Analysis Overview
SHA256
bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63
Threat Level: Known bad
The file bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63 was found to be: Known bad.
Malicious Activity Summary
UPX dump on OEP (original entry point)
Detects executables containing possible sandbox analysis VM usernames
UPX dump on OEP (original entry point)
Reads user/profile data of web browsers
UPX packed file
Checks computer location settings
Enumerates connected drives
Adds Run key to start application
Drops file in System32 directory
Drops file in Program Files directory
Drops file in Windows directory
Enumerates physical storage devices
Unsigned PE
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-08 00:52
Signatures
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-08 00:52
Reported
2024-04-08 00:55
Platform
win7-20231129-en
Max time kernel
150s
Max time network
150s
Command Line
Signatures
Detects executables containing possible sandbox analysis VM usernames
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\IME\shared\brasilian porn lingerie [free] cock 40+ .mpg.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Windows\System32\LogFiles\Fax\Incoming\swedish horse gay [free] shoes .rar.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\shared\indian action lingerie lesbian .zip.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\malaysia sperm girls cock leather .avi.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\gay lesbian feet gorgeoushorny .avi.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\danish gang bang blowjob lesbian .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\american action gay public glans .mpg.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\horse public cock blondie .avi.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\japanese horse gay full movie hole granny .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\danish cumshot hardcore public (Janette).zip.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\Common Files\Microsoft Shared\brasilian nude hardcore public shower .zip.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Shared Gadgets\swedish action beast [milf] titts leather .mpg.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\microsoft shared\trambling full movie cock black hairunshaved .zip.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\indian cumshot bukkake uncut cock .rar.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\danish porn lesbian lesbian hole stockings .rar.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\japanese beastiality sperm big (Melissa).zip.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\Download\tyrkish handjob bukkake [milf] hole .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\hardcore hot (!) feet .mpg.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\russian beastiality trambling [free] glans shoes .mpg.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\black kicking fucking masturbation gorgeoushorny .mpg.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\tyrkish porn bukkake big glans ash .zip.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\lingerie [bangbus] glans (Sonja,Janette).mpg.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Program Files\DVD Maker\Shared\xxx voyeur .zip.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Program Files\Windows Journal\Templates\lingerie uncut 40+ .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\tyrkish animal lesbian sleeping hairy .zip.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_3b85bcbe4734e96a\sperm full movie ejaculation .mpg.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_5e4ff1f4cf2dee9b\spanish blowjob lesbian glans high heels .mpg.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Windows\assembly\temp\trambling public .mpg.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Windows\winsxs\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_6b16fa9f975e1109\hardcore sleeping (Samantha).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_f0ca3430257ea13f\canadian sperm public feet .rar.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_16a2bb1dbab1c595\fucking public titts girly .mpg.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_3d98a610fed70b75\blowjob uncut hole balls (Melissa).avi.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\trambling girls feet castration (Liz).avi.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\tyrkish animal xxx full movie .mpg.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_6.1.7600.16385_none_a727eb798dcfb185\russian handjob sperm voyeur granny .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_095efe9c8261401e\cumshot fucking big mistress .mpg.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0835101f2d90c7b6\fucking several models (Jade).zip.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_bacc7ceffc55dca2\norwegian fucking hidden titts .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5d9f7d70ed4643fd\german trambling lesbian hole granny (Tatjana).mpg.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ac16749b75335680\lingerie masturbation .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_99b74194b7347cab\asian lingerie licking (Curtney).zip.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_d81c96999f75bd77\beast [free] swallow .zip.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0ac4ebfc358e5ec0\canadian fucking sleeping black hairunshaved (Kathrin,Janette).mpg.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_7bfdfb15e7184c41\canadian xxx hot (!) cock (Kathrin,Janette).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0993a1b8823a4e79\handjob gay sleeping feet hairy .mpg.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_f3c374fc18118ca2\spanish lesbian several models traffic .rar.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\japanese nude horse licking sm .avi.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_de-de_5803850b2f40840e\asian bukkake hot (!) .rar.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_6f0f7833cb71e18d\tyrkish cum beast uncut .avi.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_9498b282333b64ec\british gay public feet YEâPSè& (Janette).avi.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\danish porn xxx full movie hole wifey (Liz).zip.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Windows\assembly\tmp\hardcore voyeur .avi.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_97a45841ff925aa0\blowjob [bangbus] hole young .avi.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Windows\winsxs\Temp\gay full movie glans latex (Curtney).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\japanese gang bang gay lesbian cock .zip.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a3772de7111797da\norwegian blowjob catfight titts bedroom .mpg.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Windows\mssrv.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_f27c4f066f5c6701\beastiality beast [bangbus] femdom .avi.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8bc7919d3f36cee7\italian action bukkake catfight cock traffic .zip.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_39c9d74ef2ad6c7b\beastiality beast sleeping pregnant (Sonja,Sylvia).mpg.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_dd18b2a07d49aa11\brasilian nude fucking [free] (Curtney).mpg.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_7f84cd98a7a56fd8\chinese horse lesbian glans .zip.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\trambling hot (!) feet pregnant .avi.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_6.1.7600.16385_none_6377027f0030a06a\malaysia lingerie [free] bedroom .zip.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_6.1.7600.16385_none_2958d4a31d2ec64f\norwegian gay [bangbus] hole granny .mpg.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\italian fetish fucking uncut bondage .mpg.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_657d9a203abeb154\japanese handjob beast [milf] shower .rar.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_4d274741486b900c\tyrkish handjob fucking [free] black hairunshaved .zip.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_664dbffec8693dfe\hardcore several models hole mature .mpg.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b4aea777fe683838\fucking voyeur cock lady .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_d8216ed3d8746200\japanese action fucking uncut titts upskirt .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_39374e2435a71b47\bukkake [free] high heels .rar.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\danish action sperm uncut hole boots .avi.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e30b5ec05031d17d\african xxx [bangbus] .avi.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_1412267f4b3bb985\blowjob lesbian .rar.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_3c93ac15fd731acf\cum blowjob big cock 50+ (Sarah).mpg.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_4fe2107fd06efdd8\norwegian fucking licking cock .rar.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_3863e9ef3f804dd9\british blowjob girls (Tatjana).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_aea650787d30ed8a\tyrkish fetish xxx [milf] granny .rar.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\swedish porn horse full movie stockings .mpg.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_293ea1e3e6bc5364\american cum lingerie sleeping (Curtney).rar.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_6.1.7600.16385_none_5499606faffb3f9f\japanese cumshot xxx girls (Tatjana).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\kicking fucking masturbation (Karin).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_en-us_00f45b041e1e8fd3\chinese gay masturbation .avi.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_963e6ae24c653bfe\beastiality gay uncut ìï (Gina,Tatjana).rar.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_00225053e03f4c04\xxx girls .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_60a2cbbf935c42b4\norwegian trambling catfight .rar.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ad7c61fb28607522\malaysia lesbian [free] cock .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_60c2504d62fd4f0e\cumshot bukkake lesbian (Sylvia).zip.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe
"C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe"
C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe
"C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe"
C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe
"C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 240.1.68.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 167.43.7.115.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 218.193.99.189.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 115.126.106.62.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 126.178.18.65.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 60.51.234.219.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.51.71.109.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 45.168.2.114.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.171.142.99.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.249.94.254.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.101.223.43.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.53.243.72.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 221.86.158.234.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.205.6.78.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.71.113.125.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.192.165.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.107.30.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.70.197.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.182.208.193.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 221.142.96.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.236.102.24.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 167.206.39.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.69.138.24.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.180.55.193.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.250.203.153.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.39.63.180.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 126.84.229.147.in-addr.arpa | udp |
Files
memory/1972-0-0x0000000000400000-0x000000000041D000-memory.dmp
C:\Program Files\Windows Sidebar\Shared Gadgets\swedish action beast [milf] titts leather .mpg.exe
| MD5 | 2ca8f5ce48c2c1fda148afa3a7ffaf62 |
| SHA1 | d5abdedfb9b48f39344a9a9058e4dc9166f9a08b |
| SHA256 | 0ff8d83658770c85cb28925c04bbecc2a3f4b5bb2d9b8e3b530cf7cf297570dd |
| SHA512 | 6cc79dd9859478d71e546212cde99dbdea83c5e625f1d4d72763ad3490d68f7f361790a13745a821790b0032d0efbbc53ea63984469f793fcbd6fe487f6e3dc9 |
memory/1972-65-0x0000000004930000-0x000000000494D000-memory.dmp
memory/2612-66-0x0000000000400000-0x000000000041D000-memory.dmp
memory/2612-89-0x0000000004AB0000-0x0000000004ACD000-memory.dmp
memory/2508-90-0x0000000000400000-0x000000000041D000-memory.dmp
memory/1972-94-0x0000000000400000-0x000000000041D000-memory.dmp
memory/2612-103-0x0000000000400000-0x000000000041D000-memory.dmp
memory/2508-104-0x0000000000400000-0x000000000041D000-memory.dmp
memory/1972-105-0x0000000000400000-0x000000000041D000-memory.dmp
memory/1972-108-0x0000000004930000-0x000000000494D000-memory.dmp
memory/2612-109-0x0000000004AB0000-0x0000000004ACD000-memory.dmp
memory/1972-110-0x0000000000400000-0x000000000041D000-memory.dmp
memory/1972-113-0x0000000000400000-0x000000000041D000-memory.dmp
memory/1972-116-0x0000000000400000-0x000000000041D000-memory.dmp
memory/1972-121-0x0000000000400000-0x000000000041D000-memory.dmp
memory/1972-124-0x0000000000400000-0x000000000041D000-memory.dmp
memory/1972-127-0x0000000000400000-0x000000000041D000-memory.dmp
memory/1972-130-0x0000000000400000-0x000000000041D000-memory.dmp
memory/1972-133-0x0000000000400000-0x000000000041D000-memory.dmp
memory/1972-136-0x0000000000400000-0x000000000041D000-memory.dmp
memory/1972-139-0x0000000000400000-0x000000000041D000-memory.dmp
memory/1972-142-0x0000000000400000-0x000000000041D000-memory.dmp
memory/1972-145-0x0000000000400000-0x000000000041D000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-08 00:52
Reported
2024-04-08 00:55
Platform
win10v2004-20240226-en
Max time kernel
150s
Max time network
150s
Command Line
Signatures
Detects executables containing possible sandbox analysis VM usernames
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\FxsTmp\handjob hardcore hidden cock traffic (Sylvia).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Windows\System32\LogFiles\Fax\Incoming\sperm licking feet penetration (Melissa).rar.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\horse full movie feet 40+ .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\russian cum horse catfight balls .mpg.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\italian animal gay sleeping traffic (Anniston,Curtney).mpg.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\SHARED\tyrkish porn gay hot (!) traffic .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\black fetish trambling lesbian cock YEâPSè& .avi.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\horse hardcore lesbian cock granny .zip.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\trambling [bangbus] ejaculation .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\SHARED\japanese nude gay sleeping fishy .rar.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\swedish beastiality lesbian [bangbus] latex .rar.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\hardcore hot (!) hole (Anniston,Janette).zip.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\Common Files\microsoft shared\russian fetish bukkake full movie mature .avi.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\russian cumshot lesbian [bangbus] glans boots .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Microsoft Shared\american nude hardcore hot (!) feet bondage .zip.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\trambling public glans (Kathrin,Sarah).rar.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\japanese handjob gay [bangbus] titts (Sonja,Curtney).avi.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\xxx [milf] mature .avi.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\EU8B19.tmp\swedish animal gay [milf] .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\black kicking beast public titts .avi.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\swedish kicking lesbian catfight traffic .rar.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\danish kicking lesbian sleeping titts bedroom (Liz).avi.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\asian gay big latex .rar.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\Download\american porn bukkake public (Karin).zip.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Program Files\dotnet\shared\american action lesbian big sweet .zip.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\danish handjob horse several models feet swallow .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\russian beastiality lingerie hidden .rar.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Shared Gadgets\tyrkish animal trambling several models .rar.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Templates\lingerie sleeping (Sylvia).avi.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\trambling voyeur (Janette).rar.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Program Files\Microsoft Office\Updates\Download\italian cum horse masturbation hole .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_6242879b1c08046f\british beast girls wifey .avi.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.84_none_81616275259e37fe\german lesbian big young (Gina,Liz).avi.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_ca03036af4a5017e\animal xxx uncut upskirt .mpg.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_2426cc56d654beaa\canadian beast public cock (Sonja,Jade).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d38ece58f77171b4\gay full movie feet (Gina,Curtney).avi.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\blowjob masturbation glans high heels .avi.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Windows\InputMethod\SHARED\blowjob [milf] penetration .avi.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Windows\assembly\tmp\swedish gang bang bukkake big cock .zip.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.1266_none_7916f7558927ae23\malaysia gay masturbation cock redhair .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-t..ervices-tsfairshare_31bf3856ad364e35_10.0.19041.746_none_0b33a1c93a22de1c\chinese beast public titts ash .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_a4f93129c473df49\swedish beastiality blowjob licking titts (Ashley,Janette).rar.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.1_none_b6514808f7d87b1a\xxx hot (!) ejaculation .mpg.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.867_none_c29826784f9429f8\gay big glans sm .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.746_none_de598551b74a3964\american action fucking [bangbus] cock .avi.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..se-shared-datafiles_31bf3856ad364e35_10.0.19041.1_none_2f5f00d280dce9f6\brasilian porn lesbian voyeur .rar.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx-aspnet-nonwow64-shared_b03f5f7f11d50a3a_4.0.19041.1_none_d66d07dacac85e2d\gang bang lesbian full movie (Sarah).zip.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx-shared_registry_whidbey_31bf3856ad364e35_10.0.19041.1_none_1c68775f06732f08\italian fetish sperm lesbian pregnant .zip.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx4-_dataperfcou.._shared12_neutral_h_b03f5f7f11d50a3a_4.0.15805.0_none_24ed4511dcc3019e\american horse blowjob lesbian (Karin).rar.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_3a3c49005c947bac\fetish lingerie licking .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_833abdc06c68d338\danish cumshot xxx [milf] sm .avi.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_f07d4fae3e8e883f\nude gay [free] (Melissa).mpg.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_es-es_bf79b5fcc06b3128\canadian fucking sleeping hotel (Sonja,Tatjana).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_10.0.19041.1_none_a3d9a07cf2290837\italian action blowjob lesbian hole 50+ .mpg.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1288_none_56c05939711f0938\american action hardcore several models feet sweet .avi.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_it-it_bdb6c49fcea35732\fetish sperm hidden granny (Kathrin,Karin).mpg.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_bfae5918c0443f83\handjob trambling big glans traffic (Sarah).mpg.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1202_none_d8a1416ab7cccdcf\animal gay licking mature .zip.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_67a96afcfa248327\asian sperm masturbation feet 50+ (Samantha).rar.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..ces-ime-eashared-lm_31bf3856ad364e35_10.0.19041.1_none_4756d423b091d10b\horse lesbian .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_fe0807c37141be7a\beastiality xxx full movie cock upskirt .mpg.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\horse catfight glans beautyfull .avi.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_es-es_64c107d8bb3ade94\swedish nude trambling [milf] titts boots (Karin).mpg.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.1_none_6e0e425bd0e83959\beastiality lesbian [free] titts swallow (Janette).zip.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_d58d4747b1d5988c\swedish action gay catfight (Melissa).zip.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_10.0.19041.1_none_de1581e9a275faf8\porn blowjob hidden hole sm (Melissa).mpg.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Windows\WinSxS\msil_microsoft.powershel..filedownloadmanager_31bf3856ad364e35_10.0.19041.1_none_cb69bad627df9263\italian handjob blowjob several models cock (Christine,Samantha).rar.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.546_none_cd016aa683e5a345\chinese sperm full movie .zip.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.906_none_f962ab5f47e1e896\american cumshot lesbian lesbian 50+ .zip.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_9aa486d790131d4e\canadian bukkake lesbian sm .rar.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\Downloads\fucking masturbation glans YEâPSè& (Samantha).mpg.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_e79b400a6df5fd2c\horse hot (!) titts bondage .zip.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_3058d81cfd5218f2\lesbian [free] shower (Sonja,Sylvia).zip.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\sperm masturbation (Sarah).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.789_en-us_58ebf9ecc407e3c0\canadian blowjob licking titts redhair .mpg.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_ab42fb092bda9182\italian cum hardcore [bangbus] (Jade).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.1_none_f42978969c79336a\canadian blowjob voyeur balls .rar.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.1_none_c6da8048542fddc7\british sperm sleeping glans blondie .zip.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.84_none_c494b3b28da10665\kicking bukkake lesbian (Melissa).zip.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Windows\SystemResources\Windows.UI.ShellCommon\SharePickerUI\indian handjob lingerie masturbation .mpg.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..ces-ime-eashared-lm_31bf3856ad364e35_10.0.19041.1_none_3d0229d17c310f10\indian nude blowjob girls cock sm .rar.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_it-it_f1a0741e853eda74\brasilian nude fucking full movie (Jade).rar.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_es-es_30d7585a049f5b52\swedish action gay hot (!) hole .rar.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_es-es_c9ce604ef4cbf323\russian action fucking hidden titts (Kathrin,Curtney).zip.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Windows\WinSxS\x86_netfx4-uninstallsqlstatetemplate_sql_b03f5f7f11d50a3a_4.0.15805.0_none_231ddfc33015c6db\tyrkish cumshot lingerie several models cock .rar.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\action fucking big hole beautyfull .rar.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Windows\SoftwareDistribution\Download\asian lingerie big glans traffic .rar.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_4c786ae2f508e6d5\german hardcore hot (!) blondie .rar.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_it-it_4c5922428a6f2d08\horse horse hot (!) glans .mpg.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\indian animal lesbian voyeur hole (Anniston,Liz).mpg.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Windows\WinSxS\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_10.0.19041.1_none_4ab14109a3e1e067\porn lesbian catfight glans pregnant .mpg.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedpc-sharedpccsp_31bf3856ad364e35_10.0.19041.746_none_4cfe603abbcbfd86\german lesbian lesbian feet .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_it-it_72a319bf8ee74a9b\norwegian horse [milf] .avi.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-m..ineshared.resources_31bf3856ad364e35_10.0.19041.1_en-us_a4327320c19e2fa7\asian gay voyeur feet .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.867_en-us_49453482f1fb5356\german trambling several models hole hairy .mpg.exe | C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe
"C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe"
C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe
"C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe"
C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe
"C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe"
C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe
"C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 0.204.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 20.231.121.79:80 | tcp | |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 243.220.149.183.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.180.151.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.100.247.227.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 208.156.224.127.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.208.170.80.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.155.68.21.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.75.29.82.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.171.222.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.73.255.38.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.207.157.75.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.162.234.42.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.82.172.243.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 62.213.66.19.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.162.63.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.60.193.134.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 122.28.230.169.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 116.163.118.101.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.181.126.242.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.188.146.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 159.191.186.220.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.121.150.175.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 139.182.238.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.97.56.99.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.204.206.50.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.97.66.86.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 245.35.159.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.200.244.198.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 189.103.12.219.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.135.37.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.19.247.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.165.151.181.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.108.181.131.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.176.117.109.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.208.177.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.198.117.211.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.223.37.33.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.136.14.236.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.25.197.180.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 207.10.146.238.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 96.114.150.237.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.230.131.83.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.222.195.148.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.66.129.196.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.22.53.125.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.227.103.235.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 160.103.138.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 144.4.116.85.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.14.157.114.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.171.19.106.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 174.247.238.127.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.140.89.76.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 51.103.8.237.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.50.76.135.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 188.91.119.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.194.58.33.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.42.77.30.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.153.51.123.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.203.61.1.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 45.247.253.180.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 186.145.185.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.88.6.31.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.43.112.65.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 174.143.104.116.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 213.95.144.97.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 218.35.12.136.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 255.97.188.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.122.53.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.56.30.252.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.37.218.111.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 126.70.47.56.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.202.26.186.in-addr.arpa | udp |
Files
memory/3588-0-0x0000000000400000-0x000000000041D000-memory.dmp
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\danish handjob horse several models feet swallow .mpeg.exe
| MD5 | 717056f6a1933a057b98bd573aac78d1 |
| SHA1 | c28e3530d811c5dfb42fb339d4130e50d6ed7ba5 |
| SHA256 | ec141cf9f1aa9b764ca4bb4092f8edc7d5fd401f42c611fb3f35fe08205c8e08 |
| SHA512 | 5b6d9732a169962a3e741bec7e17972db342d0ee367327f8ae7487c217cf4e497a1243247c347d37cf4c3d71b272b753b763c1bad2241d536251a460e525d43d |
memory/2964-110-0x0000000000400000-0x000000000041D000-memory.dmp
memory/3732-165-0x0000000000400000-0x000000000041D000-memory.dmp
memory/3588-183-0x0000000000400000-0x000000000041D000-memory.dmp
memory/2964-184-0x0000000000400000-0x000000000041D000-memory.dmp
memory/5056-185-0x0000000000400000-0x000000000041D000-memory.dmp
memory/3732-186-0x0000000000400000-0x000000000041D000-memory.dmp
memory/3588-188-0x0000000000400000-0x000000000041D000-memory.dmp
memory/3588-190-0x0000000000400000-0x000000000041D000-memory.dmp
memory/3588-195-0x0000000000400000-0x000000000041D000-memory.dmp
memory/3588-205-0x0000000000400000-0x000000000041D000-memory.dmp
memory/3588-209-0x0000000000400000-0x000000000041D000-memory.dmp
memory/3588-214-0x0000000000400000-0x000000000041D000-memory.dmp
memory/3588-218-0x0000000000400000-0x000000000041D000-memory.dmp
memory/3588-222-0x0000000000400000-0x000000000041D000-memory.dmp
memory/3588-226-0x0000000000400000-0x000000000041D000-memory.dmp
memory/3588-230-0x0000000000400000-0x000000000041D000-memory.dmp
memory/3588-234-0x0000000000400000-0x000000000041D000-memory.dmp
memory/3588-238-0x0000000000400000-0x000000000041D000-memory.dmp
memory/3588-242-0x0000000000400000-0x000000000041D000-memory.dmp
memory/3588-246-0x0000000000400000-0x000000000041D000-memory.dmp