Analysis Overview
SHA256
ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c
Threat Level: Known bad
The file ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c was found to be: Known bad.
Malicious Activity Summary
UPX dump on OEP (original entry point)
UPX dump on OEP (original entry point)
UPX packed file
Reads user/profile data of web browsers
Checks computer location settings
Adds Run key to start application
Enumerates connected drives
Drops file in System32 directory
Drops file in Windows directory
Drops file in Program Files directory
Unsigned PE
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-08 00:50
Signatures
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-08 00:50
Reported
2024-04-08 00:52
Platform
win7-20240221-en
Max time kernel
150s
Max time network
155s
Command Line
Signatures
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\IME\shared\danish beastiality public sweet .avi.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\lesbian action uncut glans .avi.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\shared\tyrkish fucking uncut .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\canadian cumshot nude sleeping penetration .mpg.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Windows\System32\LogFiles\Fax\Incoming\african gay big .avi.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\black fetish fetish [bangbus] .rar.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\cum lesbian (Kathrin,Janette).mpg.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\fetish blowjob girls ìï .mpg.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\brasilian trambling sleeping boobs (Sonja,Gina).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\malaysia blowjob sleeping upskirt (Ashley,Karin).rar.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Google\Temp\asian lesbian gay [bangbus] (Curtney,Janette).avi.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\sperm cum catfight gorgeoushorny .zip.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\african bukkake lesbian titts ejaculation .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\french nude [bangbus] shower (Anniston).avi.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\handjob lesbian .mpg.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Program Files\DVD Maker\Shared\tyrkish action beastiality sleeping beautyfull .zip.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Program Files\Windows Journal\Templates\danish lingerie porn lesbian 40+ .mpg.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Shared Gadgets\american handjob catfight (Sonja,Tatjana).zip.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\russian cumshot trambling hidden girly .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\asian kicking several models nipples hotel .avi.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\bukkake blowjob hot (!) fishy (Gina,Gina).zip.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\microsoft shared\norwegian cumshot lingerie uncut upskirt .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\Download\norwegian xxx hardcore lesbian boots (Curtney,Jade).rar.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\american trambling catfight vagina .zip.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\italian action big (Janette,Sonja).mpg.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\swedish cum gay [bangbus] vagina leather .rar.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\canadian gang bang lesbian sleeping fishy .rar.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\british nude action sleeping stockings .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Windows\SoftwareDistribution\Download\blowjob masturbation (Tatjana).rar.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\tyrkish beast [free] 50+ .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_39374e2435a71b47\russian beast hardcore public bondage .mpg.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_4d274741486b900c\black horse hardcore voyeur wifey .rar.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_en-us_00f45b041e1e8fd3\asian horse kicking sleeping (Sylvia).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_7bfdfb15e7184c41\horse several models fishy (Janette,Liz).rar.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_387a16fe7addf3b6\danish lesbian bukkake catfight girly .zip.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_6.1.7600.16385_none_2958d4a31d2ec64f\indian sperm nude catfight ash .avi.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0af98f1835676d1b\gang bang [free] .rar.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_293ea1e3e6bc5364\tyrkish action cumshot girls glans sm .avi.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8bc7919d3f36cee7\brasilian handjob lingerie uncut sm .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Windows\Downloaded Program Files\swedish fucking nude girls leather .zip.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_095efe9c8261401e\african action [bangbus] 40+ .zip.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05\beastiality gang bang licking .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_94828572f7ddbf0f\spanish cumshot sleeping wifey (Tatjana,Kathrin).mpg.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_es-es_00bfb7e81e458178\trambling fetish several models balls .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0ac4ebfc358e5ec0\american hardcore fucking lesbian .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_60c2504d62fd4f0e\indian sperm horse [bangbus] .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_16a2bb1dbab1c595\horse catfight black hairunshaved (Ashley).zip.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_c26c5b8280c6af34\indian sperm lingerie sleeping nipples stockings (Curtney,Sonja).zip.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-m..-temptable-provider_31bf3856ad364e35_6.1.7600.16385_none_1dd3ce8d1e7524cd\canadian sperm handjob voyeur young .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\norwegian blowjob gang bang girls (Curtney).rar.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_f3c374fc18118ca2\lesbian [free] bondage .mpg.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_34400a5790d1d336\brasilian trambling sleeping high heels .rar.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_6.1.7600.16385_none_49dd84a06c7c8863\handjob public (Sandy,Sandy).rar.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_bacc7ceffc55dca2\asian gay xxx hidden mistress (Sandy,Karin).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0993a1b8823a4e79\tyrkish gay catfight titts .avi.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\german action beastiality full movie (Karin,Janette).rar.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_3863e9ef3f804dd9\malaysia beastiality beastiality [free] .mpg.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_3b85bcbe4734e96a\danish cum handjob uncut hotel (Jenna,Ashley).zip.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_6.1.7600.16385_none_5499606faffb3f9f\horse girls ash granny .avi.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_963e6ae24c653bfe\asian xxx cumshot several models .avi.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_965db382b6fef5cb\cum hidden balls .rar.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_it-it_18a6fde3093acac7\russian gang bang uncut hole bedroom .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_1412267f4b3bb985\kicking uncut glans fishy .zip.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_aedaf3947d09fbe5\lesbian licking bondage (Jade,Samantha).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b4aea777fe683838\german gay big cock wifey (Melissa,Sarah).rar.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\lesbian horse big YEâPSè& (Christine,Janette).zip.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_4fe2107fd06efdd8\british lesbian girls YEâPSè& (Sarah).zip.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_ddab3bcb3a4ffb45\canadian fetish xxx masturbation .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\black handjob bukkake public .rar.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5d6ada54ed6d35a2\kicking fucking hidden sweet .rar.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_97a45841ff925aa0\chinese fetish animal catfight .mpg.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Windows\winsxs\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_6b16fa9f975e1109\american blowjob blowjob uncut .rar.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ac16749b75335680\porn public (Sandy).avi.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\norwegian xxx beastiality uncut nipples (Sarah,Curtney).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e30b5ec05031d17d\canadian blowjob horse hot (!) boobs pregnant (Liz,Liz).avi.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ad7c61fb28607522\american beastiality licking vagina (Sonja).rar.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_b7f38afb92de484f\japanese kicking action several models gorgeoushorny (Karin,Jenna).rar.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_dd18b2a07d49aa11\canadian fetish catfight YEâPSè& .avi.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Windows\PLA\Templates\handjob lingerie hot (!) bondage .avi.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_2e7f079c3208e549\beastiality fetish public hole .mpg.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_5e4ff1f4cf2dee9b\trambling horse full movie blondie .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\asian nude blowjob full movie .mpg.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\animal fucking sleeping penetration .zip.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_6.1.7600.16385_none_af6f98ff87b0e3cc\japanese bukkake public .mpg.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\asian blowjob blowjob [milf] (Sandy).mpg.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0835101f2d90c7b6\french kicking catfight penetration .zip.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_6.1.7600.16385_none_6377027f0030a06a\russian fucking hot (!) legs young (Samantha,Liz).avi.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_6208b91f46896156\american lingerie catfight glans (Curtney,Christine).mpg.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Windows\security\templates\cumshot fetish licking penetration .avi.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe
"C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe"
C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe
"C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe"
C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe
"C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 96.99.130.249.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.212.22.203.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.248.222.117.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.99.87.31.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.224.124.225.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.48.162.5.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 96.119.13.15.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.68.91.240.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.212.132.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.63.250.90.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.171.2.59.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 96.42.169.114.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.104.193.117.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 167.131.106.238.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 243.4.185.187.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.91.51.213.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 107.179.181.38.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.144.176.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 120.184.215.127.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 187.200.247.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.209.115.75.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 204.16.167.182.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.11.126.231.in-addr.arpa | udp |
Files
memory/2860-0-0x0000000000400000-0x000000000041D000-memory.dmp
C:\Program Files\Windows Sidebar\Shared Gadgets\american handjob catfight (Sonja,Tatjana).zip.exe
| MD5 | 389478cda8298f222fd93f3ba3206aec |
| SHA1 | 4b7bde5fcc0722a71e6b039961eba16ab6c741dc |
| SHA256 | f2c3ff478acc3fe2b46e2d52ee4df33cc5e640bd5d86b2ad933f7da42fda31a0 |
| SHA512 | 39b5aa9c9b6ae7bfd6021036471589dfad89e1b040a26b00cb0d7089dd2442ab40d5a9d4d9eaf24a30b3c311059838f579a4f09bd1a7fab997e2ac942f2291c9 |
memory/2860-15-0x0000000004B40000-0x0000000004B5D000-memory.dmp
memory/2488-16-0x0000000000400000-0x000000000041D000-memory.dmp
memory/2488-58-0x0000000004510000-0x000000000452D000-memory.dmp
memory/2396-59-0x0000000000400000-0x000000000041D000-memory.dmp
memory/2860-96-0x0000000000400000-0x000000000041D000-memory.dmp
memory/2860-98-0x0000000004B40000-0x0000000004B5D000-memory.dmp
memory/2488-99-0x0000000000400000-0x000000000041D000-memory.dmp
memory/2488-100-0x0000000004510000-0x000000000452D000-memory.dmp
C:\debug.txt
| MD5 | 08f20fa3544cd03ad77e196b8e29500b |
| SHA1 | 825f7a2c3b0c8b78e0053cb854a270dca23d73b3 |
| SHA256 | 841ad590d83802e1796c5219d003456020b39319ad94337ac4c5e143e899da77 |
| SHA512 | 4e2828104b52ee8f5befd02e4c9c7f39b881b93bd4a7abdea6566b9a213e708f0185841ce6d6e6da6e6af20aaed5d04166ee4a7469d4fdca7c260ab86b6bbb13 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-08 00:50
Reported
2024-04-08 00:52
Platform
win10v2004-20240226-en
Max time kernel
150s
Max time network
151s
Command Line
Signatures
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\System32\DriverStore\Temp\american sperm sleeping (Curtney).avi.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\gay fucking several models mature .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Windows\System32\LogFiles\Fax\Incoming\beastiality [bangbus] .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\british sperm uncut penetration .mpg.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\SHARED\chinese handjob beastiality catfight (Sonja,Karin).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\asian lingerie hidden cock hairy .avi.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\SHARED\american animal lesbian titts YEâPSè& (Sonja,Melissa).avi.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\fetish nude sleeping young .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\chinese bukkake fucking several models blondie (Jade).rar.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\cumshot voyeur .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\beastiality uncut .mpg.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\african xxx gay several models (Ashley,Janette).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Google\Temp\horse horse catfight legs granny .rar.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\brasilian gang bang lesbian .zip.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Program Files\Microsoft Office\Updates\Download\nude sperm [bangbus] blondie (Curtney,Melissa).zip.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\asian action horse lesbian gorgeoushorny .mpg.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\african blowjob licking nipples bedroom (Anniston).avi.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Program Files\dotnet\shared\malaysia horse horse sleeping glans .zip.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\canadian horse big shoes .zip.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Microsoft Shared\horse fucking sleeping (Sandy).avi.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\french horse hardcore girls vagina .zip.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\Download\horse big blondie .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Templates\spanish handjob cum sleeping nipples upskirt .rar.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\indian bukkake big latex .avi.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\chinese cumshot horse sleeping .rar.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Shared Gadgets\norwegian hardcore fetish full movie titts (Sarah,Anniston).avi.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\swedish horse beastiality [milf] hole .rar.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\canadian handjob masturbation young .zip.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\brasilian nude voyeur feet .mpg.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\gay licking young (Anniston,Tatjana).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\ServiceProfiles\NetworkService\Downloads\animal hot (!) mature (Sandy,Karin).avi.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_adfc5e0bfca53431\chinese porn nude catfight .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-update-upshared_31bf3856ad364e35_10.0.19041.1151_none_025296d718a7b3a8\fucking lesbian .mpg.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\porn lesbian boobs castration .zip.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-m..ineshared.resources_31bf3856ad364e35_10.0.19041.1_en-us_a4327320c19e2fa7\tyrkish cum lesbian [milf] titts high heels .mpg.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.1_none_7862ecae0548fb54\canadian horse cumshot [milf] balls .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\indian lesbian lesbian balls .zip.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.867_en-us_49453482f1fb5356\swedish gay voyeur cock lady (Sylvia).avi.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-composable-sharepicker_31bf3856ad364e35_10.0.19041.1_none_c87e96327faffd0e\chinese kicking gay big .zip.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_57eddd48e7a74274\hardcore bukkake lesbian ash redhair (Tatjana,Jade).avi.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_d58d4747b1d5988c\nude gang bang big femdom .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_56cd15352969a8d0\beast handjob hot (!) feet 40+ .mpg.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\templates\blowjob [free] cock (Janette).avi.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_855aff45853749ef\cum catfight beautyfull .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.153_none_e23c926e32d07dc1\black horse gang bang several models .avi.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\bukkake fetish uncut leather .zip.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_621728fcd3c9d5f6\trambling fetish lesbian cock fishy .rar.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_b1ffa0e7b4ed03e2\tyrkish horse [milf] blondie .avi.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.789_en-us_58ebf9ecc407e3c0\cum big vagina .mpg.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_cb389cf57d74d691\xxx hardcore licking (Samantha,Samantha).rar.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_67a96afcfa248327\japanese trambling gang bang [free] hotel .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_1bbb9ab9fc52bac9\blowjob lingerie several models glans .rar.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1288_none_56c05939711f0938\russian porn hot (!) granny .mpg.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_10.0.19041.1_none_03040a328f65b761\spanish nude hidden boobs wifey .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\norwegian beastiality catfight gorgeoushorny .zip.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Windows\SoftwareDistribution\Download\SharedFileCache\british fetish public balls .avi.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_5d54c0aac5c3c12c\tyrkish horse fucking masturbation Ôï .mpg.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.572_none_cf90e12518baac85\spanish beastiality hardcore hidden black hairunshaved .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_6242879b1c08046f\british gang bang masturbation legs boots .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_2610450c30b37cc4\beastiality lesbian lesbian .rar.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Windows\assembly\tmp\italian sperm voyeur nipples (Karin,Sonja).mpg.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\templates\swedish cumshot gang bang full movie .avi.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.1_none_a80cea873b2a6772\indian lingerie masturbation .rar.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5021dd18efc0460c\indian xxx [milf] vagina shower .mpg.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_de-de_881b257d159a5de8\kicking [milf] bondage .mpg.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1_none_0b596e2a33be7d4c\norwegian trambling horse hidden sm (Ashley,Anniston).avi.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_10.0.19041.1_none_551afa5edf8be30e\beastiality uncut Ôï .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_10.0.19041.1_none_4ac6500cab2b2113\chinese action action voyeur sweet .mpg.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-update-upshared_31bf3856ad364e35_10.0.19041.84_none_85259eff919b7c9e\horse licking high heels (Melissa).rar.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_10.0.19041.1_none_965fbcbe4df0916b\black beast public redhair .rar.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.746_none_d01527cffa9c25bc\gay gang bang full movie .mpg.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_62312bfbb33d478a\asian hardcore lesbian castration .rar.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-u..ell-sharedutilities_31bf3856ad364e35_10.0.19041.1_none_813610a8a9b59e0a\norwegian lesbian cumshot uncut shoes .rar.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.746_none_b53f8b98f2b3a373\hardcore blowjob [milf] .mpg.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.928_none_33e0d5558cdd7c61\beast horse several models hole boots .zip.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_de-de_bc04d4fbcc35e12a\swedish handjob trambling several models fishy (Sandy,Karin).avi.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1202_none_d8a1416ab7cccdcf\black beastiality xxx catfight hairy .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedrealitysvc_31bf3856ad364e35_10.0.19041.746_none_822bf1ada1526fa8\beastiality kicking big boobs swallow .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..ces-ime-eashared-lm_31bf3856ad364e35_10.0.19041.1_none_3d0229d17c310f10\handjob porn hot (!) YEâPSè& .rar.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_14c898cc82025c76\horse lesbian masturbation .mpg.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.84_none_c494b3b28da10665\beast lesbian .zip.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_3a3c49005c947bac\sperm bukkake [free] boobs bedroom .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.84_none_cee95e04c201c860\indian xxx big legs mature .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\british kicking voyeur YEâPSè& .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_de-de_e4e52f411b7b0526\french cumshot hidden sm .zip.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Windows\InputMethod\SHARED\danish animal [free] nipples .rar.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Windows\WinSxS\x86_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_10.0.19041.1_none_34e3bab50607a64b\beast fetish lesbian 40+ .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Windows\WinSxS\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_10.0.19041.1_none_4ab14109a3e1e067\danish kicking beastiality uncut .rar.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Windows\WinSxS\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_10.0.19041.1_none_a723631dce180fe0\norwegian cumshot girls vagina penetration (Sandy,Jenna).avi.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_es-es_bf79b5fcc06b3128\asian cumshot action masturbation .rar.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_89c0bf1761110f07\indian trambling kicking hidden ash .avi.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_es-es_8da1621e0a800290\danish fucking big Ôï (Britney).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_8d8f6812a0c99533\german fetish sleeping .avi.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_b597a55b603b537d\malaysia cumshot hardcore girls wifey (Sandy).mpg.exe | C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe
"C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe"
C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe
"C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe"
C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe
"C:\Users\Admin\AppData\Local\Temp\ba54a9ad4088306222b0227e1d170eb7f86bbfc749eef50603756d2921b5007c.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| NL | 72.246.173.187:80 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | 187.173.246.72.in-addr.arpa | udp |
| NL | 72.246.173.187:80 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | 112.13.186.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.156.140.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.102.22.100.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.39.213.129.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 94.206.228.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.97.197.110.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.200.4.5.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.57.168.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.239.52.59.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 166.57.62.28.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.104.172.134.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 135.250.209.48.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 243.87.126.62.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 94.64.96.57.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.151.118.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.78.245.147.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.167.240.145.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 181.19.129.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.203.135.56.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.25.213.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.203.161.161.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 142.179.72.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 63.176.52.144.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.73.101.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.14.7.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 231.225.248.254.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.68.169.56.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 219.129.248.196.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 250.40.186.214.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 39.225.35.49.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.180.144.14.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 252.38.226.244.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 37.63.117.127.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 248.113.197.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.255.46.208.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.165.177.120.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.40.91.61.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.236.159.211.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.184.240.53.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 102.62.118.167.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.4.141.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.239.6.126.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.233.24.19.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.242.176.133.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 248.178.113.179.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 116.231.255.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 190.239.14.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 147.10.10.201.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.49.190.211.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.117.33.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 166.152.247.68.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 151.127.47.28.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 189.194.83.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.146.108.143.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.44.188.232.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 187.4.76.31.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 102.16.16.143.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.86.34.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.210.139.16.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.65.42.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.100.206.229.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.135.66.250.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.134.163.203.in-addr.arpa | udp |
Files
memory/2764-0-0x0000000000400000-0x000000000041D000-memory.dmp
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\indian bukkake big latex .avi.exe
| MD5 | 3c6f38265534341ed2f817b3587111c2 |
| SHA1 | 94f50cfa5dd505f629bdd4148956e4957c2adc0d |
| SHA256 | e69522e7cdb7fff758a3fb556d1b3648d7665a8a621b595ec6475cddb478ebc8 |
| SHA512 | a89449764cd6a427eab47e5c03487e183ab67dfa9befc32c1b88e4290f50650a72a276c06ccef8d4726be5aba573020d0216b2e1bf05eaaf5b378277cbbd527a |
memory/2828-44-0x0000000000400000-0x000000000041D000-memory.dmp
memory/4556-161-0x0000000000400000-0x000000000041D000-memory.dmp
memory/2764-190-0x0000000000400000-0x000000000041D000-memory.dmp
memory/2828-194-0x0000000000400000-0x000000000041D000-memory.dmp
memory/4556-195-0x0000000000400000-0x000000000041D000-memory.dmp