Analysis Overview
SHA256
b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c
Threat Level: Known bad
The file b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c was found to be: Known bad.
Malicious Activity Summary
UPX dump on OEP (original entry point)
Detects executables containing possible sandbox analysis VM usernames
UPX dump on OEP (original entry point)
Reads user/profile data of web browsers
Checks computer location settings
UPX packed file
Enumerates connected drives
Adds Run key to start application
Drops file in System32 directory
Drops file in Windows directory
Drops file in Program Files directory
Unsigned PE
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-08 00:46
Signatures
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-08 00:46
Reported
2024-04-08 00:48
Platform
win7-20240221-en
Max time kernel
107s
Max time network
155s
Command Line
Signatures
Detects executables containing possible sandbox analysis VM usernames
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\config\systemprofile\russian cum fucking full movie .mpg.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Windows\System32\LogFiles\Fax\Incoming\spanish handjob catfight (Curtney,Samantha).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\indian gay action girls boobs .rar.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\fucking horse [bangbus] .mpg.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\malaysia xxx uncut .avi.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\shared\swedish xxx hardcore voyeur .mpg.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\canadian gay sperm catfight glans .mpg.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\german cumshot sleeping .mpg.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\british blowjob cum sleeping nipples balls .rar.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\shared\black action sperm voyeur hole upskirt (Liz).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\russian action [free] .mpg.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\trambling bukkake licking (Kathrin,Karin).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Program Files\Windows Journal\Templates\russian gang bang fucking public pregnant .rar.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Shared Gadgets\norwegian nude fucking hot (!) 50+ .mpg.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\microsoft shared\norwegian hardcore handjob [free] glans .avi.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\russian xxx lingerie sleeping ejaculation .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\Download\french gang bang big black hairunshaved .avi.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\swedish fetish blowjob [milf] blondie .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Program Files\DVD Maker\Shared\kicking several models YEâPSè& .avi.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\black trambling cumshot [milf] vagina shoes .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\horse beastiality voyeur (Britney,Samantha).rar.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\american gay beastiality full movie nipples blondie .avi.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\british cumshot lesbian blondie .rar.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\brasilian sperm trambling big leather (Curtney,Ashley).avi.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\norwegian cumshot girls hole gorgeoushorny .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\tyrkish xxx masturbation .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_99b74194b7347cab\brasilian blowjob trambling licking (Sonja).mpg.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_dba3691c6002e10e\nude several models .rar.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_3c93ac15fd731acf\indian cum lesbian big vagina (Karin).rar.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\beast public nipples balls .mpg.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_bacc7ceffc55dca2\chinese xxx blowjob voyeur black hairunshaved (Kathrin).avi.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_d8216ed3d8746200\cum porn voyeur feet shower (Tatjana,Karin).avi.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_7f84cd98a7a56fd8\spanish cum sperm voyeur latex .mpg.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\indian animal trambling [bangbus] bedroom .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_657d9a203abeb154\indian kicking porn [bangbus] balls .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_6.1.7600.16385_none_af6f98ff87b0e3cc\japanese fucking hot (!) ash .zip.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_963e6ae24c653bfe\chinese handjob full movie young .rar.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\spanish handjob sleeping (Sonja,Jade).rar.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\gang bang hidden ejaculation .mpg.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\hardcore voyeur titts swallow .rar.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Windows\PLA\Templates\brasilian lingerie several models .rar.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b4aea777fe683838\norwegian beast xxx licking young .avi.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Windows\winsxs\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_79642285ffd2a388\french bukkake masturbation .rar.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\animal public hairy .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f25d066604c2ad34\canadian sperm uncut .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_f0ca3430257ea13f\lesbian big wifey .zip.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\trambling bukkake licking hotel (Sylvia).rar.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0ac4ebfc358e5ec0\british hardcore animal public shoes .rar.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_965db382b6fef5cb\sperm uncut boobs hotel .avi.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_3b85bcbe4734e96a\chinese lesbian beastiality [free] YEâPSè& .rar.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_6.1.7600.16385_none_2958d4a31d2ec64f\malaysia horse fucking [milf] stockings .avi.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\hardcore girls hotel (Samantha,Britney).avi.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_65b23d3c3a97bfaf\action horse several models high heels .rar.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-m..-temptable-provider_31bf3856ad364e35_6.1.7600.16385_none_1dd3ce8d1e7524cd\african cum public .mpg.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_ddab3bcb3a4ffb45\asian blowjob masturbation legs castration .avi.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ea4a469ab7713182\indian lingerie several models legs balls .rar.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\horse lesbian (Kathrin,Liz).zip.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\african gay public stockings (Kathrin,Karin).zip.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\Downloads\kicking big boobs sweet (Sarah).rar.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_39c9d74ef2ad6c7b\french blowjob [free] black hairunshaved (Britney,Ashley).zip.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_aea650787d30ed8a\gay beast several models lady .mpg.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_00225053e03f4c04\tyrkish fucking big high heels .avi.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5d6ada54ed6d35a2\beastiality hidden shoes .avi.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_9498b282333b64ec\nude trambling masturbation .avi.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_f3c374fc18118ca2\malaysia horse hardcore [free] titts .avi.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05\cumshot licking stockings .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0993a1b8823a4e79\cum sperm lesbian .avi.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_dd18b2a07d49aa11\italian xxx animal [milf] hairy .rar.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8c6fc5a7aa8c435d\beastiality fucking girls hole .mpg.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e30b5ec05031d17d\malaysia hardcore cumshot [milf] hole .rar.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_b7f38afb92de484f\american action lesbian hot (!) titts shower (Sandy).zip.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_515dc677700303ec\malaysia gay gay lesbian hole gorgeoushorny (Karin).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Windows\mssrv.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\norwegian sperm fucking masturbation feet penetration .zip.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Windows\assembly\tmp\danish beast fucking hidden sweet .mpg.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Windows\SoftwareDistribution\Download\sperm trambling full movie cock hairy (Karin,Janette).avi.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_d81c96999f75bd77\italian action sleeping ìï .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_4fe2107fd06efdd8\danish animal trambling [free] (Curtney).avi.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_es-es_00bfb7e81e458178\african beast cum big .rar.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_664dbffec8693dfe\blowjob hardcore [bangbus] cock (Anniston).avi.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Windows\assembly\temp\german action hidden .rar.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\norwegian beastiality trambling sleeping balls .mpg.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_34400a5790d1d336\canadian blowjob cumshot [free] pregnant .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_en-us_00f45b041e1e8fd3\italian xxx masturbation .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8d9f242de8497d58\horse sleeping boobs latex (Janette).avi.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_39374e2435a71b47\spanish horse cumshot [bangbus] swallow (Liz,Ashley).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\american fetish blowjob girls glans .rar.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8bfc34b93f0fdd42\fetish [free] black hairunshaved .mpg.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_f27c4f066f5c6701\gang bang several models black hairunshaved (Sylvia,Samantha).avi.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe
"C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe"
C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe
"C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe"
C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe
"C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 161.92.152.230.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.85.255.148.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 125.170.187.206.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.145.239.227.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 246.129.134.70.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 44.251.41.62.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.4.228.22.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 142.81.12.77.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.53.18.246.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.175.188.80.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 162.1.57.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.25.100.206.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.111.225.114.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 114.116.168.248.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 162.132.37.148.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.106.176.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 151.192.75.86.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 168.218.157.243.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 220.126.230.165.in-addr.arpa | udp |
Files
memory/1368-0-0x0000000000400000-0x000000000041E000-memory.dmp
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\norwegian cumshot girls hole gorgeoushorny .mpeg.exe
| MD5 | 9a157df8162521bd707704a0b5bcae4d |
| SHA1 | cb3f7dc24d2f2729eccd077f0029473c95c0746a |
| SHA256 | 812561358ae85023ab04a70ccf72c63065b5ffc80999d771706fd2db7f98c419 |
| SHA512 | 2605b77712772d45efc0d83ecdc7b6c4db00554804ad499f9f3807bde736ff7dbd354ed46c647938788e9bf6ec30be25d33c06d9c069cc75b52b55e04ec22cdb |
memory/1368-12-0x0000000004620000-0x000000000463E000-memory.dmp
memory/2932-13-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2932-54-0x0000000004580000-0x000000000459E000-memory.dmp
memory/2452-55-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1368-89-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2932-90-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2452-91-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1368-92-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1368-93-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1368-95-0x0000000004620000-0x000000000463E000-memory.dmp
memory/2932-97-0x0000000004580000-0x000000000459E000-memory.dmp
memory/1368-99-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1368-102-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1368-107-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1368-118-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1368-121-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1368-124-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1368-129-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1368-132-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1368-135-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1368-138-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1368-141-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1368-144-0x0000000000400000-0x000000000041E000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-08 00:46
Reported
2024-04-08 00:48
Platform
win10v2004-20240319-en
Max time kernel
150s
Max time network
155s
Command Line
Signatures
Detects executables containing possible sandbox analysis VM usernames
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\brasilian kicking sperm hidden feet shoes (Liz).avi.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\african hardcore [milf] (Sarah).mpg.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\SHARED\swedish porn lingerie public (Melissa).avi.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\blowjob sleeping upskirt (Gina,Samantha).rar.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\japanese cum trambling [free] titts .rar.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\lingerie big (Sylvia).avi.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\black gang bang gay catfight penetration .mpg.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\brasilian porn bukkake girls upskirt .rar.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\beast public titts black hairunshaved (Sarah).zip.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Windows\System32\LogFiles\Fax\Incoming\trambling uncut (Samantha).rar.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\blowjob hot (!) girly .avi.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\SHARED\lesbian uncut shoes .avi.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\dotnet\shared\russian cumshot gay lesbian latex .rar.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Templates\japanese gang bang lesbian big .rar.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\fucking hot (!) YEâPSè& .mpg.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Program Files\Microsoft Office\Updates\Download\blowjob [bangbus] (Janette).avi.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\trambling full movie titts femdom (Melissa).mpg.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\tyrkish handjob beast uncut bedroom .rar.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\animal horse girls feet stockings .zip.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\tyrkish gang bang hardcore full movie glans pregnant (Tatjana).avi.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\Download\beast [free] .mpg.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Install\{D3EA2F86-0081-495C-8439-1E64CA71F999}\EDGEMITMP_57EE5.tmp\tyrkish gang bang trambling masturbation lady .mpg.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\gay public stockings .mpg.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\tyrkish fetish fucking [bangbus] .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Shared Gadgets\swedish handjob horse [free] wifey .zip.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\hardcore catfight .mpg.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\swedish kicking gay [milf] sm .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Microsoft Shared\lingerie full movie ejaculation .mpg.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\horse several models sm .avi.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\black beastiality blowjob big cock castration .avi.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\russian cumshot blowjob sleeping .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_211cf1c632a13851\spanish blowjob big mistress .avi.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_621728fcd3c9d5f6\asian hardcore hidden femdom (Gina,Karin).rar.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.572_none_cf90e12518baac85\kicking beast hidden cock .avi.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_d58d4747b1d5988c\xxx sleeping (Curtney).avi.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-m..ineshared.resources_31bf3856ad364e35_10.0.19041.1_en-us_99ddc8ce8d3d6dac\malaysia lingerie catfight cock swallow .mpg.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_215194e2327a46ac\african beast uncut titts circumcision (Jade).rar.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.928_none_33e0d5558cdd7c61\american nude hardcore sleeping cock blondie .rar.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.789_en-us_58ebf9ecc407e3c0\asian horse uncut (Sylvia).mpg.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-t..ervices-tsfairshare_31bf3856ad364e35_10.0.19041.746_none_0b33a1c93a22de1c\horse hardcore public glans .mpg.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-u..ell-sharedutilities_31bf3856ad364e35_10.0.19041.1_none_813610a8a9b59e0a\bukkake hidden glans fishy (Karin).rar.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-w..acejoin-gptemplates_31bf3856ad364e35_10.0.19041.1_none_609f27436445f4da\indian fetish blowjob voyeur young .mpg.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_ca03036af4a5017e\american gang bang xxx sleeping cock .zip.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_b1ffa0e7b4ed03e2\blowjob hot (!) blondie .avi.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_5abbd3c4a3f2014c\porn hardcore [free] upskirt .rar.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx-shared_registry_whidbey_31bf3856ad364e35_10.0.19041.1_none_1c68775f06732f08\swedish kicking fucking hidden swallow .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_3058d81cfd5218f2\american action trambling big titts .rar.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-m..ineshared.resources_31bf3856ad364e35_10.0.19041.1_en-us_a4327320c19e2fa7\cumshot bukkake voyeur sm .mpg.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_10.0.19041.1_none_c513167c1d0a90dd\xxx girls titts gorgeoushorny .mpg.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Windows\WinSxS\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_10.0.19041.1_none_15ba23b7f1e2b81b\malaysia horse [milf] ejaculation .rar.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_de-de_881b257d159a5de8\horse bukkake uncut titts .rar.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_a4f93129c473df49\american fetish blowjob hot (!) titts high heels (Sylvia).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_cb389cf57d74d691\french fucking hidden cock balls (Curtney).mpg.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.746_none_d01527cffa9c25bc\african sperm lesbian swallow (Britney,Samantha).rar.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_57eddd48e7a74274\french beast sleeping .avi.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.1266_none_7916f7558927ae23\cumshot blowjob full movie titts (Sandy,Liz).avi.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_5af076e0a3cb0fa7\american porn lingerie catfight hole bondage .mpg.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_10.0.19041.1_none_096bb4dc0d5d63a0\tyrkish beastiality sperm voyeur black hairunshaved .mpg.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_3a3c49005c947bac\horse lesbian full movie feet (Sandy,Jade).avi.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\templates\tyrkish animal gay sleeping (Janette).zip.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_en-us_310bfb76047869ad\horse sleeping high heels .zip.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_de-de_3d077a9cd5de5151\action fucking full movie beautyfull .avi.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_10.0.19041.1_none_4ac6500cab2b2113\black porn beast licking feet castration (Tatjana).zip.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.84_none_c494b3b28da10665\russian beastiality xxx masturbation black hairunshaved .rar.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_en-us_8dd6053a0a5910eb\gang bang blowjob licking fishy (Sonja,Sarah).rar.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Windows\WinSxS\x86_netfx4-installsqlstatetemplate_sql_b03f5f7f11d50a3a_4.0.15805.0_none_bde408a455fc3ece\french bukkake girls cock .avi.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\blowjob voyeur feet (Kathrin,Curtney).zip.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_10.0.19041.746_none_e2c6a972a81b8d2c\danish handjob lesbian [bangbus] blondie .mpg.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedpc-sharedpccsp_31bf3856ad364e35_10.0.19041.746_none_4cfe603abbcbfd86\beastiality sperm several models upskirt .rar.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_b597a55b603b537d\gang bang trambling girls feet .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-sx-shared_31bf3856ad364e35_10.0.19041.1_none_f8e978b0ed48a6bb\handjob bukkake girls feet ash .zip.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_adfc5e0bfca53431\cum xxx lesbian glans .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_es-es_30d7585a049f5b52\gay lesbian traffic .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_en-us_64f5aaf4bb13ecef\beastiality lesbian masturbation cock traffic .avi.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_it-it_f1a0741e853eda74\brasilian cum lesbian masturbation femdom .avi.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d38ece58f77171b4\sperm several models .rar.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_19d22204a1f3fcaf\fetish lesbian catfight cock YEâPSè& .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1151_none_fbdc4c5f677dc2ec\porn beast girls upskirt .rar.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_e79b400a6df5fd2c\swedish handjob gay [milf] bedroom .rar.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_2426cc56d654beaa\asian gay several models ejaculation .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.746_none_96167fa49059f7a3\fetish hardcore [bangbus] .mpg.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Windows\WinSxS\x86_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_10.0.19041.1_none_34e3bab50607a64b\horse [milf] pregnant .mpg.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Windows\WinSxS\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_10.0.19041.1_none_c049dbdb4e15bdd2\asian bukkake [bangbus] hairy (Gina,Jade).avi.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_f3b35d713ce0fc7f\malaysia blowjob lesbian (Sylvia).avi.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.1_none_c6da8048542fddc7\action trambling public hole castration (Tatjana).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx-aspnet-nonwow64-shared_b03f5f7f11d50a3a_4.0.19041.1_none_d66d07dacac85e2d\british blowjob [milf] hole sweet (Sarah).avi.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_2610450c30b37cc4\horse sperm [milf] hole femdom .zip.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.964_none_1c1a193f5bfcf136\african fucking sleeping .mpg.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_887b2378b7b5651d\nude sperm several models hole .mpg.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-update-upshared_31bf3856ad364e35_10.0.19041.84_none_85259eff919b7c9e\bukkake licking .rar.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedrealitysvc_31bf3856ad364e35_10.0.19041.1_none_5a23b464e1e0b15e\indian beastiality hardcore public femdom .mpg.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Windows\WinSxS\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_10.0.19041.1_none_a723631dce180fe0\british xxx voyeur hole girly .rar.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_833abdc06c68d338\kicking horse sleeping (Samantha).mpg.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.1_none_fa09f84703cb02c5\british trambling masturbation feet boots (Janette).zip.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-u..ell-sharedutilities_31bf3856ad364e35_10.0.19041.546_none_a93e4a2569276206\cum xxx masturbation feet circumcision .rar.exe | C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe
"C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe"
C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe
"C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe"
C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe
"C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe"
C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe
"C:\Users\Admin\AppData\Local\Temp\b76a8d5fa8557085b71f0a229a413e9359adf15a1cd0b5a6bdd60721d1dec62c.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1412 --field-trial-handle=2244,i,861925222566734100,5228329984880658054,262144 --variations-seed-version /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 64.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.154.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.114.53.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| IE | 94.245.104.56:443 | tcp | |
| GB | 13.87.96.169:443 | tcp | |
| US | 13.107.246.64:443 | tcp | |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| GB | 13.87.96.169:443 | tcp | |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| GB | 51.140.244.186:443 | tcp | |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.204.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 247.69.91.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 201.148.16.107.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 122.150.140.166.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.57.218.16.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.166.162.220.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.2.187.139.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.48.179.161.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.236.154.202.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.19.95.29.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.187.10.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.228.10.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.4.4.235.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.187.180.137.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.191.60.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 184.243.104.222.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 45.83.37.191.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 38.229.12.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.173.136.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 186.93.171.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.120.139.193.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.102.118.1.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 60.153.109.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 21.213.118.220.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.112.40.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.37.234.121.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 250.158.145.76.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.31.78.90.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 244.122.200.198.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.220.32.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.22.103.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.253.140.214.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 245.102.33.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 219.240.55.223.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.50.95.213.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 44.254.133.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 151.243.52.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 182.123.255.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 246.142.42.226.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 126.152.60.193.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.100.5.156.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.215.121.237.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.220.110.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 109.91.131.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.24.18.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.61.176.122.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.69.151.11.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.58.210.223.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.215.128.80.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.89.58.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 190.240.240.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 162.206.186.159.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.161.138.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 251.245.119.190.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.133.87.145.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.150.216.242.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 199.76.65.81.in-addr.arpa | udp |
Files
memory/3040-0-0x0000000000400000-0x000000000041E000-memory.dmp
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\horse several models sm .avi.exe
| MD5 | d67c4c49cab043a990a312e533953e39 |
| SHA1 | 6322bd084364f52c8626e2d0d71bdc662c73f74e |
| SHA256 | dd45884bfe8ca9b6802a0ef7801838f73e7df5eef8ec6e9ac65ce70820f04bfc |
| SHA512 | aa1d7b548df0eeddfe5a03a49c7ac62ec8b332b0ab984af42ecaee593f685e1126419c6cc8e0d9e8e725f9542dfbf8e6f254297b300b60f94e1726c24bed6598 |
memory/4484-26-0x0000000000400000-0x000000000041E000-memory.dmp
memory/3040-149-0x0000000000400000-0x000000000041E000-memory.dmp
memory/4020-170-0x0000000000400000-0x000000000041E000-memory.dmp
memory/244-176-0x0000000000400000-0x000000000041E000-memory.dmp
memory/4484-177-0x0000000000400000-0x000000000041E000-memory.dmp
memory/3040-188-0x0000000000400000-0x000000000041E000-memory.dmp
memory/3040-189-0x0000000000400000-0x000000000041E000-memory.dmp
memory/3040-193-0x0000000000400000-0x000000000041E000-memory.dmp
memory/3040-197-0x0000000000400000-0x000000000041E000-memory.dmp
memory/3040-201-0x0000000000400000-0x000000000041E000-memory.dmp
memory/3040-206-0x0000000000400000-0x000000000041E000-memory.dmp
memory/3040-212-0x0000000000400000-0x000000000041E000-memory.dmp
memory/3040-222-0x0000000000400000-0x000000000041E000-memory.dmp
memory/3040-226-0x0000000000400000-0x000000000041E000-memory.dmp
memory/3040-230-0x0000000000400000-0x000000000041E000-memory.dmp
memory/3040-234-0x0000000000400000-0x000000000041E000-memory.dmp
memory/3040-239-0x0000000000400000-0x000000000041E000-memory.dmp
memory/3040-243-0x0000000000400000-0x000000000041E000-memory.dmp
memory/3040-247-0x0000000000400000-0x000000000041E000-memory.dmp