Analysis Overview
SHA256
bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b
Threat Level: Known bad
The file bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b was found to be: Known bad.
Malicious Activity Summary
UPX dump on OEP (original entry point)
Detects executables containing possible sandbox analysis VM usernames
UPX dump on OEP (original entry point)
Reads user/profile data of web browsers
UPX packed file
Checks computer location settings
Enumerates connected drives
Adds Run key to start application
Drops file in System32 directory
Drops file in Windows directory
Drops file in Program Files directory
Unsigned PE
Enumerates physical storage devices
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-08 00:53
Signatures
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-08 00:53
Reported
2024-04-08 00:56
Platform
win7-20240221-en
Max time kernel
150s
Max time network
154s
Command Line
Signatures
Detects executables containing possible sandbox analysis VM usernames
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\indian kicking xxx hot (!) beautyfull (Kathrin,Sarah).avi.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\black cumshot sperm catfight 50+ .avi.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\swedish fetish lingerie sleeping cock .mpg.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\shared\swedish porn lesbian [milf] .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\black gang bang lingerie big glans .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\danish action gay several models titts lady .avi.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\xxx hot (!) (Jade).zip.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Windows\System32\LogFiles\Fax\Incoming\indian horse lingerie several models titts (Britney,Melissa).rar.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\italian animal sperm big (Curtney).zip.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\shared\danish animal lesbian public titts young (Samantha).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\DVD Maker\Shared\italian kicking gay licking feet sweet .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\Download\american gang bang beast uncut titts lady (Tatjana).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\indian nude lingerie full movie beautyfull (Christine,Janette).zip.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\xxx public .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Shared Gadgets\fucking [free] (Karin).avi.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\xxx masturbation titts .rar.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\gay [bangbus] cock traffic .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\danish kicking xxx full movie feet .rar.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\black horse lesbian [milf] Χ .mpg.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\xxx catfight .avi.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\japanese cumshot fucking public 50+ .zip.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\italian action sperm hidden 40+ .zip.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Program Files\Windows Journal\Templates\japanese kicking lesbian hidden blondie .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\microsoft shared\xxx voyeur fishy .avi.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\blowjob [free] lady .avi.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_3863e9ef3f804dd9\fucking hidden stockings .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\black porn hardcore public .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\hardcore hidden titts latex .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\lesbian [free] .avi.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_99b74194b7347cab\african trambling full movie .zip.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_de-de_5803850b2f40840e\tyrkish kicking xxx several models leather .rar.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_39374e2435a71b47\kicking lingerie hidden (Liz).mpg.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\lingerie lesbian glans bondage (Sarah).mpg.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0af98f1835676d1b\russian handjob lingerie catfight balls .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Windows\winsxs\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_79642285ffd2a388\hardcore lesbian .rar.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_515dc677700303ec\chinese blowjob masturbation YEâPSè& (Kathrin,Jade).zip.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_b7f38afb92de484f\african sperm lesbian cock leather .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_657d9a203abeb154\tyrkish gang bang xxx several models hole .avi.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_6.1.7600.16385_none_af6f98ff87b0e3cc\blowjob girls cock .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_7bfdfb15e7184c41\italian action lesbian masturbation glans .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\japanese cumshot lingerie masturbation cock .avi.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_f0ca3430257ea13f\tyrkish kicking xxx [free] gorgeoushorny .zip.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\blowjob [bangbus] 50+ .rar.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ea4a469ab7713182\gay uncut YEâPSè& .rar.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_dba3691c6002e10e\handjob gay [bangbus] .rar.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_aedaf3947d09fbe5\tyrkish porn bukkake catfight titts .zip.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_6.1.7600.16385_none_2958d4a31d2ec64f\black nude blowjob public .rar.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\Downloads\blowjob big titts shower (Tatjana).avi.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_387a16fe7addf3b6\norwegian blowjob big granny .zip.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\fucking hidden .avi.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f25d066604c2ad34\german sperm girls boots .avi.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_6f0f7833cb71e18d\fetish beast licking hole boots (Karin).zip.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e30b5ec05031d17d\action gay big (Janette).rar.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05\porn xxx public black hairunshaved (Gina,Melissa).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_6.1.7600.16385_none_6377027f0030a06a\swedish handjob fucking masturbation .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_3b85bcbe4734e96a\norwegian xxx sleeping (Janette).mpg.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Windows\mssrv.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8bfc34b93f0fdd42\kicking hardcore masturbation wifey .zip.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_94ab98ac6d213009\sperm masturbation lady (Christine,Janette).zip.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Windows\assembly\temp\swedish kicking beast [bangbus] hole fishy .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Windows\assembly\tmp\brasilian cum horse public .mpg.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_095efe9c8261401e\horse horse masturbation bondage .avi.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_f3c374fc18118ca2\danish nude hardcore voyeur cock .rar.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_664dbffec8693dfe\black handjob blowjob sleeping cock wifey .rar.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\danish porn blowjob hot (!) titts .zip.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_293ea1e3e6bc5364\handjob gay full movie glans leather .zip.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_00225053e03f4c04\black cum lingerie several models titts .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ad7c61fb28607522\danish fetish beast licking feet swallow (Karin).mpg.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_3d98a610fed70b75\asian gay full movie 50+ .mpg.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_05ea1d9b8e2bf020\african trambling lesbian beautyfull .avi.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\Downloads\indian handjob gay [free] 50+ (Jenna,Melissa).avi.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\danish cumshot lingerie big hole circumcision .avi.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0ac4ebfc358e5ec0\beast catfight hotel .mpg.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_963e6ae24c653bfe\african lingerie voyeur titts .mpg.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_9498b282333b64ec\kicking xxx [bangbus] glans .avi.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_c26c5b8280c6af34\hardcore girls (Sarah).avi.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\italian cum fucking girls hole .mpg.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\blowjob [milf] hairy .rar.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8d9f242de8497d58\porn blowjob masturbation latex .zip.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_bacc7ceffc55dca2\nude sperm lesbian .zip.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_6.1.7600.16385_none_5499606faffb3f9f\british lesbian [bangbus] feet castration .avi.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_1412267f4b3bb985\american animal blowjob voyeur .rar.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\horse lesbian titts (Jenna,Curtney).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\black handjob beast [free] titts blondie (Sylvia).avi.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_6.1.7600.16385_none_49dd84a06c7c8863\norwegian horse [free] .rar.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_94828572f7ddbf0f\lingerie [milf] hole bondage .avi.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8c6fc5a7aa8c435d\swedish fetish gay public .mpg.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_it-it_18a6fde3093acac7\gang bang xxx [free] (Samantha).zip.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_97a45841ff925aa0\beastiality hardcore hot (!) hotel (Gina,Melissa).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe
"C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe"
C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe
"C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe"
C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe
"C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe"
C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe
"C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 243.1.68.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 255.14.97.211.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.214.75.62.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.7.165.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.218.123.246.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 231.59.59.131.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.122.178.126.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.71.60.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.246.93.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.120.222.76.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 141.246.245.253.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 118.78.46.171.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.6.14.169.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.52.58.129.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.128.108.239.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.121.158.203.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 223.118.211.1.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.195.168.12.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 215.14.179.136.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 243.22.77.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.84.156.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.175.36.89.in-addr.arpa | udp |
Files
memory/612-0-0x0000000000400000-0x000000000041E000-memory.dmp
C:\Program Files\Windows Sidebar\Shared Gadgets\fucking [free] (Karin).avi.exe
| MD5 | 955ab938b74ae0154f197379a11fd0aa |
| SHA1 | 023e5d903f87c65573769fd7bee8aa839da28385 |
| SHA256 | b84266985cbf035792fa51cb9942e0ef895d47d1ec51156e32941d37a303e444 |
| SHA512 | f1e648362ffa79f2896304737550ef54a2f78604fdac6f1024f530bb13e7e89b05e017791394a434f7db41ed19111ef5353c1985b0c79792696c78ad666434a7 |
memory/2460-14-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2556-54-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2404-55-0x0000000000400000-0x000000000041E000-memory.dmp
memory/612-89-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2460-90-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2556-91-0x0000000000400000-0x000000000041E000-memory.dmp
memory/612-93-0x0000000000400000-0x000000000041E000-memory.dmp
memory/612-94-0x0000000000400000-0x000000000041E000-memory.dmp
memory/612-99-0x0000000000400000-0x000000000041E000-memory.dmp
memory/612-113-0x0000000000400000-0x000000000041E000-memory.dmp
memory/612-117-0x0000000000400000-0x000000000041E000-memory.dmp
memory/612-121-0x0000000000400000-0x000000000041E000-memory.dmp
memory/612-125-0x0000000000400000-0x000000000041E000-memory.dmp
memory/612-129-0x0000000000400000-0x000000000041E000-memory.dmp
memory/612-135-0x0000000000400000-0x000000000041E000-memory.dmp
memory/612-139-0x0000000000400000-0x000000000041E000-memory.dmp
memory/612-143-0x0000000000400000-0x000000000041E000-memory.dmp
memory/612-147-0x0000000000400000-0x000000000041E000-memory.dmp
memory/612-151-0x0000000000400000-0x000000000041E000-memory.dmp
memory/612-155-0x0000000000400000-0x000000000041E000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-08 00:53
Reported
2024-04-08 00:56
Platform
win10v2004-20240226-en
Max time kernel
150s
Max time network
155s
Command Line
Signatures
Detects executables containing possible sandbox analysis VM usernames
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\IME\SHARED\lesbian uncut mature (Ashley,Sylvia).avi.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\lingerie sleeping cock 40+ .zip.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\lesbian girls .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\lesbian hidden wifey .mpg.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\danish beastiality beast public feet traffic .rar.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\bukkake licking latex .zip.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\swedish action lesbian licking .zip.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\american action lesbian uncut (Tatjana).rar.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\sperm catfight penetration (Christine,Curtney).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\SHARED\beast public titts hotel (Tatjana).rar.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Windows\System32\LogFiles\Fax\Incoming\japanese cumshot sperm hidden feet .avi.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\trambling uncut boots .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\brasilian kicking lingerie [bangbus] beautyfull .avi.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\italian fetish lesbian big feet hairy (Curtney).mpg.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\gay hidden granny (Christine,Curtney).avi.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\brasilian porn beast [milf] traffic .mpg.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\sperm hot (!) titts bondage (Curtney).zip.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\asian blowjob [free] hole gorgeoushorny .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\fucking voyeur .avi.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Program Files\dotnet\shared\swedish cum blowjob hot (!) .zip.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Templates\sperm voyeur bedroom .rar.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\swedish cumshot bukkake girls cock mistress .zip.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\gay sleeping girly (Sandy,Melissa).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\indian cumshot horse several models YEâPSè& .zip.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Microsoft Shared\lesbian hot (!) pregnant .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\Download\black fetish horse voyeur 50+ (Sandy,Janette).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\american nude sperm [milf] 50+ .rar.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\tyrkish cum lingerie hot (!) .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Program Files\Microsoft Office\Updates\Download\beast full movie mistress .mpg.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Shared Gadgets\italian horse trambling masturbation blondie .rar.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Install\{1FAC69E2-6A78-4418-8957-20DE7094BB95}\EDGEMITMP_86547.tmp\swedish porn gay [bangbus] titts shower .mpg.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\ServiceProfiles\NetworkService\Downloads\gay voyeur hole YEâPSè& .rar.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx-shared_registry_whidbey_31bf3856ad364e35_10.0.19041.1_none_1c68775f06732f08\german xxx uncut .mpg.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.546_none_cd016aa683e5a345\british lingerie [free] (Melissa).zip.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\Downloads\brasilian horse lingerie masturbation .zip.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\templates\brasilian cum gay uncut .mpg.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_10.0.19041.1_none_8c0b126c198fcf70\tyrkish nude blowjob full movie ejaculation .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_6242879b1c08046f\swedish action lingerie masturbation pregnant .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1202_none_e2f5ebbcec2d8fca\african xxx several models hole sm .avi.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\italian cum bukkake uncut titts (Sonja,Samantha).mpg.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\indian porn lingerie catfight balls .avi.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Windows\CbsTemp\swedish horse lesbian licking 50+ .mpg.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1288_none_ca3007304990b2ea\lesbian full movie .zip.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Windows\SystemResources\Windows.ShellCommon.SharedResources\hardcore [free] (Janette).mpg.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..se-shared-datafiles_31bf3856ad364e35_10.0.19041.1_none_2f5f00d280dce9f6\russian gang bang lesbian masturbation granny .zip.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx4-installsqlstatetemplate_sql_b03f5f7f11d50a3a_4.0.15805.0_none_7636d1cd418015c8\horse horse full movie latex (Ashley,Curtney).avi.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.906_none_f962ab5f47e1e896\action trambling public .avi.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\american horse lesbian hidden .mpg.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_887b2378b7b5651d\british trambling [bangbus] cock .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_a4f93129c473df49\trambling voyeur glans hotel (Samantha).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\american fetish fucking hot (!) blondie .rar.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Windows\SoftwareDistribution\Download\SharedFileCache\russian kicking trambling hot (!) cock .mpg.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_215194e2327a46ac\chinese lingerie girls hole lady .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_de-de_3d077a9cd5de5151\german beast [milf] .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_10.0.19041.1_none_096bb4dc0d5d63a0\horse [milf] glans .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-t..ervices-tsfairshare_31bf3856ad364e35_10.0.19041.1_none_e32b64807ab11fd2\beastiality gay hidden hairy .mpg.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Windows\WinSxS\Temp\malaysia sperm hot (!) glans (Anniston,Samantha).rar.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.572_none_d9e58b774d1b6e80\xxx several models hole hotel (Karin).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Windows\InputMethod\SHARED\blowjob hidden Ôï .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_5abbd3c4a3f2014c\animal sperm voyeur (Samantha).mpg.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.84_none_c494b3b28da10665\british lingerie hidden circumcision (Sonja,Karin).rar.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx4-_dataperfcou.._shared12_neutral_h_b03f5f7f11d50a3a_4.0.15805.0_none_24ed4511dcc3019e\russian animal lesbian public cock hairy (Liz).rar.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_bca64d70c79f104b\french beast [milf] .avi.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.746_none_d01527cffa9c25bc\french trambling [bangbus] traffic (Britney,Melissa).zip.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_b1ffa0e7b4ed03e2\norwegian lesbian girls .rar.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Windows\WinSxS\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_10.0.19041.1_none_a723631dce180fe0\horse sperm hidden .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-composable-sharepicker_31bf3856ad364e35_10.0.19041.1_none_c87e96327faffd0e\cum bukkake public gorgeoushorny .zip.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-s..mon-sharedresources_31bf3856ad364e35_10.0.19041.1_none_5417ea1f38dbb76b\gay [milf] .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_en-us_310bfb76047869ad\canadian lesbian girls .zip.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_833abdc06c68d338\asian horse sleeping feet ash (Samantha).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.1_none_abfc9db6c377b91f\horse public glans black hairunshaved (Sylvia).mpg.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_10.0.19041.1_none_a3d9a07cf2290837\kicking gay masturbation titts leather .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_62312bfbb33d478a\action beast [bangbus] cock beautyfull .rar.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1_none_97e9c0335b4cd39a\danish action beast [free] glans .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-u..ell-sharedutilities_31bf3856ad364e35_10.0.19041.1_none_813610a8a9b59e0a\porn blowjob [bangbus] (Sarah).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Windows\assembly\temp\hardcore public (Karin).zip.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-t..ervices-tsfairshare_31bf3856ad364e35_10.0.19041.746_none_0b33a1c93a22de1c\american kicking gay [milf] cock fishy (Curtney).rar.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx-aspnet-sharedcomponents_b03f5f7f11d50a3a_4.0.19041.1_none_47ca94859da20b28\german sperm masturbation glans .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.1_none_d12f2a9a88909fc2\danish cum blowjob [bangbus] (Curtney).avi.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_7860bee9439c3ae7\blowjob voyeur feet castration .rar.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..ces-ime-eashared-lm_31bf3856ad364e35_10.0.19041.1_none_3d0229d17c310f10\russian animal gay public hole upskirt .rar.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.906_none_ef0e010d1381269b\kicking sperm masturbation YEâPSè& .zip.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_it-it_72a319bf8ee74a9b\bukkake licking swallow .rar.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_de-de_bc04d4fbcc35e12a\japanese action xxx public glans ejaculation .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_10.0.19041.1_none_0341fea186758116\malaysia trambling [bangbus] glans swallow .avi.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_de-de_21122d7205c6f5b9\german horse uncut bondage (Gina,Tatjana).zip.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_2610450c30b37cc4\sperm public (Janette).zip.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\blowjob licking shower .avi.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\beast girls castration .avi.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\indian handjob trambling uncut (Tatjana).zip.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\sperm sleeping titts .avi.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Windows\SystemResources\Windows.UI.ShellCommon\SharePickerUI\american action sperm hot (!) glans wifey .rar.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_10.0.19041.1_none_de1581e9a275faf8\blowjob licking glans bedroom .rar.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedrealitysvc_31bf3856ad364e35_10.0.19041.1_none_5a23b464e1e0b15e\brasilian kicking bukkake girls young .avi.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_de-de_16bd831fd16633be\malaysia blowjob full movie feet mature (Liz).zip.exe | C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe
"C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe"
C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe
"C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe"
C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe
"C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe"
C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe
"C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4264 --field-trial-handle=3488,i,1267426273081718772,6254127258555406296,262144 --variations-seed-version /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.197.17.2.in-addr.arpa | udp |
| NL | 52.142.223.178:80 | tcp | |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.132.111.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 167.124.57.33.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.114.164.60.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.246.145.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.87.238.55.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 165.7.182.148.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.136.82.85.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.114.240.159.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 168.101.229.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.60.153.246.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 165.4.8.203.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 85.221.102.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.28.85.106.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 222.44.127.146.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 63.92.178.139.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 174.78.133.97.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.27.110.237.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.137.216.215.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.48.136.6.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.25.117.236.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.195.100.255.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 208.150.6.231.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.175.154.159.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.39.10.180.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 51.201.120.118.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 253.113.235.19.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 236.39.169.122.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.31.192.80.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.132.156.110.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 166.166.47.19.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.233.186.70.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.220.123.206.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 102.64.10.117.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 127.187.58.168.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 151.132.82.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 165.82.237.143.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 111.211.164.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 243.33.179.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.1.116.55.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.74.131.75.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 96.195.253.79.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.26.210.26.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.76.144.237.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.234.16.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.8.225.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 189.177.31.186.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.255.174.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 255.74.253.118.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 188.73.105.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.35.80.195.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.176.48.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 184.254.182.22.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.80.176.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.94.216.1.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.135.78.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 107.155.210.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 190.110.28.19.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.43.140.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.96.232.204.in-addr.arpa | udp |
Files
memory/4620-0-0x0000000000400000-0x000000000041E000-memory.dmp
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\tyrkish cum lingerie hot (!) .mpeg.exe
| MD5 | 2a4d81881185996f0e8569be2f3d764d |
| SHA1 | 26259d7f7cf8f9ca511fcceaf72de35d307efd74 |
| SHA256 | c01f279fbd3557d39f70c91678401c4caa318bc592f2953d5dc30921a70dc18b |
| SHA512 | 993bc67846f1db5a8db9ecba123fa9e52eeec8e4137451d7405f4fc7ac5e20fad1fcb09b5e8c495146a3e26968bd1e76c4c53c9ff1be97c710b138687b03cafb |
memory/5040-10-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2220-27-0x0000000000400000-0x000000000041E000-memory.dmp
memory/4620-149-0x0000000000400000-0x000000000041E000-memory.dmp
memory/5040-169-0x0000000000400000-0x000000000041E000-memory.dmp
memory/712-176-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2220-177-0x0000000000400000-0x000000000041E000-memory.dmp
memory/4620-190-0x0000000000400000-0x000000000041E000-memory.dmp
memory/4620-191-0x0000000000400000-0x000000000041E000-memory.dmp
memory/4620-195-0x0000000000400000-0x000000000041E000-memory.dmp
memory/4620-199-0x0000000000400000-0x000000000041E000-memory.dmp
memory/4620-204-0x0000000000400000-0x000000000041E000-memory.dmp
memory/4620-208-0x0000000000400000-0x000000000041E000-memory.dmp
memory/4620-214-0x0000000000400000-0x000000000041E000-memory.dmp
memory/4620-224-0x0000000000400000-0x000000000041E000-memory.dmp
memory/4620-228-0x0000000000400000-0x000000000041E000-memory.dmp
memory/4620-232-0x0000000000400000-0x000000000041E000-memory.dmp
memory/4620-236-0x0000000000400000-0x000000000041E000-memory.dmp
memory/4620-241-0x0000000000400000-0x000000000041E000-memory.dmp
memory/4620-245-0x0000000000400000-0x000000000041E000-memory.dmp
memory/4620-249-0x0000000000400000-0x000000000041E000-memory.dmp