Analysis Overview
SHA256
ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba
Threat Level: Known bad
The file ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba was found to be: Known bad.
Malicious Activity Summary
UPX dump on OEP (original entry point)
Detects executables containing possible sandbox analysis VM usernames
UPX dump on OEP (original entry point)
Checks computer location settings
Reads user/profile data of web browsers
UPX packed file
Enumerates connected drives
Adds Run key to start application
Drops file in System32 directory
Drops file in Windows directory
Drops file in Program Files directory
Enumerates physical storage devices
Unsigned PE
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-08 00:50
Signatures
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-08 00:50
Reported
2024-04-08 00:53
Platform
win10v2004-20240226-en
Max time kernel
150s
Max time network
151s
Command Line
Signatures
Detects executables containing possible sandbox analysis VM usernames
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\config\systemprofile\lingerie uncut .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Windows\System32\LogFiles\Fax\Incoming\american cumshot hardcore hidden cock swallow .mpg.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\indian action blowjob masturbation lady .avi.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\japanese handjob lingerie hot (!) feet gorgeoushorny .rar.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\bukkake big glans pregnant .mpg.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\blowjob catfight femdom .avi.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\lingerie public .avi.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\french blowjob lesbian .avi.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\SHARED\brasilian handjob blowjob masturbation gorgeoushorny .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\brasilian beastiality lingerie [milf] (Samantha).mpg.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\american nude bukkake sleeping redhair .rar.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\SHARED\russian beastiality fucking public hole balls .zip.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\Common Files\microsoft shared\fucking [milf] girly .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\horse big cock ejaculation .mpg.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Microsoft Shared\brasilian porn hardcore hot (!) hairy (Britney,Jade).avi.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\Download\tyrkish horse trambling licking .mpg.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\japanese cum trambling public .zip.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Program Files\dotnet\shared\japanese cum sperm masturbation cock hotel (Jade).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Templates\russian animal sperm masturbation shoes .avi.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\british blowjob big .zip.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\danish action xxx masturbation fishy .mpg.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\russian animal xxx hidden bondage .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\indian nude lesbian big granny .zip.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Program Files\Microsoft Office\Updates\Download\brasilian porn lesbian masturbation 50+ .rar.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Shared Gadgets\tyrkish cum trambling full movie titts Ôï .rar.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\horse hardcore [milf] .rar.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\lesbian lesbian lady (Sonja,Samantha).avi.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\american cum gay [bangbus] YEâPSè& .avi.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\trambling sleeping feet Ôï .rar.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\malaysia fucking hot (!) .mpg.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\danish cum beast voyeur sweet (Christine,Curtney).rar.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Windows\SystemResources\Windows.ShellCommon.SharedResources\bukkake hidden hole ash (Liz).mpg.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-m..ineshared.resources_31bf3856ad364e35_10.0.19041.1_en-us_99ddc8ce8d3d6dac\british hardcore [milf] leather .rar.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_b1ffa0e7b4ed03e2\beastiality gay [bangbus] cock femdom (Sarah).rar.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-security-ntlmshared_31bf3856ad364e35_10.0.19041.1_none_7d9dab4e456449b1\nude blowjob [milf] titts bondage .mpg.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx4-_dataperfcou.._shared12_neutral_h_b03f5f7f11d50a3a_4.0.15805.0_none_24ed4511dcc3019e\fucking uncut titts .mpg.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.746_none_b53f8b98f2b3a373\german trambling [free] .avi.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.746_none_d01527cffa9c25bc\asian fucking sleeping femdom (Jenna,Janette).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_8fafa997b9980bea\cum beast several models hotel .rar.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-sx-shared_31bf3856ad364e35_10.0.19041.1_none_f8e978b0ed48a6bb\black animal bukkake hot (!) balls (Christine,Sarah).mpg.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_10.0.19041.1_none_01240756137c3159\french lingerie several models hole .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_10.0.19041.1_none_c513167c1d0a90dd\british blowjob [milf] .mpg.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\tyrkish kicking lingerie sleeping cock shower .mpg.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_en-us_310bfb76047869ad\spanish trambling sleeping (Tatjana).avi.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_4c786ae2f508e6d5\german horse public glans black hairunshaved (Sarah).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_it-it_56adcc94becfef03\indian horse hardcore [milf] titts .rar.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Windows\WinSxS\x86_netfx4-installsqlstatetemplate_sql_b03f5f7f11d50a3a_4.0.15805.0_none_bde408a455fc3ece\porn hardcore [milf] ejaculation (Ashley,Karin).mpg.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Windows\mssrv.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1288_none_ca3007304990b2ea\french blowjob big cock .mpg.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-update-upshared_31bf3856ad364e35_10.0.19041.84_none_85259eff919b7c9e\german horse hidden .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_de-de_e4e52f411b7b0526\gay girls glans shoes (Samantha).mpg.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_10.0.19041.1_none_359f84f8e5af60e2\black animal beast [bangbus] glans .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..ces-ime-eashared-lm_31bf3856ad364e35_10.0.19041.1_none_4756d423b091d10b\indian beastiality lesbian voyeur (Sylvia).mpg.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\Downloads\american horse fucking [bangbus] beautyfull .mpg.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_14c898cc82025c76\norwegian beast [free] .mpg.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.546_none_cd016aa683e5a345\bukkake lesbian Ôï .avi.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.906_none_f962ab5f47e1e896\french xxx [bangbus] circumcision .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Windows\WinSxS\x86_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_10.0.19041.1_none_34e3bab50607a64b\beastiality lesbian public .mpg.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\american porn lingerie [bangbus] hole .avi.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_1bbb9ab9fc52bac9\brasilian beastiality horse hot (!) young .mpg.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_es-es_bf79b5fcc06b3128\indian gang bang gay girls titts (Sonja,Sylvia).zip.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1202_none_e2f5ebbcec2d8fca\cum sperm licking (Curtney).mpg.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.84_none_81616275259e37fe\asian beast voyeur pregnant (Sonja,Sarah).mpg.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_10.0.19041.1_none_ee94ce5eb8e7e4c0\japanese handjob sperm voyeur glans black hairunshaved .rar.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.1_none_4a03fd12cb3f16c2\beastiality hardcore [bangbus] sweet .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_b597a55b603b537d\american horse lesbian catfight glans swallow .mpg.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\french beast girls .mpg.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_de-de_881b257d159a5de8\japanese cumshot gay several models .zip.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.746_none_96167fa49059f7a3\spanish trambling uncut shower .rar.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-update-upshared_31bf3856ad364e35_10.0.19041.1151_none_025296d718a7b3a8\porn xxx lesbian hole fishy .zip.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx-shared_registry_whidbey_31bf3856ad364e35_10.0.19041.1_none_1c68775f06732f08\cum trambling sleeping titts shoes (Jade).rar.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_it-it_72a319bf8ee74a9b\cum xxx licking cock stockings .rar.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_10.0.19041.1_none_551afa5edf8be30e\french hardcore [milf] .rar.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Windows\security\templates\gay hot (!) sweet .avi.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_f07d4fae3e8e883f\chinese lesbian voyeur titts leather (Melissa).avi.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_e79b400a6df5fd2c\canadian lingerie public stockings (Gina,Sylvia).rar.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\horse hot (!) lady .zip.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-u..tyvm-sysprep-shared_31bf3856ad364e35_10.0.19041.1_none_3ba048793ab5eb3f\horse hardcore hidden black hairunshaved (Sonja,Samantha).avi.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-m..ineshared.resources_31bf3856ad364e35_10.0.19041.1_en-us_a4327320c19e2fa7\gay hot (!) shower .avi.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Windows\WinSxS\x86_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_10.0.19041.1_none_d980e9752d51efac\tyrkish horse blowjob [milf] feet .zip.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Windows\Downloaded Program Files\indian gang bang blowjob masturbation .mpg.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1288_none_56c05939711f0938\cumshot xxx [bangbus] .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-w..acejoin-gptemplates_31bf3856ad364e35_10.0.19041.1_none_609f27436445f4da\sperm big swallow .rar.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_adfc5e0bfca53431\trambling public titts black hairunshaved .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-a..gement-uevtemplates_31bf3856ad364e35_10.0.19041.1_none_0d66b54875835a49\spanish fucking masturbation .mpg.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-s..-kf-commondownloads_31bf3856ad364e35_10.0.19041.1_none_a914e3e3f19ceda1\malaysia sperm public boots .avi.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.844_none_67b5915b5651dd8a\gay [milf] .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_833abdc06c68d338\horse lesbian sleeping .zip.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_62312bfbb33d478a\norwegian beast [milf] .rar.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_93c5f32b7859ec4f\trambling big cock Ôï .mpg.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_es-es_8da1621e0a800290\malaysia beast girls traffic .rar.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_215194e2327a46ac\chinese sperm licking titts traffic (Curtney).mpg.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.789_en-us_58ebf9ecc407e3c0\african fucking voyeur glans bondage .rar.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedrealitysvc_31bf3856ad364e35_10.0.19041.1_none_5a23b464e1e0b15e\american action trambling girls hole leather (Janette).rar.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe
"C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe"
C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe
"C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe"
C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe
"C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe"
C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe
"C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 159.113.53.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.118.77.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.117.53.29.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 190.220.30.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.142.36.221.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.43.114.189.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 139.83.75.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 247.217.78.59.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 246.244.98.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.74.143.254.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 93.119.90.56.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.82.14.131.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.46.227.114.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 160.79.154.183.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 123.194.68.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.38.152.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 61.197.79.254.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.170.64.115.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.185.9.94.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.239.205.164.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 165.116.211.113.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.96.91.78.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.208.119.233.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.160.133.215.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.63.10.231.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 166.165.144.58.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.108.113.61.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.74.163.100.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.86.99.251.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.140.207.58.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 218.27.244.225.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 250.119.128.148.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.245.124.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.121.15.228.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.210.44.73.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 159.42.73.123.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.84.141.246.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.60.163.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 215.80.71.224.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 126.30.12.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.252.202.6.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.94.91.71.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.19.132.71.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 61.181.174.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 224.87.212.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 223.94.236.121.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 122.209.58.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.33.71.31.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.182.129.126.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.55.122.202.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.13.197.254.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.178.111.58.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 123.227.60.214.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.154.102.55.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 190.203.36.161.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 38.108.146.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.125.41.62.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 102.11.201.215.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.157.25.236.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.85.193.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 184.235.75.62.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.5.242.98.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.173.189.20.in-addr.arpa | udp |
Files
memory/1844-0-0x0000000000400000-0x000000000041E000-memory.dmp
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\russian animal xxx hidden bondage .mpeg.exe
| MD5 | 9dfec8e7384db05359d795b8e20be9cc |
| SHA1 | fefcf2a55a557b2a2b78109ab50855e64ac824cc |
| SHA256 | a976f9261862b14c63d08046b54dd79e841f0abf03d7df424e9ccca5662676aa |
| SHA512 | ffbb4ceae1b5516e664036610f4954d265e3b772625d1ec4093609ea582c4c1cf595eec6ded2cd3e47c42ca910fb6f331d45618f06cb20c4b805fe7fc085151f |
memory/5020-11-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1844-183-0x0000000000400000-0x000000000041E000-memory.dmp
memory/5020-184-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2200-185-0x0000000000400000-0x000000000041E000-memory.dmp
memory/4400-186-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1844-187-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1844-188-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1844-195-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1844-209-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1844-214-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1844-218-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1844-222-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1844-226-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1844-230-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1844-234-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1844-238-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1844-242-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1844-246-0x0000000000400000-0x000000000041E000-memory.dmp
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-08 00:50
Reported
2024-04-08 00:53
Platform
win7-20240221-en
Max time kernel
150s
Max time network
150s
Command Line
Signatures
Detects executables containing possible sandbox analysis VM usernames
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\hardcore lesbian titts leather .zip.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\indian handjob horse [milf] penetration .avi.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\shared\japanese handjob hardcore girls .avi.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Windows\System32\LogFiles\Fax\Incoming\japanese action lesbian girls hole shower .zip.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\black cumshot xxx big penetration (Sandy,Curtney).zip.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\gay big ash (Sandy,Tatjana).zip.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\tyrkish action fucking hot (!) glans hairy .mpg.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\italian animal lesbian big blondie .mpg.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\tyrkish beastiality hardcore public sweet .rar.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\shared\russian action lingerie full movie .rar.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\lesbian voyeur stockings .mpg.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\bukkake licking .mpg.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\fucking hidden balls .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\brasilian kicking beast [bangbus] feet (Britney,Liz).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\russian fetish lesbian sleeping glans .avi.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\sperm girls glans (Sandy,Janette).mpg.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Program Files\Windows Journal\Templates\horse [free] titts (Ashley,Samantha).mpg.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Shared Gadgets\indian nude horse girls balls .zip.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\black animal beast girls feet femdom .zip.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Program Files\DVD Maker\Shared\japanese horse xxx big 50+ .rar.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\danish gang bang blowjob public girly .zip.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\Download\hardcore hot (!) (Tatjana).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\microsoft shared\trambling lesbian balls .mpg.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\indian fetish bukkake [milf] (Sylvia).avi.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\indian kicking beast masturbation (Curtney).zip.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8bc7919d3f36cee7\bukkake hot (!) hole girly (Melissa).zip.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_3d98a610fed70b75\animal beast catfight cock circumcision .mpg.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_05ea1d9b8e2bf020\canadian gay [milf] ash (Kathrin,Melissa).zip.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\american cum sperm [bangbus] gorgeoushorny .zip.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2fc4a33adb648f33\gay hot (!) bondage .zip.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0af98f1835676d1b\black horse trambling full movie titts .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_cd2006602e5ee22e\indian nude fucking [free] .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Windows\mssrv.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8d9f242de8497d58\gay full movie titts .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_5e4ff1f4cf2dee9b\handjob sperm sleeping .zip.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ad7c61fb28607522\malaysia lingerie masturbation femdom .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_b7f38afb92de484f\russian animal beast [milf] hole penetration (Samantha).avi.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_293ea1e3e6bc5364\bukkake masturbation hole .rar.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_65b23d3c3a97bfaf\horse girls (Janette).mpg.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\black cum lingerie [bangbus] .rar.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_bcc167434bb9b3ea\spanish lingerie big castration .zip.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_963e6ae24c653bfe\african sperm licking mature (Gina,Karin).rar.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_3863e9ef3f804dd9\spanish bukkake uncut gorgeoushorny .mpg.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8c6fc5a7aa8c435d\nude xxx sleeping hole .avi.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_97a45841ff925aa0\american animal beast public cock castration .mpg.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\japanese handjob blowjob voyeur glans redhair (Samantha).avi.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\american animal beast full movie hole mature (Samantha).zip.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\japanese cumshot gay masturbation feet .zip.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_dd18b2a07d49aa11\horse hot (!) cock 50+ .avi.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\russian cum fucking lesbian titts .zip.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\danish nude hardcore masturbation hole shower (Jade).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\swedish horse bukkake several models (Sarah).mpg.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_es-es_00bfb7e81e458178\canadian sperm full movie hole mistress (Sarah).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Windows\winsxs\InstallTemp\canadian blowjob girls (Melissa).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_f3c374fc18118ca2\italian horse horse big hole femdom .zip.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\danish horse lingerie big titts bondage .zip.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\tyrkish horse sperm masturbation (Karin).avi.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_387a16fe7addf3b6\porn lesbian [bangbus] hole .rar.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_6f0f7833cb71e18d\sperm big hole leather .zip.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0993a1b8823a4e79\african horse big bedroom .zip.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_aedaf3947d09fbe5\norwegian beast licking fishy (Sonja,Samantha).mpg.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Windows\Downloaded Program Files\indian cum lesbian catfight hole stockings (Jade).avi.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Windows\security\templates\danish animal trambling hidden .avi.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_00225053e03f4c04\animal horse [milf] .avi.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_6.1.7600.16385_none_6377027f0030a06a\black gang bang trambling licking black hairunshaved .avi.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_7bfdfb15e7184c41\beastiality xxx hidden circumcision (Britney,Tatjana).avi.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\fucking masturbation femdom (Britney,Liz).mpg.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\beast [bangbus] .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Windows\SoftwareDistribution\Download\black gang bang trambling uncut hole .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b4aea777fe683838\horse lingerie [bangbus] .avi.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a3772de7111797da\chinese lingerie masturbation hole .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_2e7f079c3208e549\spanish blowjob uncut cock castration .mpg.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_6.1.7600.16385_none_a727eb798dcfb185\gang bang blowjob uncut cock gorgeoushorny .avi.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\hardcore big ash .avi.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\danish animal bukkake hot (!) (Melissa).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_7f84cd98a7a56fd8\fetish horse catfight castration (Jenna,Sarah).mpg.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Windows\winsxs\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_79642285ffd2a388\action gay big titts hairy .rar.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ac16749b75335680\tyrkish horse gay masturbation .zip.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\swedish fetish hardcore catfight .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_16a2bb1dbab1c595\malaysia fucking girls cock hairy (Sylvia).zip.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_f0ca3430257ea13f\sperm full movie .avi.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Windows\assembly\tmp\horse girls bondage .avi.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_bacc7ceffc55dca2\chinese blowjob public titts upskirt .zip.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_515dc677700303ec\asian fucking masturbation bedroom .avi.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\italian action gay uncut lady .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_a945e2c500c90142\spanish gay voyeur feet .avi.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5d9f7d70ed4643fd\norwegian lesbian lesbian glans girly (Liz).mpg.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_en-us_00f45b041e1e8fd3\indian nude gay several models .mpg.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
| File created | C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\indian nude hardcore [bangbus] .rar.exe | C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe
"C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe"
C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe
"C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe"
C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe
"C:\Users\Admin\AppData\Local\Temp\ba7a77cd4d26c15f6b2eeed8549b820ca7897b14f982443c4529026facb9b1ba.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 134.252.86.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 174.185.31.241.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 165.242.221.165.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.222.119.189.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.211.195.94.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.22.173.158.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.251.254.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.103.164.55.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 123.207.143.124.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 167.155.31.15.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.56.171.218.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.183.12.229.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.233.230.139.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.233.134.218.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.67.208.63.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.115.35.73.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 7.77.158.253.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 61.74.125.254.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 243.62.100.241.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 109.88.229.167.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.64.188.134.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.44.220.196.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.155.116.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 246.34.113.30.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.161.29.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.105.246.205.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.23.137.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.247.210.40.in-addr.arpa | udp |
Files
memory/2796-0-0x0000000000400000-0x000000000041E000-memory.dmp
C:\Program Files\Windows Sidebar\Shared Gadgets\indian nude horse girls balls .zip.exe
| MD5 | 73f411b8de13b93c9c1436531d2de7f9 |
| SHA1 | 741d2b2531c6cdbb8c1ffd38cf19fd52c51524e1 |
| SHA256 | e9226bebce0365fd87343f36283e37994a4f882c783b80688ead1e7b45c91aa6 |
| SHA512 | 875bdcdc039cde3733d9dce77ad14da75648f271fb41a71a8d4819f9fe1997f84f5022eb963983a64e70080afc1f7d8a68edde40252e5fbe259abcbc0844ff69 |
memory/2796-81-0x00000000051F0000-0x000000000520E000-memory.dmp
memory/2496-82-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2496-91-0x0000000004E10000-0x0000000004E2E000-memory.dmp
memory/1960-92-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2796-96-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1960-106-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2796-107-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2796-110-0x00000000051F0000-0x000000000520E000-memory.dmp
memory/2496-111-0x0000000004E10000-0x0000000004E2E000-memory.dmp
memory/2796-112-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2796-115-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2796-118-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2796-123-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2796-126-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2796-129-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2796-132-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2796-135-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2796-138-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2796-141-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2796-144-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2796-147-0x0000000000400000-0x000000000041E000-memory.dmp