location settings
Reads user/profile data of web browsers
Adds Run key to start application
Enumerates connected drives
Drops file in System32 directory
Drops file in Windows directory
Drops file in Program Files directory
Unsigned PE
Enumerates physical storage devices
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-07 18:07
Signatures
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-07 18:07
Reported
2024-04-07 18:09
Platform
win7-20240221-en
Max time kernel
150s
Max time network
150s
Command Line
Signatures
Detects executables containing possible sandbox analysis VM usernames
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\animal uncut .mpg.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\shared\cum masturbation ash lady .rar.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\german trambling sleeping legs pregnant (Ashley,Melissa).mpg.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\lingerie big black hairunshaved (Jenna).zip.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\bukkake trambling masturbation .avi.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\italian gang bang hidden shoes .zip.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\brasilian sperm several models feet bedroom .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\shared\tyrkish blowjob big .mpg.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Windows\System32\LogFiles\Fax\Incoming\russian porn hot (!) nipples shoes .avi.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\hardcore animal [milf] leather .rar.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\DVD Maker\Shared\chinese cum hidden vagina .mpg.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\cum beast full movie vagina ash .mpg.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\animal beastiality voyeur hole (Sandy).zip.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\horse voyeur ash .avi.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\chinese porn sleeping hole (Ashley,Sylvia).mpg.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\tyrkish sperm hot (!) sweet (Sonja).mpg.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Shared Gadgets\lesbian hidden .rar.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\japanese animal lingerie [milf] stockings .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\Download\cum catfight hairy .mpg.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\canadian xxx porn masturbation ash .zip.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Program Files\Windows Journal\Templates\swedish horse xxx hot (!) latex (Gina).zip.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\microsoft shared\german sperm horse sleeping bondage .zip.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\russian bukkake public vagina .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\asian gay masturbation titts fishy .zip.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\danish kicking hidden feet fishy .rar.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\winsxs\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_16a2bb1dbab1c595\animal [milf] boobs 40+ (Anniston,Sandy).zip.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_4fe2107fd06efdd8\spanish beast kicking big pregnant .zip.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b4aea777fe683838\hardcore beast voyeur blondie .zip.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8c6fc5a7aa8c435d\beast blowjob girls hairy (Sonja).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e30b5ec05031d17d\animal lesbian sleeping traffic .avi.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_60c2504d62fd4f0e\chinese animal action catfight (Karin).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_3c93ac15fd731acf\canadian nude [bangbus] .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_aedaf3947d09fbe5\lingerie [free] (Ashley,Melissa).rar.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_ddab3bcb3a4ffb45\fucking nude [milf] feet boots .zip.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\norwegian horse horse catfight .zip.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_6.1.7600.16385_none_6377027f0030a06a\gang bang [bangbus] .avi.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_dba3691c6002e10e\german sperm blowjob full movie .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_664dbffec8693dfe\black action handjob full movie .zip.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_en-us_00f45b041e1e8fd3\danish bukkake licking bondage .avi.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_it-it_18a6fde3093acac7\animal hidden YEâPSè& .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_c26c5b8280c6af34\horse uncut .rar.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_es-es_00bfb7e81e458178\french trambling action public hole .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8d9f242de8497d58\blowjob fetish catfight ash .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0ac4ebfc358e5ec0\hardcore bukkake several models traffic (Britney,Sonja).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-m..-temptable-provider_31bf3856ad364e35_6.1.7600.16385_none_1dd3ce8d1e7524cd\british action porn uncut young (Christine).zip.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\brasilian horse beast lesbian titts sm .zip.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_1412267f4b3bb985\hardcore uncut mature .zip.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_5e4ff1f4cf2dee9b\horse catfight upskirt (Sarah,Anniston).avi.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_4d274741486b900c\danish lingerie lesbian latex (Karin,Karin).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\canadian cumshot beast catfight .mpg.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_6f0f7833cb71e18d\blowjob hot (!) beautyfull .zip.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_2e7f079c3208e549\japanese bukkake nude [milf] legs .avi.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_97a45841ff925aa0\sperm licking pregnant .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_aea650787d30ed8a\nude [milf] wifey .mpg.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\japanese trambling gang bang licking .rar.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\lingerie hot (!) (Jenna,Sonja).avi.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0993a1b8823a4e79\handjob [milf] .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_3b85bcbe4734e96a\chinese nude big (Britney,Britney).avi.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\spanish sperm trambling [free] hole castration .zip.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_bcc167434bb9b3ea\canadian horse public shoes (Sandy).rar.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_f3c374fc18118ca2\fucking trambling public beautyfull .mpg.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\gay full movie .avi.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Windows\PLA\Templates\blowjob handjob licking mature .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\Downloads\brasilian cum full movie YEâPSè& .mpg.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_7bfdfb15e7184c41\black animal handjob uncut boobs stockings .mpg.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_963e6ae24c653bfe\bukkake nude [free] bondage .avi.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Windows\assembly\temp\black gang bang nude full movie beautyfull .zip.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Windows\SoftwareDistribution\Download\animal gang bang sleeping .rar.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2fc4a33adb648f33\japanese lingerie kicking uncut boobs ash .rar.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_387a16fe7addf3b6\french action action [milf] feet pregnant .zip.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Windows\Downloaded Program Files\swedish xxx hidden girly (Sarah).avi.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5d6ada54ed6d35a2\black horse gay girls lady .zip.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_6208b91f46896156\cumshot sleeping .zip.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\brasilian lesbian trambling girls latex .zip.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_d8216ed3d8746200\kicking licking feet .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\spanish animal hardcore hidden legs fishy .mpg.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a3772de7111797da\trambling masturbation shoes .avi.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_6.1.7600.16385_none_5499606faffb3f9f\canadian nude gang bang [milf] titts shoes .rar.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_a945e2c500c90142\fucking kicking big vagina YEâPSè& .rar.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Windows\winsxs\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_6b16fa9f975e1109\french lingerie uncut legs redhair .zip.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_65b23d3c3a97bfaf\gang bang public titts .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_34400a5790d1d336\swedish animal lesbian ash .avi.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_515dc677700303ec\chinese porn sleeping nipples penetration .rar.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\blowjob fucking girls balls .zip.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\norwegian bukkake lesbian [free] (Britney).mpg.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\british nude porn [free] fishy .zip.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ad7c61fb28607522\lesbian blowjob catfight (Ashley).mpg.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_94ab98ac6d213009\xxx [free] nipples hotel .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_6.1.7600.16385_none_2958d4a31d2ec64f\russian lingerie nude hidden ash (Liz).mpg.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe
"C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe"
C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe
"C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe"
C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe
"C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe"
C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe
"C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 185.242.90.1.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 164.247.182.197.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.219.185.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 87.120.156.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.46.123.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.165.194.122.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.76.35.1.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.46.204.130.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 223.128.168.221.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 144.18.244.17.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.123.78.32.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.13.110.207.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 141.241.33.193.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.9.20.119.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 141.20.48.15.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.49.57.212.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 252.132.154.26.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.128.203.97.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.238.238.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.40.88.73.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.174.169.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.131.69.47.in-addr.arpa | udp |
Files
memory/2176-0-0x0000000000400000-0x000000000041E000-memory.dmp
C:\Program Files\Windows Sidebar\Shared Gadgets\lesbian hidden .rar.exe
| MD5 | 9713eed8539874797b4c6e55afd72cd1 |
| SHA1 | 1eac95aa1b76c34f90df4147c997077996dd731c |
| SHA256 | e28823be6579d86c353b58ede4c445860a09a4091190ae61e5d6dbc7e852a8a2 |
| SHA512 | 73d637814c10270312d91fefcc4536db6ddf336f7d1c859b4fd1b1e0ad94c33875b3436f819813bfd6e8586257e70cde9080d4c6f3d0f64fb83929f9df046d19 |
memory/2624-19-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2624-54-0x00000000047C0000-0x00000000047DE000-memory.dmp
memory/2436-55-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2176-56-0x0000000005670000-0x000000000568E000-memory.dmp
memory/2444-57-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2176-94-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2176-97-0x00000000052F0000-0x000000000530E000-memory.dmp
memory/2624-98-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2624-99-0x00000000047C0000-0x00000000047DE000-memory.dmp
memory/2436-103-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2176-104-0x0000000005670000-0x000000000568E000-memory.dmp
memory/2444-105-0x0000000000400000-0x000000000041E000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-07 18:07
Reported
2024-04-07 18:09
Platform
win10v2004-20231215-en
Max time kernel
150s
Max time network
148s
Command Line
Signatures
Detects executables containing possible sandbox analysis VM usernames
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\config\systemprofile\indian horse lesbian lesbian lady (Jenna,Liz).rar.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\japanese porn bukkake hot (!) .zip.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\SHARED\tyrkish horse xxx licking hotel .zip.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\lesbian catfight .rar.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\sperm voyeur titts boots (Sylvia).rar.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\SHARED\xxx lesbian .avi.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Windows\System32\LogFiles\Fax\Incoming\italian porn gay [bangbus] castration .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\beast girls .mpg.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\italian beastiality beast lesbian titts gorgeoushorny .mpg.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\hardcore catfight traffic .zip.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\italian action hardcore full movie (Liz).mpg.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\black gang bang bukkake sleeping bondage .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Microsoft\Temp\lesbian masturbation girly .avi.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Templates\american nude beast hot (!) cock .mpg.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\fucking full movie .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Program Files\Microsoft Office\Updates\Download\bukkake licking beautyfull (Ashley,Samantha).avi.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Shared Gadgets\lesbian hidden glans .avi.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\russian gang bang trambling licking .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\horse masturbation shower .avi.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\brasilian horse fucking catfight blondie (Sonja,Melissa).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\tyrkish cum sperm catfight titts .mpg.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Microsoft Shared\horse sleeping high heels .zip.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\Download\brasilian nude blowjob masturbation shoes .zip.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Program Files\dotnet\shared\hardcore [bangbus] (Curtney).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\american kicking lingerie [milf] hole .mpg.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\danish porn fucking lesbian glans (Ashley,Tatjana).rar.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\indian nude sperm masturbation titts .mpg.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\danish nude gay [milf] (Sarah).avi.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\gay hot (!) 50+ .zip.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\beast sleeping femdom .zip.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedrealitysvc_31bf3856ad364e35_10.0.19041.746_none_822bf1ada1526fa8\porn lingerie [bangbus] feet .mpg.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.746_none_a06b29f6c4bab99e\japanese kicking blowjob uncut titts circumcision .mpg.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.1266_none_7916f7558927ae23\fetish fucking girls boots (Jenna,Tatjana).mpg.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_10.0.19041.1_none_ee94ce5eb8e7e4c0\tyrkish nude lingerie hot (!) .mpg.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Windows\Downloaded Program Files\indian nude blowjob public .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.84_none_81616275259e37fe\fetish gay full movie swallow (Anniston,Sylvia).avi.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.1_none_c6da8048542fddc7\japanese action lingerie hidden boots .zip.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.1_none_abfc9db6c377b91f\spanish xxx licking feet .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx4-installsqlstatetemplate_sql_b03f5f7f11d50a3a_4.0.15805.0_none_7636d1cd418015c8\chinese horse full movie titts .zip.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Windows\WinSxS\Temp\fucking hidden .zip.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_8fafa997b9980bea\fucking several models young .avi.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.1_none_a80cea873b2a6772\italian cum xxx uncut titts hotel (Tatjana).rar.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_5af076e0a3cb0fa7\french gay full movie hairy .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1288_none_56c05939711f0938\kicking xxx girls (Sarah).avi.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-u..tyvm-sysprep-shared_31bf3856ad364e35_10.0.19041.1_none_3ba048793ab5eb3f\action sperm hidden lady .rar.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_10.0.19041.1_none_91025638be651781\xxx sleeping .zip.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_8d8f6812a0c99533\danish fetish trambling girls glans .zip.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_67a96afcfa248327\indian animal hardcore catfight shower .zip.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Windows\security\templates\tyrkish action gay full movie glans femdom .mpg.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_es-es_c9ce604ef4cbf323\japanese fetish xxx lesbian hole .mpg.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_fd7349c396c417ae\horse blowjob sleeping gorgeoushorny (Britney,Karin).mpg.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5021dd18efc0460c\lesbian voyeur swallow .mpg.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\indian animal hardcore hot (!) 50+ (Sonja,Karin).zip.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_215194e2327a46ac\gay [free] high heels (Gina,Janette).rar.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_6c6bd34f082a97f1\french lesbian girls balls .zip.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_3a3c49005c947bac\malaysia sperm big hole .avi.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_10.0.19041.1_none_551afa5edf8be30e\xxx lesbian blondie .avi.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Windows\assembly\tmp\fucking uncut ash (Ashley,Sylvia).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_es-es_30d7585a049f5b52\gay uncut hole blondie .zip.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_bfae5918c0443f83\german xxx [free] bedroom .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-u..ell-sharedutilities_31bf3856ad364e35_10.0.19041.1_none_813610a8a9b59e0a\bukkake masturbation cock mistress .mpg.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.1_none_b201c2e68d8dbc0d\american fetish blowjob big glans .zip.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.572_none_d9e58b774d1b6e80\tyrkish animal horse [milf] castration .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Windows\WinSxS\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_10.0.19041.1_none_a723631dce180fe0\japanese cum gay sleeping feet femdom .zip.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-composable-sharepicker_31bf3856ad364e35_10.0.19041.1_none_c87e96327faffd0e\lingerie [free] sm .zip.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_b597a55b603b537d\russian animal beast hidden lady .avi.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_6242879b1c08046f\italian kicking bukkake licking titts bedroom .avi.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_ca03036af4a5017e\cum sperm catfight pregnant .avi.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_it-it_bdb6c49fcea35732\asian lingerie big hotel .rar.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_cb389cf57d74d691\black cum lingerie full movie (Janette).zip.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_10.0.19041.1_none_bd731e5b85dd203e\norwegian fucking voyeur gorgeoushorny .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-u..ell-sharedutilities_31bf3856ad364e35_10.0.19041.546_none_a93e4a2569276206\french horse voyeur .mpg.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_10.0.19041.1_none_03040a328f65b761\japanese nude bukkake girls pregnant .rar.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx4-_dataoraclec.._shared12_neutral_h_b03f5f7f11d50a3a_4.0.15805.0_none_3b8d4dacc2ea6b71\norwegian gay several models (Jade).zip.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\templates\bukkake masturbation .rar.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedpc-sharedpccsp_31bf3856ad364e35_10.0.19041.746_none_4cfe603abbcbfd86\american beastiality beast several models cock .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_10.0.19041.1_none_4ac6500cab2b2113\asian bukkake [free] (Liz).mpg.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_d58d4747b1d5988c\blowjob full movie glans .rar.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1288_none_6115038ba57fcb33\danish cum trambling masturbation feet hotel .rar.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_57eddd48e7a74274\animal lingerie voyeur hairy (Sandy,Jade).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1202_none_d8a1416ab7cccdcf\african blowjob hot (!) (Sylvia).avi.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Windows\WinSxS\x86_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_10.0.19041.1_none_34e3bab50607a64b\african horse licking glans .mpg.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_89c0bf1761110f07\norwegian blowjob girls feet ejaculation .avi.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_2426cc56d654beaa\sperm big swallow (Sandy,Janette).rar.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_10.0.19041.1_none_965fbcbe4df0916b\animal horse uncut fishy .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\russian cum sperm [milf] feet .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedrealitysvc_31bf3856ad364e35_10.0.19041.1_none_5a23b464e1e0b15e\japanese beastiality lesbian voyeur .zip.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.1_none_7862ecae0548fb54\swedish fetish gay lesbian hotel .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_10.0.19041.1_none_de1581e9a275faf8\bukkake [milf] sm .zip.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_1bbb9ab9fc52bac9\sperm masturbation feet .avi.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_2fe79eae2833b9b1\handjob bukkake [milf] .avi.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\tyrkish cum lingerie sleeping .avi.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.789_en-us_58ebf9ecc407e3c0\horse sperm [free] hotel (Christine,Tatjana).rar.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_07787dd7ae0cf4f6\american nude gay hot (!) titts gorgeoushorny .zip.exe | C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe
"C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe"
C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe
"C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe"
C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe
"C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe"
C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe
"C:\Users\Admin\AppData\Local\Temp\01bef797da3acda0214b7b72c4f0025e3c87e8b7e29eeb78798973f6a753f3fa.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 240.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 138.91.171.81:80 | tcp | |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 159.113.53.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.143.109.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.177.98.97.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.103.157.86.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 187.224.199.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 39.198.23.57.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 114.230.39.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 244.94.14.241.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.87.215.156.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 243.223.41.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.114.213.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 242.231.91.218.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.170.36.155.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.38.54.85.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.245.148.136.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.119.253.137.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.74.181.86.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.145.192.242.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.223.242.183.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 47.157.214.252.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.20.93.49.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.227.139.205.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 242.221.136.228.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.188.8.210.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.135.76.24.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.185.8.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.175.73.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 168.66.14.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 248.207.159.101.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 220.99.84.143.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.80.186.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.60.183.203.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 181.196.165.75.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.78.146.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.190.51.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 132.11.52.106.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.23.11.56.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 147.118.88.113.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 204.214.37.73.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.145.1.32.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.88.102.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.60.173.68.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.239.162.189.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 115.111.61.120.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.123.152.153.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 211.220.202.149.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 224.55.213.60.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.206.60.61.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.223.6.121.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.166.2.243.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.151.18.132.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.1.111.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 184.116.230.53.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.57.170.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.70.113.132.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 7.170.86.240.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.145.104.97.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 123.43.111.86.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 189.152.222.11.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.53.18.55.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.181.240.238.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.107.20.83.in-addr.arpa | udp |
Files
memory/5028-0-0x0000000000400000-0x000000000041E000-memory.dmp
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\american kicking lingerie [milf] hole .mpg.exe
| MD5 | 4463590fc60163746d4a25a6c7e77cef |
| SHA1 | 151bdf45eef8233f064a7ac39bbe56ffce149302 |
| SHA256 | 7a68df6c0794df634869b10d150c206c9e0ef646a8b56a6ea2ab6cb4cbda6feb |
| SHA512 | 953e46273176241092d536cd6fa9ab588a30f916555230377221cb269b4c304854dfd9129585f30e8c35c4714699a9570d7d79c3457690c8d946baf54cf8c5a4 |
memory/2108-60-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1368-167-0x0000000000400000-0x000000000041E000-memory.dmp
memory/924-168-0x0000000000400000-0x000000000041E000-memory.dmp
memory/5028-196-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2108-198-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1368-200-0x0000000000400000-0x000000000041E000-memory.dmp
memory/924-201-0x0000000000400000-0x000000000041E000-memory.dmp