Analysis Overview
SHA256
3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1
Threat Level: Known bad
The file 3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1 was found to be: Known bad.
Malicious Activity Summary
UPX dump on OEP (original entry point)
UPX dump on OEP (original entry point)
Detects executables containing possible sandbox analysis VM usernames
Checks computer location settings
Reads user/profile data of web browsers
UPX packed file
Adds Run key to start application
Enumerates connected drives
Drops file in System32 directory
Drops file in Program Files directory
Drops file in Windows directory
Unsigned PE
Enumerates physical storage devices
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-07 20:16
Signatures
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-07 20:16
Reported
2024-04-07 20:18
Platform
win10v2004-20240226-en
Max time kernel
150s
Max time network
151s
Command Line
Signatures
Detects executables containing possible sandbox analysis VM usernames
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\System32\LogFiles\Fax\Incoming\horse lesbian hole circumcision .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\brasilian gang bang bukkake [bangbus] penetration .rar.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\black cumshot lesbian sleeping .rar.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\blowjob hot (!) hairy .zip.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\french hardcore uncut gorgeoushorny .avi.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\SHARED\gay voyeur .mpg.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\SHARED\black beastiality gay big (Karin).rar.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\sperm [free] titts bondage .avi.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\american cumshot bukkake girls girly .rar.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\gay hot (!) cock mature (Melissa).avi.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\italian cumshot gay big high heels .avi.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\russian cumshot gay lesbian stockings .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\indian cumshot xxx full movie lady .zip.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Program Files\Microsoft Office\Updates\Download\blowjob hot (!) castration (Sonja,Sarah).rar.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\xxx big hotel (Ashley,Sylvia).rar.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\beastiality trambling [milf] .zip.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\Download\xxx hot (!) beautyfull .rar.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\danish action beast lesbian titts .avi.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Program Files\dotnet\shared\bukkake licking boots .rar.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\japanese handjob xxx lesbian leather .rar.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Shared Gadgets\bukkake uncut hole .mpg.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\tyrkish cum fucking hot (!) .rar.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Microsoft Shared\italian cumshot xxx uncut YEâPSè& .zip.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\sperm catfight high heels .zip.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\fucking several models .avi.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\brasilian kicking fucking lesbian glans .mpg.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Templates\danish porn trambling lesbian .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\swedish beastiality xxx lesbian glans .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\russian action sperm full movie black hairunshaved .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\gay full movie titts (Sandy,Liz).avi.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_f8d34ba1b1eb00de\chinese gay lesbian cock ejaculation (Sarah).zip.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_2426cc56d654beaa\animal beast girls .mpg.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c3d467c525734eb3\lesbian big titts penetration .zip.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_en-us_64f5aaf4bb13ecef\asian beast several models hole sweet (Sarah).avi.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-update-upshared_31bf3856ad364e35_10.0.19041.84_none_85259eff919b7c9e\action lingerie [free] glans young .mpg.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx-shared_registry_whidbey_31bf3856ad364e35_10.0.19041.1_none_1c68775f06732f08\spanish sperm full movie (Janette).avi.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Windows\WinSxS\msil_microsoft.powershel..filedownloadmanager_31bf3856ad364e35_10.0.19041.1_none_cb69bad627df9263\italian animal horse girls feet girly .avi.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Windows\WinSxS\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_10.0.19041.1_none_a723631dce180fe0\fetish fucking girls (Janette).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_es-es_bf79b5fcc06b3128\african xxx licking .avi.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_ee7ea14f7d8a3ee3\trambling [bangbus] (Sylvia).zip.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-t..ervices-tsfairshare_31bf3856ad364e35_10.0.19041.1_none_e32b64807ab11fd2\gang bang xxx masturbation .zip.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_fad1fa0072ef4a3a\russian fetish blowjob [milf] castration .mpg.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Windows\WinSxS\x86_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_10.0.19041.1_none_34e3bab50607a64b\asian trambling [bangbus] ejaculation .avi.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_5af076e0a3cb0fa7\nude lesbian masturbation sm (Sonja,Janette).rar.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedrealitysvc_31bf3856ad364e35_10.0.19041.1_none_5a23b464e1e0b15e\lingerie [free] (Sarah).avi.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Windows\WinSxS\x86_netfx4-uninstallsqlstatetemplate_sql_b03f5f7f11d50a3a_4.0.15805.0_none_231ddfc33015c6db\norwegian lesbian catfight feet .mpg.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_it-it_bdb6c49fcea35732\indian cumshot beast girls feet hairy .mpg.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_fe0807c37141be7a\spanish bukkake big gorgeoushorny .avi.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-sx-shared_31bf3856ad364e35_10.0.19041.1_none_f8e978b0ed48a6bb\kicking lesbian several models cock .zip.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_10.0.19041.1_none_551afa5edf8be30e\lesbian [milf] titts beautyfull .mpg.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1_none_97e9c0335b4cd39a\beast public .avi.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_10.0.19041.1_none_359f84f8e5af60e2\animal xxx voyeur (Tatjana).zip.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\black gang bang gay hidden glans .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d38ece58f77171b4\canadian lesbian hidden pregnant .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_10.0.19041.746_none_e2c6a972a81b8d2c\lesbian big ash (Jenna,Liz).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-t..ervices-tsfairshare_31bf3856ad364e35_10.0.19041.746_none_0b33a1c93a22de1c\nude horse full movie (Melissa).zip.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Windows\WinSxS\x86_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_10.0.19041.1_none_d980e9752d51efac\nude bukkake masturbation hole leather (Tatjana).avi.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-u..ell-sharedutilities_31bf3856ad364e35_10.0.19041.1_none_813610a8a9b59e0a\chinese hardcore sleeping granny (Christine,Samantha).avi.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.1_none_b6514808f7d87b1a\tyrkish action xxx lesbian .rar.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1202_none_d8a1416ab7cccdcf\nude xxx several models titts traffic .zip.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_es-es_64c107d8bb3ade94\british sperm hidden bedroom .zip.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_10.0.19041.207_none_e2f2dfeea7fa44fc\french bukkake full movie feet .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.1_none_b201c2e68d8dbc0d\gang bang blowjob licking feet .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_bfae5918c0443f83\brasilian cumshot beast public titts hairy .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..se-shared-datafiles_31bf3856ad364e35_10.0.19041.1_none_2f5f00d280dce9f6\russian fetish lesbian [free] swallow .avi.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-update-upshared_31bf3856ad364e35_10.0.19041.1151_none_025296d718a7b3a8\japanese cum trambling masturbation .zip.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_56cd15352969a8d0\spanish beast several models glans beautyfull .zip.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_10.0.19041.1_none_4ac6500cab2b2113\norwegian lesbian several models latex .avi.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_es-es_c9ce604ef4cbf323\gang bang hardcore big cock shoes .rar.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_10.0.19041.1_none_c513167c1d0a90dd\porn horse sleeping (Karin).zip.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Windows\PLA\Templates\fucking [bangbus] YEâPSè& (Sonja,Karin).zip.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.867_none_c29826784f9429f8\spanish xxx [bangbus] feet (Sonja,Sylvia).avi.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_5abbd3c4a3f2014c\beastiality lingerie [milf] .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.84_none_cee95e04c201c860\asian lingerie voyeur cock (Ashley,Jade).avi.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\Downloads\gay [free] feet girly (Janette).avi.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_de-de_3d077a9cd5de5151\indian porn lingerie voyeur high heels (Ashley,Tatjana).avi.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_6c85d64de79e0985\fetish xxx hidden glans shoes .zip.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Windows\WinSxS\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_10.0.19041.1_none_4ab14109a3e1e067\brasilian action lesbian full movie gorgeoushorny .avi.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_5d54c0aac5c3c12c\danish cumshot lesbian full movie glans fishy (Sarah).mpg.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.153_none_e23c926e32d07dc1\beastiality trambling voyeur wifey .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5fdc43acc1be690d\chinese lingerie licking feet .zip.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.1_none_a80cea873b2a6772\indian handjob horse sleeping gorgeoushorny .avi.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.1_none_4a03fd12cb3f16c2\japanese porn sperm [bangbus] (Samantha).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_10.0.19041.1_none_965fbcbe4df0916b\african sperm catfight lady .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1288_none_6115038ba57fcb33\american animal lesbian [milf] wifey .avi.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.867_en-us_49453482f1fb5356\fetish xxx big mistress .mpg.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..ces-ime-eashared-lm_31bf3856ad364e35_10.0.19041.1_none_3d0229d17c310f10\fetish bukkake [free] hole .avi.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_57eddd48e7a74274\nude fucking several models titts boots .avi.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_9aa486d790131d4e\sperm [milf] glans Ôï .mpg.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.84_none_c494b3b28da10665\blowjob voyeur balls (Ashley,Liz).mpg.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-security-ntlmshared_31bf3856ad364e35_10.0.19041.1_none_7d9dab4e456449b1\blowjob big ash (Christine,Sarah).zip.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.906_none_f962ab5f47e1e896\bukkake licking feet (Anniston,Melissa).rar.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_f07d4fae3e8e883f\british blowjob lesbian .avi.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.1_none_a7ad1894592cfa12\kicking beast uncut .zip.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe
"C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe"
C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe
"C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe"
C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe
"C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe"
C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe
"C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.171.91.138.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.118.77.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 191.239.25.144.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 142.88.109.134.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.198.42.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 61.18.65.227.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 147.60.180.215.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.194.123.245.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 244.2.190.58.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.149.29.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 188.194.249.17.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 87.109.86.139.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.20.25.254.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 250.185.35.32.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 166.168.78.208.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 218.138.194.15.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 168.238.58.126.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 231.66.70.33.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 179.141.241.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.219.25.211.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 60.175.218.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.34.44.110.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.148.10.116.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 218.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.225.177.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.94.80.155.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 127.156.218.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.53.172.147.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.28.137.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 115.192.225.117.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.157.190.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.49.226.79.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.198.100.226.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.135.20.48.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.106.104.226.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.247.137.63.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.47.207.164.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 190.252.5.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 111.102.1.180.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 177.67.69.31.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.6.189.53.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 211.92.27.107.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 215.231.132.138.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.14.77.169.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 224.152.31.215.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.174.181.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.70.214.22.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.135.66.99.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.239.9.68.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 128.207.226.213.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.177.84.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 189.11.178.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.120.248.145.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 51.168.199.112.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.18.201.212.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 223.46.8.189.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 168.66.128.160.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.155.62.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.226.174.107.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.105.215.206.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.6.39.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 246.40.135.223.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 159.47.58.81.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.53.155.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.125.70.215.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.249.52.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 187.138.174.236.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 244.20.97.83.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 184.137.103.33.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.252.249.94.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.104.77.11.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 164.42.90.179.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.173.189.20.in-addr.arpa | udp |
Files
memory/1932-0-0x0000000000400000-0x0000000000420000-memory.dmp
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\indian cumshot xxx full movie lady .zip.exe
| MD5 | 74562aff151f937ced5a0003608f17f6 |
| SHA1 | 49308e10bb5cdabdcd8d88a02f69fbb7235d498f |
| SHA256 | b118ac5b47a810bd52c7f02b26a8728e29feaf2925a2d764934055ebad230f92 |
| SHA512 | 879b02c05f4d2a553e6ff5baff748d5d90314d8c83e2c66724a7e4211ff2f0feb959cf1e4cd76019f00a2eacd60f9037e8ec5c676f42f140ab69e44ad982899a |
memory/4980-11-0x0000000000400000-0x0000000000420000-memory.dmp
memory/1360-142-0x0000000000400000-0x0000000000420000-memory.dmp
memory/4008-147-0x0000000000400000-0x0000000000420000-memory.dmp
memory/1932-191-0x0000000000400000-0x0000000000420000-memory.dmp
memory/4980-196-0x0000000000400000-0x0000000000420000-memory.dmp
memory/1360-197-0x0000000000400000-0x0000000000420000-memory.dmp
memory/4008-201-0x0000000000400000-0x0000000000420000-memory.dmp
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-07 20:16
Reported
2024-04-07 20:18
Platform
win7-20240221-en
Max time kernel
150s
Max time network
154s
Command Line
Signatures
Detects executables containing possible sandbox analysis VM usernames
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\IME\shared\russian horse bukkake big .rar.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\african bukkake catfight .avi.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Windows\System32\LogFiles\Fax\Incoming\brasilian horse horse catfight 40+ .zip.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\gay uncut .rar.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\shared\japanese cum beast [milf] hole (Gina,Karin).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\american beastiality lesbian big sweet .mpg.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\american animal lingerie [milf] gorgeoushorny .rar.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\blowjob several models boots (Sandy,Sylvia).avi.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\brasilian animal blowjob catfight glans redhair .zip.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\black gang bang beast catfight .mpg.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Common Files\microsoft shared\hardcore voyeur titts .zip.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\black animal xxx sleeping (Janette).avi.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Program Files\DVD Maker\Shared\indian animal lesbian licking cock boots .rar.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Shared Gadgets\sperm catfight hairy .zip.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\fucking voyeur cock hotel .zip.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\Download\tyrkish kicking horse [milf] ash .avi.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\indian animal xxx sleeping boots .zip.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\beast public feet .rar.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\gay [free] hole granny (Karin).mpg.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\japanese cum xxx full movie ash .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\bukkake masturbation glans leather (Jade).rar.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\hardcore masturbation mature .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\lingerie full movie glans swallow (Sarah).avi.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\russian beastiality bukkake [bangbus] glans .zip.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Program Files\Windows Journal\Templates\indian handjob xxx licking shower .rar.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_99b74194b7347cab\british gay hidden glans pregnant .rar.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8bc7919d3f36cee7\gang bang lingerie public sm .avi.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_664dbffec8693dfe\brasilian nude gay hot (!) feet (Christine,Curtney).rar.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Windows\mssrv.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\lingerie public titts .zip.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\american cumshot trambling full movie glans .avi.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\trambling uncut stockings .mpg.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\italian handjob hardcore full movie cock 40+ .zip.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_4fe2107fd06efdd8\danish beastiality horse [free] glans redhair .mpg.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_1412267f4b3bb985\italian kicking gay voyeur feet hotel .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_b7f38afb92de484f\trambling hidden glans penetration .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\tyrkish gang bang bukkake uncut .zip.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Windows\SoftwareDistribution\Download\italian gang bang horse sleeping mature .rar.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\Downloads\black animal lingerie masturbation titts .zip.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_f0ca3430257ea13f\african beast hot (!) (Sarah).zip.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f25d066604c2ad34\cum bukkake sleeping high heels (Sonja,Sylvia).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_34400a5790d1d336\german lingerie [milf] hole high heels .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8d9f242de8497d58\canadian horse hot (!) (Tatjana).rar.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_f3c374fc18118ca2\danish animal xxx hidden .zip.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\danish animal fucking full movie glans (Sandy,Samantha).mpg.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Windows\PLA\Templates\horse licking hole .zip.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_6.1.7600.16385_none_5499606faffb3f9f\italian porn horse big titts 50+ (Sarah).rar.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_9498b282333b64ec\norwegian trambling [free] glans balls .mpg.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_3c93ac15fd731acf\chinese beast licking (Liz).mpg.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_095efe9c8261401e\chinese blowjob licking cock .mpg.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\danish porn sperm [bangbus] .mpg.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_d81c96999f75bd77\japanese fetish lesbian [free] feet shower .avi.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\danish horse sperm licking fishy .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\japanese animal gay licking bedroom .zip.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_60a2cbbf935c42b4\porn sperm full movie hole .rar.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\bukkake masturbation fishy .avi.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_en-us_00f45b041e1e8fd3\swedish horse xxx [bangbus] hotel .avi.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5d9f7d70ed4643fd\american cum beast sleeping glans .rar.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_6f0f7833cb71e18d\swedish action beast lesbian (Sylvia).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ad7c61fb28607522\norwegian beast catfight cock .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_3d98a610fed70b75\swedish fetish fucking masturbation redhair (Ashley,Sylvia).mpg.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_d8216ed3d8746200\action trambling public (Sarah).avi.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\danish gang bang bukkake lesbian fishy (Sandy,Jade).mpg.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_bcc167434bb9b3ea\porn xxx catfight sm (Anniston,Liz).mpg.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ea4a469ab7713182\blowjob catfight glans .mpg.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0ac4ebfc358e5ec0\indian nude trambling several models titts pregnant (Sylvia).zip.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_39c9d74ef2ad6c7b\japanese action xxx voyeur femdom .mpg.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_aedaf3947d09fbe5\norwegian fucking [free] .avi.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\tyrkish cumshot gay hidden granny .zip.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0835101f2d90c7b6\african hardcore voyeur (Liz).avi.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_ddab3bcb3a4ffb45\german trambling public sm .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\american gang bang lesbian uncut hole .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Windows\assembly\temp\hardcore hidden hole .mpg.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Windows\assembly\tmp\italian handjob gay [bangbus] feet sm (Melissa).avi.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Windows\security\templates\brasilian handjob fucking public titts leather .rar.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05\spanish sperm [bangbus] cock .rar.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_94828572f7ddbf0f\cumshot sperm hidden titts .rar.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_515dc677700303ec\spanish bukkake hot (!) (Melissa).zip.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_6.1.7600.16385_none_2958d4a31d2ec64f\lesbian hot (!) redhair .avi.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\italian horse fucking public .avi.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_00225053e03f4c04\black cum sperm lesbian titts .rar.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_6.1.7600.16385_none_49dd84a06c7c8863\norwegian lesbian public glans penetration (Samantha).zip.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8bfc34b93f0fdd42\beastiality lesbian catfight .avi.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0af98f1835676d1b\chinese lingerie catfight swallow .mpg.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_97a45841ff925aa0\russian porn xxx hot (!) bedroom .avi.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_293ea1e3e6bc5364\beast public titts lady .rar.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_cd2006602e5ee22e\fetish sperm full movie sm .rar.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-m..-temptable-provider_31bf3856ad364e35_6.1.7600.16385_none_1dd3ce8d1e7524cd\action bukkake full movie cock young .zip.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
| File created | C:\Windows\winsxs\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_79642285ffd2a388\french trambling [free] hole .rar.exe | C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe
"C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe"
C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe
"C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe"
C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe
"C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe"
C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe
"C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 253.13.136.36.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.2.131.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.103.126.250.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.204.207.49.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 167.197.102.225.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.57.110.115.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.160.169.76.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 224.170.251.198.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.140.7.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.241.35.247.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 207.46.248.211.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 246.153.211.205.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.230.29.48.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.240.221.60.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.126.93.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 126.179.227.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.59.59.136.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.130.94.212.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.1.156.78.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 207.227.116.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 219.154.221.133.in-addr.arpa | udp |
Files
memory/2612-0-0x0000000000400000-0x0000000000420000-memory.dmp
C:\Program Files\Windows Sidebar\Shared Gadgets\sperm catfight hairy .zip.exe
| MD5 | d8c8c5461863f04c16027abf4584233f |
| SHA1 | 9a34df78ffc026236a52784547f36b31365933b8 |
| SHA256 | 5beba572836cc8552565bf89c3499163f717ea62f3c446a9e4c17f30db822704 |
| SHA512 | 5fa2ce5009b713c43e47c579401d98a4dffbb61290ee311f39c875ea0f9ac509213eaaaeef55295a0d8dfbcf712a213134671c17c87fc399632748f06d529304 |
memory/2612-8-0x0000000004890000-0x00000000048B0000-memory.dmp
memory/2520-9-0x0000000000400000-0x0000000000420000-memory.dmp
memory/2388-56-0x0000000000400000-0x0000000000420000-memory.dmp
memory/2612-57-0x0000000004A90000-0x0000000004AB0000-memory.dmp
memory/2448-58-0x0000000000400000-0x0000000000420000-memory.dmp
memory/2520-55-0x00000000047C0000-0x00000000047E0000-memory.dmp
memory/2612-97-0x0000000000400000-0x0000000000420000-memory.dmp
memory/2612-99-0x0000000004890000-0x00000000048B0000-memory.dmp
memory/2520-101-0x0000000000400000-0x0000000000420000-memory.dmp
memory/2520-102-0x00000000047C0000-0x00000000047E0000-memory.dmp
memory/2448-105-0x0000000000400000-0x0000000000420000-memory.dmp
C:\debug.txt
| MD5 | 859275ad25c590dce05595eabbd85745 |
| SHA1 | 59922c42cfc6ded0eef86aacf7c8f2505765bc83 |
| SHA256 | 4422c3ba60bf357911cece6c9d0c5b7ea31598b894dd59364946244e14fc6deb |
| SHA512 | 3f8470a69bf8e4c656f5121229f00827f9a4bd28599c5db41e57abc5b1fbb3af38cf1c356cb502c743f297474d727fedc9ae1509cfe7ddcc9b3856c28f4b9bf1 |