Analysis Overview
SHA256
bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae
Threat Level: Known bad
The file bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae was found to be: Known bad.
Malicious Activity Summary
UPX dump on OEP (original entry point)
Detects executables containing possible sandbox analysis VM usernames
UPX dump on OEP (original entry point)
Checks computer location settings
UPX packed file
Reads user/profile data of web browsers
Adds Run key to start application
Enumerates connected drives
Drops file in System32 directory
Drops file in Windows directory
Drops file in Program Files directory
Enumerates physical storage devices
Unsigned PE
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-08 00:57
Signatures
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-08 00:57
Reported
2024-04-08 00:59
Platform
win7-20231129-en
Max time kernel
150s
Max time network
150s
Command Line
Signatures
Detects executables containing possible sandbox analysis VM usernames
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\danish gang bang xxx public .zip.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\hardcore lesbian fishy .rar.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\indian kicking fucking masturbation YEâPSè& (Sonja,Melissa).mpg.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\shared\american cum bukkake [milf] .mpg.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\african sperm several models YEâPSè& .mpg.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Windows\System32\LogFiles\Fax\Incoming\blowjob lesbian swallow .avi.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\hardcore licking boots .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\shared\fucking girls titts .avi.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\trambling licking lady .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\canadian lesbian hot (!) (Curtney).rar.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\Windows Journal\Templates\italian nude hardcore [milf] feet lady .avi.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\microsoft shared\tyrkish beastiality trambling [free] glans pregnant (Karin).zip.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\russian nude lesbian [free] (Samantha).avi.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\danish nude hardcore [milf] latex .zip.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\black animal fucking sleeping feet .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\swedish cumshot hardcore catfight feet swallow (Liz).mpg.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\hardcore sleeping cock circumcision .zip.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\brasilian kicking gay uncut balls .rar.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\beast voyeur stockings .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Shared Gadgets\tyrkish porn fucking public .zip.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\lesbian lesbian blondie (Kathrin,Karin).avi.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\Download\japanese kicking lingerie voyeur .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\lesbian masturbation .mpg.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\sperm girls glans redhair .mpg.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Program Files\DVD Maker\Shared\indian gang bang horse big (Liz).zip.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\american fetish lesbian [milf] titts shoes .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_f27c4f066f5c6701\brasilian gang bang sperm hot (!) .rar.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_dba3691c6002e10e\german lesbian [free] titts .avi.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\bukkake big hole latex .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8c6fc5a7aa8c435d\african lesbian several models feet .rar.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_bacc7ceffc55dca2\tyrkish animal gay public cock (Jenna,Tatjana).zip.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_6208b91f46896156\handjob hardcore licking latex (Ashley,Jade).rar.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_05ea1d9b8e2bf020\malaysia gay [milf] (Karin).zip.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8bc7919d3f36cee7\canadian xxx full movie feet pregnant (Samantha).zip.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_60c2504d62fd4f0e\malaysia horse voyeur sm .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_6.1.7600.16385_none_2958d4a31d2ec64f\nude sperm hot (!) black hairunshaved .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\gay catfight .zip.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\lesbian uncut hole ejaculation .mpg.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_5e4ff1f4cf2dee9b\indian gang bang lesbian [bangbus] glans 40+ (Tatjana).rar.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5d6ada54ed6d35a2\spanish bukkake lesbian cock sm .zip.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_00225053e03f4c04\handjob beast big glans sm .avi.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_f0ca3430257ea13f\blowjob uncut glans boots .zip.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_6.1.7600.16385_none_a727eb798dcfb185\canadian sperm [milf] ìï .avi.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Windows\winsxs\Temp\swedish gang bang bukkake licking hole .mpg.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_3d98a610fed70b75\blowjob masturbation ejaculation .zip.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_3863e9ef3f804dd9\french bukkake girls feet boots (Samantha).rar.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\lesbian girls .rar.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Windows\Downloaded Program Files\hardcore [milf] (Sylvia).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ea4a469ab7713182\cum lingerie hot (!) hole mistress .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0ac4ebfc358e5ec0\african hardcore voyeur mistress .zip.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_39c9d74ef2ad6c7b\malaysia gay [milf] .avi.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_293ea1e3e6bc5364\african gay full movie .rar.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_d81c96999f75bd77\swedish gang bang trambling public bondage .rar.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_94828572f7ddbf0f\malaysia lingerie hot (!) feet .rar.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_6.1.7600.16385_none_af6f98ff87b0e3cc\danish kicking lingerie girls .mpg.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\indian kicking trambling lesbian (Samantha).avi.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Windows\assembly\temp\blowjob big titts fishy (Tatjana).rar.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Windows\PLA\Templates\american kicking hardcore [free] hole .avi.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\lesbian hot (!) titts mistress .zip.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_3c93ac15fd731acf\russian animal fucking voyeur ìï (Britney,Tatjana).avi.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a3772de7111797da\horse public ash .rar.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_965db382b6fef5cb\animal beast licking blondie .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\hardcore hidden cock swallow .mpg.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\bukkake masturbation feet wifey (Melissa).rar.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_94ab98ac6d213009\indian gang bang bukkake big traffic .zip.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0af98f1835676d1b\kicking xxx catfight ejaculation (Britney,Liz).zip.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_en-us_00f45b041e1e8fd3\russian animal fucking catfight (Curtney).rar.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_16a2bb1dbab1c595\norwegian xxx full movie glans traffic .avi.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-m..-temptable-provider_31bf3856ad364e35_6.1.7600.16385_none_1dd3ce8d1e7524cd\spanish lingerie [milf] (Liz).zip.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_aedaf3947d09fbe5\asian sperm uncut titts hotel (Janette).mpg.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_3b85bcbe4734e96a\fetish lesbian big (Tatjana).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_7bfdfb15e7184c41\asian trambling uncut hole lady .avi.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\hardcore several models cock swallow .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_99b74194b7347cab\canadian blowjob [bangbus] feet balls .zip.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05\horse fucking sleeping feet .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_bcc167434bb9b3ea\beast licking traffic .zip.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_97a45841ff925aa0\british hardcore sleeping feet penetration .mpg.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b4aea777fe683838\horse hardcore hidden glans .zip.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_it-it_18a6fde3093acac7\indian fetish lesbian several models hole .rar.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_1412267f4b3bb985\german blowjob big (Melissa).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_095efe9c8261401e\swedish beastiality horse [free] .rar.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\japanese action trambling licking black hairunshaved .avi.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_6.1.7600.16385_none_6377027f0030a06a\chinese gay several models .avi.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ad7c61fb28607522\sperm masturbation black hairunshaved (Anniston,Tatjana).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_9498b282333b64ec\animal fucking hidden gorgeoushorny .mpg.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\american action lingerie [free] circumcision .avi.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f25d066604c2ad34\british bukkake public glans ejaculation .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8bfc34b93f0fdd42\norwegian beast several models cock shoes .avi.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_60a2cbbf935c42b4\norwegian blowjob licking young .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe
"C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe"
C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe
"C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe"
C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe
"C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 173.147.70.1.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 174.102.78.75.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 219.120.134.248.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.136.64.63.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 190.167.224.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 207.67.172.61.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 147.248.189.55.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.117.209.77.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.240.70.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.17.57.201.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.84.152.227.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 255.152.166.139.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.94.7.109.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.23.87.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.199.50.80.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 218.235.85.248.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.127.84.220.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 184.10.44.187.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.213.136.127.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.243.55.102.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.27.35.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 94.235.234.193.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 102.87.93.113.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.236.75.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.225.14.233.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 109.214.105.49.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.5.241.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 189.164.194.32.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.52.82.160.in-addr.arpa | udp |
Files
memory/2232-0-0x0000000000400000-0x000000000041E000-memory.dmp
C:\Program Files\Windows Sidebar\Shared Gadgets\tyrkish porn fucking public .zip.exe
| MD5 | bf01463b918ed8ad00ad1c653e265880 |
| SHA1 | 5d3812b37271425005b6d20b4fe64119c4ea1257 |
| SHA256 | b9826ae9f77fcfbbd638b989f233458db6cd0cdf1307b42f0e7a235832546133 |
| SHA512 | 501d64df771e14d5f0738ec4888fb739d9da8bfb1a98fa29901b62a2421c9347018af371f4f481c18a53719032b96b8357ceb8461e1c535ade3ae465109fde5c |
memory/2232-70-0x0000000000860000-0x000000000087E000-memory.dmp
memory/2812-72-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2812-88-0x0000000004CD0000-0x0000000004CEE000-memory.dmp
memory/2924-89-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2232-93-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2812-102-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2924-103-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2232-104-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2232-107-0x0000000000860000-0x000000000087E000-memory.dmp
memory/2232-108-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2232-111-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2232-114-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2232-119-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2232-122-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2232-125-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2232-128-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2232-131-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2232-134-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2232-137-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2232-140-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2232-143-0x0000000000400000-0x000000000041E000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-08 00:57
Reported
2024-04-08 00:59
Platform
win10v2004-20240226-en
Max time kernel
150s
Max time network
147s
Command Line
Signatures
Detects executables containing possible sandbox analysis VM usernames
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\System32\DriverStore\Temp\american cumshot beast masturbation mistress .avi.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\SHARED\cumshot [bangbus] cock swallow .avi.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\fucking full movie vagina hairy (Melissa).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\black action gay hot (!) girly .mpg.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\SHARED\handjob sperm public hole (Sandy).avi.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\gang bang full movie nipples bondage .zip.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\bukkake [bangbus] hole (Jenna).zip.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\british gang bang licking nipples .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\canadian fetish lingerie [bangbus] girly .avi.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Windows\System32\LogFiles\Fax\Incoming\handjob several models .mpg.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\hardcore masturbation feet (Anniston,Britney).mpg.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\german fucking [free] .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\Microsoft Office\root\Templates\blowjob hardcore voyeur stockings .rar.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\bukkake [bangbus] \Û .mpg.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Program Files\Microsoft Office\Updates\Download\handjob [milf] nipples .rar.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\gay [free] .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Program Files\dotnet\shared\asian lingerie hot (!) cock mistress .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\nude handjob [milf] high heels .mpg.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\nude kicking [milf] .rar.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\horse animal [bangbus] (Sonja,Jenna).mpg.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Microsoft Shared\swedish fetish horse hidden granny .rar.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\malaysia hardcore licking hotel (Kathrin,Melissa).mpg.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\norwegian bukkake porn [bangbus] cock .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\spanish gang bang uncut high heels (Tatjana).mpg.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\Download\british blowjob voyeur cock (Ashley,Melissa).avi.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\lingerie big (Samantha).zip.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Shared Gadgets\lingerie [free] young .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\russian lesbian cum full movie hotel .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\xxx lingerie sleeping penetration (Jenna,Britney).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\indian cumshot masturbation mature .rar.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_it-it_72a319bf8ee74a9b\fetish beast full movie upskirt .mpg.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.546_none_cd016aa683e5a345\horse full movie .rar.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\Downloads\horse full movie .mpg.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_10.0.19041.1_none_a3d9a07cf2290837\japanese blowjob [bangbus] pregnant .mpg.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-t..ervices-tsfairshare_31bf3856ad364e35_10.0.19041.746_none_0b33a1c93a22de1c\swedish cumshot porn sleeping titts (Karin).zip.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-sx-shared_31bf3856ad364e35_10.0.19041.1_none_f8e978b0ed48a6bb\bukkake blowjob several models bondage .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1288_none_6115038ba57fcb33\american nude handjob [bangbus] pregnant .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1_none_a23e6a858fad9595\sperm animal sleeping fishy .rar.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Windows\security\templates\malaysia fucking licking .mpg.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.1_none_fa09f84703cb02c5\brasilian nude cum voyeur balls .zip.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_9aa486d790131d4e\japanese beast [milf] (Anniston,Sonja).rar.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.746_none_aaeae146be52e178\swedish horse voyeur ejaculation .avi.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.84_none_c494b3b28da10665\italian bukkake [bangbus] feet (Sylvia).zip.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-u..ell-sharedutilities_31bf3856ad364e35_10.0.19041.546_none_a93e4a2569276206\american bukkake hardcore several models nipples mistress (Jenna,Sonja).avi.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.906_none_f962ab5f47e1e896\chinese porn animal girls (Jade,Britney).rar.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.867_none_c29826784f9429f8\xxx [free] bondage .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx4-_dataperfcou.._shared12_neutral_h_b03f5f7f11d50a3a_4.0.15805.0_none_24ed4511dcc3019e\japanese sperm fetish licking .mpg.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_10.0.19041.1_none_551afa5edf8be30e\japanese cumshot trambling [milf] YEâPSè& (Jade).zip.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\asian porn lesbian girls sm (Janette).avi.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_it-it_1a80ce63d483fe70\norwegian xxx [milf] ash mistress .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\templates\handjob hot (!) .zip.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c3d467c525734eb3\norwegian fucking licking feet .zip.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-s..-kf-commondownloads_31bf3856ad364e35_10.0.19041.1_none_a914e3e3f19ceda1\swedish lesbian hidden titts black hairunshaved (Melissa).rar.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5021dd18efc0460c\fetish lesbian balls .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_en-us_e5f85095c4bc5d16\canadian horse [bangbus] glans penetration .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_de-de_e4e52f411b7b0526\lesbian masturbation hotel .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\blowjob licking ash (Janette,Kathrin).mpg.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_it-it_f1a0741e853eda74\black xxx animal hot (!) nipples .rar.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-t..ervices-tsfairshare_31bf3856ad364e35_10.0.19041.1_none_e32b64807ab11fd2\xxx lesbian [bangbus] nipples .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Windows\SoftwareDistribution\Download\spanish gay beast masturbation .mpg.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1288_none_ca3007304990b2ea\swedish fetish uncut .mpg.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_e79b400a6df5fd2c\beast cum [milf] titts .mpg.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Windows\WinSxS\msil_microsoft.powershel..filedownloadmanager_31bf3856ad364e35_10.0.19041.1_none_cb69bad627df9263\fetish handjob big redhair .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\templates\lingerie [free] shower .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.1_none_0bc0f3d4cd7dc8fd\action big Ôï (Gina).mpg.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_10.0.19041.1_none_de1581e9a275faf8\bukkake horse big mistress .rar.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_5abbd3c4a3f2014c\norwegian nude trambling hot (!) boots .mpg.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-security-ntlmshared_31bf3856ad364e35_10.0.19041.1_none_734900fc110387b6\handjob [free] .rar.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_3058d81cfd5218f2\german blowjob licking granny .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_ab42fb092bda9182\black cum nude voyeur .avi.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_10.0.19041.1_none_8c0b126c198fcf70\indian action [milf] (Kathrin).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedpc-sharedpccsp_31bf3856ad364e35_10.0.19041.746_none_4cfe603abbcbfd86\japanese beast [free] .rar.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedrealitysvc_31bf3856ad364e35_10.0.19041.746_none_822bf1ada1526fa8\black trambling bukkake voyeur shower .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_f3b35d713ce0fc7f\african trambling sperm catfight YEâPSè& (Kathrin,Sonja).mpg.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..se-shared-datafiles_31bf3856ad364e35_10.0.19041.1_none_2f5f00d280dce9f6\italian handjob hidden femdom .zip.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_10.0.19041.1_none_03040a328f65b761\chinese fetish animal uncut boots .avi.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-security-ntlmshared_31bf3856ad364e35_10.0.19041.1_none_7d9dab4e456449b1\fucking several models glans .zip.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx-aspnet-nonwow64-shared_b03f5f7f11d50a3a_4.0.19041.1_none_d66d07dacac85e2d\japanese fucking girls redhair .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_3a3c49005c947bac\beastiality lingerie masturbation (Sarah,Sylvia).avi.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_10.0.19041.1_none_c513167c1d0a90dd\xxx horse public .avi.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Windows\Downloaded Program Files\american horse trambling sleeping cock mature .zip.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.844_none_67b5915b5651dd8a\lingerie gay [free] 50+ .zip.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.1_none_a7ad1894592cfa12\malaysia xxx fetish licking .zip.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.746_none_d404daff82e97769\italian horse gang bang [bangbus] cock latex .rar.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-u..ell-sharedutilities_31bf3856ad364e35_10.0.19041.1_none_813610a8a9b59e0a\black cumshot lesbian sleeping glans granny .rar.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Windows\mssrv.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..ces-ime-eashared-lm_31bf3856ad364e35_10.0.19041.1_none_3d0229d17c310f10\spanish kicking [free] ash mistress .zip.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_es-es_8da1621e0a800290\swedish lingerie blowjob [milf] balls .mpg.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-m..ineshared.resources_31bf3856ad364e35_10.0.19041.1_en-us_a4327320c19e2fa7\lesbian nude lesbian vagina (Britney,Samantha).rar.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_5b152a8d329397ec\black lingerie cumshot girls (Ashley,Sonja).avi.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_it-it_bdb6c49fcea35732\tyrkish cumshot handjob hot (!) hole YEâPSè& .rar.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_es-es_64c107d8bb3ade94\fucking masturbation .zip.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_10.0.19041.1_none_ee94ce5eb8e7e4c0\beast fucking masturbation .zip.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_10.0.19041.1_none_01240756137c3159\asian cumshot several models castration .zip.exe | C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe
"C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe"
C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe
"C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe"
C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe
"C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 20.231.121.79:80 | tcp | |
| US | 8.8.8.8:53 | 73.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.89.164.98.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.118.77.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 51.234.158.244.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.64.135.158.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 115.174.27.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 236.74.21.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.60.92.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 128.114.29.228.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 214.161.89.233.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 93.79.25.249.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.114.43.234.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 118.152.201.132.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.123.65.225.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.95.196.79.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 62.103.150.221.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 182.182.23.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.127.185.39.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 62.53.137.130.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.172.15.27.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.12.42.81.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.27.220.115.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.131.101.70.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.3.67.202.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.174.200.125.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.221.223.148.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 112.84.247.6.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.198.223.222.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 7.151.174.32.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.44.201.220.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 112.5.123.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.110.34.17.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 142.234.60.153.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 122.155.67.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.32.240.169.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 167.147.239.237.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 126.166.109.219.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.81.211.77.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 181.197.46.236.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 111.12.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.46.210.240.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.174.226.29.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 220.1.203.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.8.131.191.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 142.40.252.48.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.247.26.26.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.197.180.227.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.169.79.169.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 85.105.74.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.36.113.181.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 208.99.235.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 120.121.152.180.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 235.196.226.94.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.155.98.99.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 54.33.98.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.8.188.234.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 244.225.89.170.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 244.133.62.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 148.23.115.131.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 242.86.160.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 45.157.168.24.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.223.113.32.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.218.182.127.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 199.124.217.12.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.215.44.38.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.113.177.176.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.152.142.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.49.145.160.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.72.55.123.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.81.101.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 243.129.10.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.216.92.134.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.56.99.223.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 159.101.197.149.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.64.176.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.31.125.79.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.193.132.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.212.76.132.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.220.108.118.in-addr.arpa | udp |
Files
memory/3576-0-0x0000000000400000-0x000000000041E000-memory.dmp
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\nude handjob [milf] high heels .mpg.exe
| MD5 | 2aa2b374871931b03a16552679f4eb1d |
| SHA1 | 90006c41cab6fe64db6717b40bf843c7e272e46b |
| SHA256 | e419bf3382823c1f879bae5ac0160a454a3c0cea82d1fa5434ca15c49f0b841e |
| SHA512 | 9c1b3af180a10062a3925aa38d1a58859bf342198b2861b7fa47f1c9b0a6340cc4a68d18d07c0ab933cd72e71921d3c973d0d4f3691f1c3837b3e2f9c1f712a2 |
memory/3576-183-0x0000000000400000-0x000000000041E000-memory.dmp
memory/3484-184-0x0000000000400000-0x000000000041E000-memory.dmp
memory/3832-185-0x0000000000400000-0x000000000041E000-memory.dmp
memory/3576-186-0x0000000000400000-0x000000000041E000-memory.dmp
memory/3576-191-0x0000000000400000-0x000000000041E000-memory.dmp
memory/3576-200-0x0000000000400000-0x000000000041E000-memory.dmp
memory/3576-203-0x0000000000400000-0x000000000041E000-memory.dmp
memory/3576-207-0x0000000000400000-0x000000000041E000-memory.dmp
memory/3576-210-0x0000000000400000-0x000000000041E000-memory.dmp
memory/3576-213-0x0000000000400000-0x000000000041E000-memory.dmp
memory/3576-216-0x0000000000400000-0x000000000041E000-memory.dmp
memory/3576-219-0x0000000000400000-0x000000000041E000-memory.dmp
memory/3576-222-0x0000000000400000-0x000000000041E000-memory.dmp
memory/3576-225-0x0000000000400000-0x000000000041E000-memory.dmp
memory/3576-228-0x0000000000400000-0x000000000041E000-memory.dmp
memory/3576-231-0x0000000000400000-0x000000000041E000-memory.dmp