Analysis Overview
SHA256
9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18
Threat Level: Known bad
The file 9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18 was found to be: Known bad.
Malicious Activity Summary
UPX dump on OEP (original entry point)
UPX dump on OEP (original entry point)
Detects executables containing possible sandbox analysis VM usernames
Checks computer location settings
Reads user/profile data of web browsers
UPX packed file
Adds Run key to start application
Enumerates connected drives
Drops file in System32 directory
Drops file in Windows directory
Drops file in Program Files directory
Enumerates physical storage devices
Unsigned PE
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-06 23:46
Signatures
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-06 23:46
Reported
2024-04-06 23:48
Platform
win7-20240220-en
Max time kernel
150s
Max time network
149s
Command Line
Signatures
Detects executables containing possible sandbox analysis VM usernames
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\config\systemprofile\malaysia xxx sperm [free] shoes .zip.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\malaysia cumshot kicking public .avi.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\spanish porn animal hot (!) (Liz,Janette).rar.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\shared\danish horse hidden .avi.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\asian gang bang hot (!) gorgeoushorny (Sylvia,Curtney).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\blowjob cumshot public .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\italian lesbian hardcore full movie glans .mpg.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\shared\blowjob public hole shoes .mpg.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Windows\System32\LogFiles\Fax\Incoming\italian kicking lingerie hot (!) castration .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\chinese porn xxx several models hole (Sonja).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\Common Files\Microsoft Shared\black gay sleeping glans wifey .rar.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Program Files\Windows Journal\Templates\german horse cum girls shower (Jenna,Jenna).mpg.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\microsoft shared\xxx hidden legs 50+ .mpg.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\indian trambling bukkake catfight sweet .zip.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Shared Gadgets\chinese cumshot full movie .rar.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\brasilian fetish handjob voyeur .zip.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\russian trambling uncut feet shoes .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\canadian horse [free] .zip.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\italian nude lingerie lesbian .rar.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\german beast kicking lesbian traffic (Janette,Liz).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\Download\brasilian action trambling masturbation beautyfull (Samantha).rar.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\action cum hidden bedroom .zip.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\fucking catfight (Ashley,Sylvia).mpg.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Program Files\DVD Maker\Shared\lesbian gay public cock .mpg.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\japanese horse several models nipples traffic (Christine,Curtney).rar.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_60c2504d62fd4f0e\beastiality big .mpg.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\spanish cumshot fetish public high heels .avi.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\brasilian beast handjob voyeur legs .mpg.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\italian cum gang bang uncut (Tatjana,Jade).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\beastiality fetish girls feet hairy .zip.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_bcc167434bb9b3ea\tyrkish fucking hardcore voyeur nipples (Sarah).zip.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8d9f242de8497d58\hardcore voyeur beautyfull .avi.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8bfc34b93f0fdd42\canadian kicking porn girls (Kathrin).zip.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_cd2006602e5ee22e\asian sperm hardcore catfight .mpg.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Windows\mssrv.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0835101f2d90c7b6\action beastiality public 50+ .avi.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_3c93ac15fd731acf\british beast sperm [bangbus] (Tatjana).rar.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_b7f38afb92de484f\porn voyeur .avi.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\beastiality handjob hidden sm .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_6.1.7600.16385_none_6377027f0030a06a\french handjob porn several models (Tatjana).rar.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_16a2bb1dbab1c595\swedish porn [free] .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\french fucking handjob catfight 40+ .rar.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_99b74194b7347cab\fucking lesbian bondage .avi.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ea4a469ab7713182\brasilian blowjob horse voyeur (Melissa,Samantha).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_05ea1d9b8e2bf020\handjob kicking public cock redhair .rar.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\russian beast lesbian hidden young .rar.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_94828572f7ddbf0f\trambling cumshot lesbian hairy .avi.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8bc7919d3f36cee7\hardcore public cock 40+ (Gina,Curtney).rar.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_39c9d74ef2ad6c7b\chinese action cum hidden 40+ .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_6.1.7600.16385_none_5499606faffb3f9f\japanese porn gang bang uncut YEâPSè& (Britney,Melissa).rar.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_6208b91f46896156\lingerie big ejaculation (Jenna).avi.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_5e4ff1f4cf2dee9b\chinese cum masturbation wifey .mpg.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\sperm [free] titts circumcision .rar.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05\nude handjob [bangbus] balls (Sonja).rar.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f25d066604c2ad34\danish gay big bedroom (Karin,Ashley).mpg.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0993a1b8823a4e79\fucking uncut sweet .avi.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8c6fc5a7aa8c435d\brasilian kicking animal hidden (Britney).zip.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_6f0f7833cb71e18d\canadian horse [free] .mpg.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_es-es_00bfb7e81e458178\italian animal hidden penetration .rar.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_965db382b6fef5cb\hardcore lesbian several models .zip.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_095efe9c8261401e\italian animal fetish full movie legs femdom .avi.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_65b23d3c3a97bfaf\fetish [free] .avi.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a3772de7111797da\german beast hardcore public .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_39374e2435a71b47\italian kicking gang bang licking .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_dba3691c6002e10e\italian horse full movie .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\lingerie cumshot several models upskirt .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_7bfdfb15e7184c41\italian bukkake action voyeur hotel .avi.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Windows\Downloaded Program Files\asian hardcore kicking full movie .zip.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_664dbffec8693dfe\chinese lingerie several models beautyfull .zip.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Windows\security\templates\swedish hardcore cum licking mistress (Janette,Ashley).mpg.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_d81c96999f75bd77\african hardcore public blondie (Jade,Sylvia).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_de-de_5803850b2f40840e\sperm big .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_6.1.7600.16385_none_49dd84a06c7c8863\black handjob nude masturbation (Christine,Kathrin).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Windows\winsxs\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_6b16fa9f975e1109\handjob fetish hidden shoes .zip.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0af98f1835676d1b\german gay nude hot (!) fishy (Sonja,Sonja).rar.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_1412267f4b3bb985\brasilian cum licking .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ac16749b75335680\cumshot lesbian several models .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_963e6ae24c653bfe\american lingerie lesbian penetration .mpg.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\spanish beast hot (!) circumcision .avi.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_it-it_18a6fde3093acac7\japanese sperm beastiality several models bondage .zip.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_6.1.7600.16385_none_af6f98ff87b0e3cc\russian trambling lesbian bedroom (Curtney).mpg.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_3d98a610fed70b75\gay beastiality hidden glans girly (Samantha).avi.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_aedaf3947d09fbe5\malaysia beastiality licking cock .avi.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\danish gay [free] upskirt .zip.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_4fe2107fd06efdd8\blowjob blowjob voyeur granny (Sandy).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_aea650787d30ed8a\xxx [bangbus] titts castration .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\nude hardcore masturbation hairy .rar.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\Downloads\horse cum licking glans 50+ (Sonja,Jade).zip.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_en-us_00f45b041e1e8fd3\spanish sperm masturbation .avi.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe
"C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe"
C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe
"C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe"
C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe
"C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 253.7.88.124.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 230.9.220.164.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.178.221.203.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.32.187.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 231.104.110.122.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.190.111.251.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.241.108.220.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 244.86.114.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.223.187.53.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 135.228.201.159.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.206.75.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.239.237.171.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.113.150.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.73.64.144.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.13.79.55.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.203.22.68.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 143.25.92.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.194.209.85.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.214.209.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 243.145.26.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.202.18.169.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.161.89.181.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 38.37.224.72.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.54.110.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.120.20.113.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.28.13.83.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.81.177.127.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.95.187.10.in-addr.arpa | udp |
Files
memory/2372-0-0x0000000000400000-0x0000000000421000-memory.dmp
C:\Program Files\Windows Sidebar\Shared Gadgets\chinese cumshot full movie .rar.exe
| MD5 | 9e5519a482aea15426dca86db265b7f0 |
| SHA1 | 69e9de45ef2604980dfe6179bce35ef821c67344 |
| SHA256 | f989149e4a50b6929efed2929ddce7d2abd7c04a63e33dd96f220edd5806e365 |
| SHA512 | 727ee9544d2551933abf35c7415eb2f1cd88d687b32895c29e5d4656623045df4258fb0457f995042bb65856879121ef57adc7edc3b710b6793704321a6088f6 |
memory/2372-65-0x0000000005190000-0x00000000051B1000-memory.dmp
memory/2608-66-0x0000000000400000-0x0000000000421000-memory.dmp
memory/2608-90-0x0000000004590000-0x00000000045B1000-memory.dmp
memory/2480-91-0x0000000000400000-0x0000000000421000-memory.dmp
memory/2372-108-0x0000000000400000-0x0000000000421000-memory.dmp
memory/2372-110-0x0000000005190000-0x00000000051B1000-memory.dmp
memory/2608-111-0x0000000000400000-0x0000000000421000-memory.dmp
memory/2608-112-0x0000000004590000-0x00000000045B1000-memory.dmp
memory/2480-113-0x0000000000400000-0x0000000000421000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-06 23:46
Reported
2024-04-06 23:48
Platform
win10v2004-20240226-en
Max time kernel
150s
Max time network
151s
Command Line
Signatures
Detects executables containing possible sandbox analysis VM usernames
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\config\systemprofile\swedish nude blowjob [bangbus] .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\lesbian sleeping swallow .mpg.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\black animal lingerie catfight shoes .avi.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\sperm [bangbus] (Melissa).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\SHARED\italian kicking horse big blondie .mpg.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Windows\System32\LogFiles\Fax\Incoming\lingerie [milf] stockings .rar.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\black gang bang horse voyeur redhair .rar.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\fucking hot (!) .zip.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\SHARED\tyrkish cum hardcore [bangbus] mistress .avi.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\fucking uncut granny (Anniston,Curtney).avi.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\gang bang sperm catfight cock ejaculation .rar.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\black gang bang xxx girls circumcision .mpg.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\Microsoft Office\root\Templates\black fetish hardcore big (Sylvia).avi.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Shared Gadgets\russian fetish lingerie catfight gorgeoushorny .rar.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\malaysia blowjob hidden hole .rar.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\tyrkish porn lingerie voyeur glans sweet .zip.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\sperm several models (Sylvia).zip.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\danish gang bang beast licking .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\swedish beastiality gay full movie glans girly .rar.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\tyrkish action lingerie licking glans high heels .zip.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Program Files\Microsoft Office\Updates\Download\beast masturbation cock ash .zip.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\Download\italian fetish lesbian voyeur hole balls .rar.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\black horse horse girls upskirt .mpg.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\hardcore big ash .rar.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\brasilian handjob horse [free] hole girly (Janette).mpg.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Program Files\dotnet\shared\japanese porn lesbian hidden hole lady (Karin).zip.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\blowjob [bangbus] titts (Sonja,Sylvia).zip.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\brasilian kicking fucking catfight castration .zip.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\russian fetish lingerie hot (!) high heels (Britney,Jade).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Microsoft Shared\swedish nude horse lesbian cock .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.789_en-us_58ebf9ecc407e3c0\nude fucking full movie 50+ .rar.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_ca03036af4a5017e\american nude beast lesbian glans (Jenna,Samantha).mpg.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.746_none_de598551b74a3964\chinese lingerie [milf] (Tatjana).rar.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\templates\tyrkish handjob lingerie uncut (Jade).mpg.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.1_none_c6da8048542fddc7\brasilian cum xxx uncut .rar.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.1_none_abfc9db6c377b91f\xxx catfight pregnant .mpg.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_it-it_72a319bf8ee74a9b\french lingerie girls wifey .zip.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_10.0.19041.1_none_c513167c1d0a90dd\beastiality hardcore masturbation .zip.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Windows\SoftwareDistribution\Download\brasilian action lesbian sleeping YEâPSè& .zip.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_ab42fb092bda9182\french xxx hidden swallow (Sonja,Janette).zip.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_ee7ea14f7d8a3ee3\porn horse lesbian .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedpc-sharedpccsp_31bf3856ad364e35_10.0.19041.746_none_4cfe603abbcbfd86\malaysia gay girls balls .rar.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_de-de_e4e52f411b7b0526\canadian trambling voyeur glans black hairunshaved (Samantha).mpg.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_fe0807c37141be7a\norwegian xxx uncut redhair .rar.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_10.0.19041.1_none_ae957c4c35a7bf73\action beast [milf] .mpg.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Windows\assembly\temp\bukkake masturbation glans bondage .zip.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_14c898cc82025c76\italian beastiality lesbian [bangbus] glans hairy (Liz).rar.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_10.0.19041.1_none_01240756137c3159\chinese horse voyeur titts .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_3058d81cfd5218f2\fetish gay licking (Samantha).rar.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_10.0.19041.1_none_359f84f8e5af60e2\french trambling uncut sm .avi.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_8d8f6812a0c99533\norwegian fucking [free] cock sweet .avi.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Windows\mssrv.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_1bbb9ab9fc52bac9\malaysia lingerie masturbation (Janette).rar.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_10.0.19041.746_none_e2c6a972a81b8d2c\japanese cum hardcore [free] .avi.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Windows\WinSxS\x86_netfx4-uninstallsqlstatetemplate_sql_b03f5f7f11d50a3a_4.0.15805.0_none_231ddfc33015c6db\tyrkish handjob lingerie girls .zip.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_833abdc06c68d338\indian nude xxx licking .mpg.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_10.0.19041.1_none_551afa5edf8be30e\beastiality hardcore full movie (Karin).rar.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\russian beastiality trambling sleeping balls .avi.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1_none_3cfd44d351b1a8ab\african bukkake several models swallow .avi.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.572_none_d9e58b774d1b6e80\british lingerie masturbation feet boots .zip.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1288_none_6115038ba57fcb33\canadian blowjob sleeping (Janette).avi.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d38ece58f77171b4\indian kicking gay hidden (Curtney).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.746_none_2212358fc33cc10f\chinese gay hidden cock gorgeoushorny .mpg.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..s-ime-eashared-ihds_31bf3856ad364e35_10.0.19041.1_none_e8996b7d3512363f\kicking sperm several models hotel .avi.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_10.0.19041.1_none_8c0b126c198fcf70\black gang bang lesbian catfight titts hairy .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx4-uninstallsqlstatetemplate_sql_b03f5f7f11d50a3a_4.0.15805.0_none_db70a8ec1b999dd5\british lesbian hot (!) hole .avi.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.1_none_4a03fd12cb3f16c2\swedish fetish lesbian voyeur cock latex .mpg.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.867_en-us_49453482f1fb5356\xxx voyeur .rar.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx4-_dataoraclec.._shared12_neutral_h_b03f5f7f11d50a3a_4.0.15805.0_none_3b8d4dacc2ea6b71\italian handjob xxx masturbation .zip.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_fad1fa0072ef4a3a\horse fucking public boots .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Windows\WinSxS\x86_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_10.0.19041.1_none_34e3bab50607a64b\hardcore lesbian 50+ .mpg.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Windows\Downloaded Program Files\fucking masturbation (Liz).rar.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.1_none_fa09f84703cb02c5\cum hardcore hot (!) titts swallow .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_es-es_bf79b5fcc06b3128\fetish lesbian hot (!) .zip.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_10.0.19041.1_none_bd731e5b85dd203e\russian porn fucking [milf] .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_4c786ae2f508e6d5\nude lesbian hot (!) fishy .zip.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.964_none_1c1a193f5bfcf136\danish porn sperm [milf] cock .rar.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.844_none_67b5915b5651dd8a\handjob horse girls hairy .zip.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_de-de_16bd831fd16633be\bukkake hot (!) blondie (Kathrin,Samantha).zip.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_10.0.19041.1_none_a3d9a07cf2290837\british sperm sleeping .rar.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx4-_dataperfcou.._shared12_neutral_h_b03f5f7f11d50a3a_4.0.15805.0_none_24ed4511dcc3019e\african gay licking (Curtney).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_it-it_56adcc94becfef03\american action hardcore hot (!) .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_10.0.19041.746_none_292c449ed2edefa3\japanese beastiality blowjob girls wifey .rar.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.1_none_a7ad1894592cfa12\horse xxx [free] hole .mpg.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedrealitysvc_31bf3856ad364e35_10.0.19041.1_none_5a23b464e1e0b15e\bukkake voyeur .mpg.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Windows\WinSxS\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_10.0.19041.1_none_c049dbdb4e15bdd2\horse xxx hidden granny .avi.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx-aspnet-nonwow64-shared_b03f5f7f11d50a3a_4.0.19041.1_none_d66d07dacac85e2d\handjob gay voyeur granny .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Windows\WinSxS\msil_microsoft.powershel..filedownloadmanager_31bf3856ad364e35_10.0.19041.1_none_cb69bad627df9263\russian beastiality hardcore several models hole traffic .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_a4f93129c473df49\french hardcore several models .avi.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_de-de_21122d7205c6f5b9\porn lingerie several models hairy .zip.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_de-de_881b257d159a5de8\beast masturbation titts .rar.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_887b2378b7b5651d\chinese sperm big (Karin).zip.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1288_none_56c05939711f0938\indian nude sperm girls hole (Christine,Sylvia).zip.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_10.0.19041.1_none_91025638be651781\horse gay catfight femdom (Ashley,Melissa).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe
"C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe"
C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe
"C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe"
C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe
"C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe"
C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe
"C:\Users\Admin\AppData\Local\Temp\9cf3453b79ed713408eeb6e87e1af53a42d76ffc259c727139d0bc702a35df18.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 122.123.131.202.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.127.107.82.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 177.105.82.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.6.182.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 62.70.244.136.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 242.139.32.180.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.81.130.237.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 191.1.124.235.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 239.25.2.156.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.83.123.120.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 214.88.151.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.56.16.137.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.210.8.215.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.7.66.73.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 61.107.139.196.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.144.51.16.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.78.63.83.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.102.118.210.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.123.38.14.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 204.66.49.194.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 174.169.148.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.78.164.79.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 85.244.28.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.101.31.183.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 126.49.182.31.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.94.108.160.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 213.45.42.73.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 47.95.116.115.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.38.96.191.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.190.14.24.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.193.215.251.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.76.206.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.246.235.125.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.99.19.227.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.135.251.148.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 201.107.67.41.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.56.255.233.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.89.248.102.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.140.115.170.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.26.91.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.240.132.164.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.211.170.70.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 162.124.251.14.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 128.247.237.9.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 139.92.94.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.103.245.119.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 248.50.47.227.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.173.102.110.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.109.203.86.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.155.106.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.135.153.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.32.158.144.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.196.209.231.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.142.145.17.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.238.219.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.29.229.100.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.107.215.227.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.85.246.145.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 96.74.23.62.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.158.180.5.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 118.86.195.124.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.6.93.125.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.37.141.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 214.165.110.59.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.215.141.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.200.179.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.223.248.179.in-addr.arpa | udp |
Files
memory/64-0-0x0000000000400000-0x0000000000421000-memory.dmp
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\tyrkish action lingerie licking glans high heels .zip.exe
| MD5 | 16ddcd5448567e961872b518bbfbb8bc |
| SHA1 | f879483b49b7a420aecdde9ce8b4eed33834b601 |
| SHA256 | b270d7538820cf0381a4ff07f8ff7721e1513572d3cf50683eacf29b21c6eaae |
| SHA512 | ed2604f3e3dae0703621559848d79d40065fc3ecf1a5d444a2dd8a1f87645783b25b684ee3c1e2a35bd724576781ff3b45e9920b5af507dbb64c5edcc6002dd0 |
memory/4476-85-0x0000000000400000-0x0000000000421000-memory.dmp
memory/4784-163-0x0000000000400000-0x0000000000421000-memory.dmp
memory/3108-164-0x0000000000400000-0x0000000000421000-memory.dmp
memory/64-193-0x0000000000400000-0x0000000000421000-memory.dmp
memory/4476-194-0x0000000000400000-0x0000000000421000-memory.dmp
memory/4784-196-0x0000000000400000-0x0000000000421000-memory.dmp
memory/3108-197-0x0000000000400000-0x0000000000421000-memory.dmp
C:\debug.txt
| MD5 | ce55335e847ff3f9eed91bd25c352bc4 |
| SHA1 | 0d3d02306195a9f1e98613a1ea6306a09722c7f0 |
| SHA256 | 99b037d7e2c2ded1db053dc114131f36fdf4c1003b2d89d35ea22564985b2f5e |
| SHA512 | 3365731432c31cddc79de5d2d33c568516685d2fe58abcb279e9221da363144c2f67d2c6adb9d784aefcf10c0ceca45820d25cbd35df7580cf19f2a530d205d4 |