Analysis Overview
SHA256
bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91
Threat Level: Known bad
The file bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91 was found to be: Known bad.
Malicious Activity Summary
UPX dump on OEP (original entry point)
UPX dump on OEP (original entry point)
Reads user/profile data of web browsers
UPX packed file
Checks computer location settings
Enumerates connected drives
Adds Run key to start application
Drops file in System32 directory
Drops file in Windows directory
Drops file in Program Files directory
Unsigned PE
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-08 01:01
Signatures
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-08 01:01
Reported
2024-04-08 01:04
Platform
win7-20240221-en
Max time kernel
150s
Max time network
154s
Command Line
Signatures
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\System32\DriverStore\Temp\indian gang bang hardcore masturbation feet hotel (Jade).avi.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\canadian fucking public cock .mpg.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Windows\System32\LogFiles\Fax\Incoming\indian handjob beast licking hairy .zip.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\xxx public mistress .mpg.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\fucking [free] mature .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\japanese nude sperm voyeur feet .zip.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\shared\tyrkish beastiality lingerie catfight 50+ .mpg.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\gay catfight .mpg.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\danish animal sperm catfight ash .avi.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\shared\horse full movie (Melissa).zip.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Google\Temp\american action beast [free] girly .mpg.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\indian nude horse masturbation (Sarah).zip.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\lingerie several models feet ejaculation (Melissa).zip.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\blowjob catfight (Liz).avi.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\japanese gang bang beast several models hole castration (Jade).rar.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\sperm full movie (Sylvia).rar.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Program Files\Windows Journal\Templates\danish nude xxx catfight (Janette).rar.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Shared Gadgets\danish kicking fucking several models titts swallow (Karin).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\microsoft shared\bukkake [bangbus] titts gorgeoushorny .mpg.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Program Files\DVD Maker\Shared\bukkake girls granny .zip.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\tyrkish porn bukkake licking sm .rar.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\brasilian fetish trambling big feet .rar.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\Download\bukkake uncut latex .avi.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\japanese nude trambling hot (!) penetration .zip.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\hardcore [milf] feet .zip.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_3c93ac15fd731acf\lingerie [free] shower .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_aea650787d30ed8a\malaysia bukkake lesbian glans .zip.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Windows\assembly\temp\black kicking trambling masturbation .avi.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\Downloads\horse several models .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_94828572f7ddbf0f\malaysia bukkake lesbian bedroom .mpg.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_515dc677700303ec\sperm catfight cock .zip.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\hardcore uncut circumcision .mpg.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_en-us_00f45b041e1e8fd3\nude bukkake girls (Janette).rar.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e30b5ec05031d17d\indian handjob hardcore girls ejaculation (Christine,Melissa).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_f0ca3430257ea13f\xxx [free] 50+ .zip.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Windows\winsxs\Temp\beast full movie penetration (Sonja,Jade).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_94ab98ac6d213009\danish beastiality hardcore big titts penetration (Sarah).zip.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\japanese beastiality blowjob hot (!) circumcision .mpg.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\italian horse gay voyeur feet .zip.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\lesbian girls (Melissa).zip.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\swedish cumshot bukkake [bangbus] .mpg.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_34400a5790d1d336\horse several models hairy .zip.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Windows\winsxs\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_79642285ffd2a388\nude fucking full movie 50+ .zip.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_dd18b2a07d49aa11\kicking blowjob [free] .rar.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\bukkake full movie titts .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_00225053e03f4c04\indian kicking blowjob full movie hole .zip.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_es-es_00bfb7e81e458178\fetish fucking lesbian feet circumcision .rar.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_dba3691c6002e10e\spanish xxx hot (!) (Tatjana).avi.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Windows\winsxs\InstallTemp\chinese beast voyeur mistress .rar.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_387a16fe7addf3b6\nude hardcore catfight balls .rar.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\Downloads\xxx girls feet fishy .zip.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_65b23d3c3a97bfaf\asian hardcore big (Jade).rar.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f25d066604c2ad34\malaysia blowjob voyeur feet bondage .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\lingerie sleeping .rar.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5d9f7d70ed4643fd\african lingerie uncut .avi.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2fc4a33adb648f33\asian beast [free] (Melissa).rar.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_3b85bcbe4734e96a\american action bukkake big cock .mpg.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\tyrkish kicking fucking hidden hole (Sonja,Samantha).zip.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_6f0f7833cb71e18d\trambling catfight feet .avi.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_5e4ff1f4cf2dee9b\animal sperm voyeur beautyfull .avi.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_6.1.7600.16385_none_49dd84a06c7c8863\hardcore hidden hole .rar.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8bfc34b93f0fdd42\british sperm [free] feet 50+ (Janette).avi.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ad7c61fb28607522\fetish trambling sleeping hole hotel (Liz).avi.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_05ea1d9b8e2bf020\fucking [free] leather .avi.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_4d274741486b900c\porn hardcore full movie black hairunshaved .avi.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_664dbffec8693dfe\american fetish gay voyeur cock black hairunshaved .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_39374e2435a71b47\british sperm catfight .zip.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ac16749b75335680\asian trambling hot (!) fishy .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_963e6ae24c653bfe\horse full movie black hairunshaved .avi.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_6.1.7600.16385_none_2958d4a31d2ec64f\danish gang bang lingerie [free] hole ash .avi.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\american action gay hidden shower .rar.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\brasilian beastiality trambling catfight cock high heels (Tatjana).rar.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_bacc7ceffc55dca2\cum beast hot (!) feet lady .avi.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Windows\SoftwareDistribution\Download\lingerie uncut hole .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_6.1.7600.16385_none_a727eb798dcfb185\lesbian uncut .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_de-de_5803850b2f40840e\bukkake girls feet girly (Samantha).mpg.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_965db382b6fef5cb\malaysia lingerie several models hotel (Sonja,Sylvia).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_cd2006602e5ee22e\beastiality hardcore several models cock femdom .mpg.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05\black cum lesbian [bangbus] (Sylvia).zip.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_7bfdfb15e7184c41\american nude gay [bangbus] glans .zip.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Windows\PLA\Templates\swedish kicking sperm hot (!) hole femdom .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_4fe2107fd06efdd8\tyrkish handjob horse voyeur titts .rar.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a3772de7111797da\african trambling hidden glans redhair .mpg.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8d9f242de8497d58\norwegian hardcore lesbian (Curtney).zip.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_9498b282333b64ec\asian xxx [free] cock .zip.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\japanese kicking sperm [free] traffic (Sonja,Samantha).avi.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8bc7919d3f36cee7\british xxx public titts .rar.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_it-it_18a6fde3093acac7\italian cum lingerie uncut feet upskirt .avi.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_6.1.7600.16385_none_af6f98ff87b0e3cc\cum beast [milf] mistress .mpg.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe
"C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe"
C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe
"C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe"
C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe
"C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 82.113.49.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.25.45.247.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.134.186.226.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.54.220.100.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.157.82.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 111.57.181.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.47.59.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 207.50.246.232.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.35.137.208.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 147.11.84.61.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.171.63.115.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.224.232.189.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 153.19.188.65.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 167.250.201.50.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.91.20.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 199.37.227.146.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.218.106.205.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.118.11.11.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.122.165.79.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 143.71.192.41.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 189.211.220.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.148.39.47.in-addr.arpa | udp |
Files
memory/2208-0-0x0000000000400000-0x000000000041E000-memory.dmp
C:\Program Files\Windows Sidebar\Shared Gadgets\danish kicking fucking several models titts swallow (Karin).mpeg.exe
| MD5 | a03f9a0e0dfdfeebd66a6baa213339d6 |
| SHA1 | c9157aa94a3a7a812896e85fead2d0414ddefa0b |
| SHA256 | 461ce891dbb6a9462612d342d9f58ecd8957ecce724e1c2cbff3ec6e2dfc8a39 |
| SHA512 | f3bbd53cd2352c85359d107af54cab89e302f3bc3a23a48e434b976896167fe4afd400748ff81de4929f7425f5024724962b90e7a3302e40534501efe79ab1af |
memory/2508-11-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2508-52-0x0000000004A40000-0x0000000004A5E000-memory.dmp
memory/2400-53-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2208-91-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2208-93-0x0000000004930000-0x000000000494E000-memory.dmp
memory/2508-96-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2508-98-0x0000000004A40000-0x0000000004A5E000-memory.dmp
memory/2400-99-0x0000000000400000-0x000000000041E000-memory.dmp
C:\debug.txt
| MD5 | e93afa9244194756059efb7d6c5ed678 |
| SHA1 | 4376d05f7f1615ff5a0aa8c9afdef0f1a51e61a3 |
| SHA256 | cc5a168b47c2a45bfa5b6504dcb271002bcf673e38b3ddc030d39d1f6f5dbece |
| SHA512 | 2ed701cffd9fe6f6df344b8d9e3804a4c7ccbfe6fff6a59516a711472ae2c332a143a6cf51bde0fa166ebc79d3c96a22ef1c0d26e2006c38801da8f7392f2d26 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-08 01:01
Reported
2024-04-08 01:04
Platform
win10v2004-20240319-en
Max time kernel
150s
Max time network
157s
Command Line
Signatures
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\config\systemprofile\blowjob girls (Curtney).rar.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\american nude hardcore lesbian stockings .rar.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\beast girls (Liz).zip.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Windows\System32\LogFiles\Fax\Incoming\american beastiality xxx lesbian pregnant .zip.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\sperm lesbian lady .mpg.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\danish porn horse licking .zip.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\xxx uncut 50+ .rar.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\SHARED\gay [free] (Janette).mpg.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\fucking hidden glans femdom (Janette).zip.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\black beastiality hardcore full movie balls .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\italian animal xxx uncut feet sm .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\SHARED\indian nude horse hidden bondage .avi.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\Common Files\microsoft shared\gay lesbian (Karin).rar.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Templates\italian porn gay masturbation hairy .rar.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\tyrkish horse lingerie [milf] wifey .avi.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Microsoft Shared\japanese beastiality horse uncut titts YEâPSè& (Janette).zip.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\beastiality fucking big (Karin).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Program Files\dotnet\shared\trambling girls glans mature .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Program Files\Microsoft Office\Updates\Download\indian nude trambling catfight upskirt .avi.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Shared Gadgets\gay big cock .rar.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\indian beastiality lesbian [bangbus] titts girly .zip.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\horse [bangbus] titts .rar.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\horse big titts hotel (Sylvia).mpg.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\horse girls shoes .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Install\{D3EA2F86-0081-495C-8439-1E64CA71F999}\EDGEMITMP_57EE5.tmp\tyrkish animal lingerie catfight femdom .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\brasilian action beast full movie titts .zip.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\japanese fetish xxx several models balls .avi.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\german bukkake several models .avi.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\Download\horse licking titts bondage .avi.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\tyrkish nude lingerie girls titts .mpg.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\brasilian beastiality gay [milf] girly (Kathrin,Sylvia).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\assembly\temp\black action beast voyeur traffic .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.1_none_abfc9db6c377b91f\gang bang lesbian [free] (Samantha).avi.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_10.0.19041.1_none_bd731e5b85dd203e\british xxx masturbation shower (Sonja,Karin).mpg.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-s..-kf-commondownloads_31bf3856ad364e35_10.0.19041.1_none_a914e3e3f19ceda1\black gang bang bukkake several models blondie .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_5b152a8d329397ec\norwegian lesbian [milf] (Liz).avi.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_62312bfbb33d478a\malaysia lesbian girls hole high heels .rar.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_e79b400a6df5fd2c\chinese beast lesbian hole (Sandy,Sarah).rar.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_ab42fb092bda9182\danish horse gay uncut Ôï .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_10.0.19041.1_none_4ac6500cab2b2113\german xxx [bangbus] feet (Christine,Jade).avi.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx4-uninstallsqlstatetemplate_sql_b03f5f7f11d50a3a_4.0.15805.0_none_db70a8ec1b999dd5\canadian lingerie hot (!) YEâPSè& .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_10.0.19041.1_none_551afa5edf8be30e\gay lesbian .zip.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_9aa486d790131d4e\asian fucking catfight girly .zip.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedpc-sharedpccsp_31bf3856ad364e35_10.0.19041.1_none_24f622f1fc5a3f3c\hardcore catfight .mpg.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.746_none_a06b29f6c4bab99e\danish gang bang xxx hidden traffic .zip.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_de-de_16bd831fd16633be\danish kicking xxx voyeur feet .mpg.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.1_none_a7ad1894592cfa12\cum xxx several models ash .mpg.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c3d467c525734eb3\action xxx public ejaculation .avi.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.1_none_0bc0f3d4cd7dc8fd\italian gang bang gay lesbian hole swallow .avi.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_887b2378b7b5651d\trambling girls feet hotel .avi.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_en-us_8dd6053a0a5910eb\danish handjob bukkake voyeur hotel .zip.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-sx-shared_31bf3856ad364e35_10.0.19041.1_none_f8e978b0ed48a6bb\black fetish sperm [bangbus] cock .zip.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Windows\assembly\tmp\italian action sperm lesbian hole black hairunshaved (Tatjana).rar.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Windows\CbsTemp\horse licking black hairunshaved .zip.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_855aff45853749ef\chinese hardcore [bangbus] feet sm (Karin).mpg.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-u..ell-sharedutilities_31bf3856ad364e35_10.0.19041.1_none_813610a8a9b59e0a\british xxx girls feet 40+ .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_es-es_c9ce604ef4cbf323\spanish horse [bangbus] femdom .zip.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1288_none_6115038ba57fcb33\swedish gang bang xxx [milf] circumcision .rar.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Windows\InputMethod\SHARED\lesbian big cock .mpg.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_6242879b1c08046f\italian fetish beast [free] cock YEâPSè& .avi.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Windows\SystemResources\Windows.ShellCommon.SharedResources\american horse trambling sleeping girly .mpg.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.746_none_2212358fc33cc10f\handjob blowjob [bangbus] hole Ôï (Melissa).zip.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..se-shared-datafiles_31bf3856ad364e35_10.0.19041.1_none_2f5f00d280dce9f6\kicking trambling voyeur cock (Anniston,Janette).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_en-us_64f5aaf4bb13ecef\swedish gang bang lingerie hidden cock YEâPSè& .mpg.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Windows\WinSxS\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_10.0.19041.1_none_15ba23b7f1e2b81b\american animal trambling hidden hole leather .rar.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\indian horse beast licking hole beautyfull .rar.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5fdc43acc1be690d\spanish bukkake lesbian cock ash .mpg.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_en-us_e5f85095c4bc5d16\blowjob full movie boots (Ashley,Janette).mpg.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx4-_dataperfcou.._shared12_neutral_h_b03f5f7f11d50a3a_4.0.15805.0_none_24ed4511dcc3019e\asian trambling masturbation .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_de-de_3d077a9cd5de5151\black fetish lingerie [bangbus] feet .avi.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.906_none_f962ab5f47e1e896\british blowjob full movie .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1_none_a23e6a858fad9595\indian beastiality hardcore several models blondie (Britney,Samantha).mpg.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\tyrkish handjob lingerie girls beautyfull .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_it-it_bdb6c49fcea35732\african sperm hot (!) cock lady .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..ces-ime-eashared-lm_31bf3856ad364e35_10.0.19041.1_none_4756d423b091d10b\malaysia lingerie uncut hole .avi.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_211cf1c632a13851\german horse catfight titts girly (Tatjana).zip.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_fd7349c396c417ae\trambling lesbian .rar.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_de-de_e4e52f411b7b0526\sperm hidden 50+ .avi.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_it-it_1a80ce63d483fe70\gang bang lingerie girls (Sarah).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx-aspnet-nonwow64-shared_b03f5f7f11d50a3a_4.0.19041.1_none_d66d07dacac85e2d\norwegian lingerie sleeping (Tatjana).avi.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_es-es_bf79b5fcc06b3128\chinese fucking sleeping titts traffic .zip.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.572_none_cf90e12518baac85\russian fetish gay hidden hole sweet (Sarah).mpg.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Windows\WinSxS\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_10.0.19041.1_none_c049dbdb4e15bdd2\japanese fetish gay full movie gorgeoushorny (Anniston,Tatjana).avi.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\gay catfight hole sm .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_10.0.19041.1_none_03040a328f65b761\gang bang horse masturbation sm .zip.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_fe0807c37141be7a\italian horse lesbian [bangbus] mistress .avi.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_bca64d70c79f104b\nude xxx hidden glans traffic (Liz).zip.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1288_none_ca3007304990b2ea\british hardcore uncut cock .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedrealitysvc_31bf3856ad364e35_10.0.19041.746_none_822bf1ada1526fa8\handjob lesbian full movie cock upskirt .avi.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Windows\WinSxS\x86_netfx4-installsqlstatetemplate_sql_b03f5f7f11d50a3a_4.0.15805.0_none_bde408a455fc3ece\chinese trambling masturbation cock mistress .mpg.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\russian horse lingerie girls upskirt .avi.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_56cd15352969a8d0\beastiality lesbian catfight titts granny .mpg.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_621728fcd3c9d5f6\fetish lingerie catfight circumcision .zip.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_8d8f6812a0c99533\asian blowjob [milf] balls .zip.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.546_none_cd016aa683e5a345\porn sperm uncut .mpg.exe | C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe
"C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe"
C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe
"C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe"
C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe
"C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe"
C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe
"C:\Users\Admin\AppData\Local\Temp\bf86072655409bdd535050d301c00970cf0ae8923df358ed13f0caebf21a7d91.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4092 --field-trial-handle=2292,i,2927097380497635931,2014459809064723663,262144 --variations-seed-version /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.154.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.114.53.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| NL | 142.250.179.138:443 | tcp | |
| GB | 172.165.61.93:443 | tcp | |
| IE | 94.245.104.56:443 | tcp | |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| GB | 51.140.244.186:443 | tcp | |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 13.107.246.64:443 | tcp | |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 153.190.182.194.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.231.107.143.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.229.106.147.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 239.245.56.19.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 162.113.151.125.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 246.91.6.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 236.42.206.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.7.233.58.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.153.172.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 63.234.34.236.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.43.168.166.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 62.32.65.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 166.111.181.25.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.167.146.11.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.156.82.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 63.167.7.155.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.132.107.25.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.251.132.130.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 211.247.166.255.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.90.188.181.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.69.245.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.37.30.198.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.114.18.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 39.123.249.59.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.95.185.234.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.183.184.30.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 164.25.222.176.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.23.19.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 190.224.240.71.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.127.112.179.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.43.202.73.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.18.22.27.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.149.157.180.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.103.100.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 44.136.156.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 213.68.208.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.173.189.20.in-addr.arpa | udp |
Files
memory/2748-0-0x0000000000400000-0x000000000041E000-memory.dmp
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\horse big titts hotel (Sylvia).mpg.exe
| MD5 | 2e6586ce83c317cdf5965cc6afc0fb65 |
| SHA1 | 9668508f384f000caaba57dd00b32f9fcec50601 |
| SHA256 | ddabeac1cc682386167cd85f850f3058295f3b9a21e236b966efeca2baa03d56 |
| SHA512 | de8473c99c77ba9695135037bb38714ae7acf19de59d3f686a42c58cc3dfb5bf8e5fadf1d45a32dcfe8548c174b437df30711c8ffbedfb70ed9ce54616fba13e |
memory/3776-11-0x0000000000400000-0x000000000041E000-memory.dmp
memory/4996-46-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1856-47-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2748-188-0x0000000000400000-0x000000000041E000-memory.dmp
memory/3776-192-0x0000000000400000-0x000000000041E000-memory.dmp
memory/4996-193-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1856-194-0x0000000000400000-0x000000000041E000-memory.dmp