Analysis Overview
SHA256
3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b
Threat Level: Known bad
The file 3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b was found to be: Known bad.
Malicious Activity Summary
UPX dump on OEP (original entry point)
UPX dump on OEP (original entry point)
Detects executables containing possible sandbox analysis VM usernames
UPX packed file
Checks computer location settings
Reads user/profile data of web browsers
Adds Run key to start application
Enumerates connected drives
Drops file in System32 directory
Drops file in Program Files directory
Drops file in Windows directory
Enumerates physical storage devices
Unsigned PE
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-07 20:23
Signatures
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-07 20:23
Reported
2024-04-07 20:25
Platform
win7-20240215-en
Max time kernel
150s
Max time network
149s
Command Line
Signatures
Detects executables containing possible sandbox analysis VM usernames
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\IME\shared\nude bukkake [milf] .avi.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\fucking uncut latex .zip.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\italian fetish trambling uncut femdom .zip.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\gay licking glans .rar.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\black fetish fucking lesbian hole ìï .avi.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\danish kicking beast big glans .mpg.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\shared\horse sleeping .rar.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\tyrkish kicking xxx sleeping femdom .rar.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Windows\System32\LogFiles\Fax\Incoming\tyrkish horse gay hidden feet .mpg.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\xxx catfight ash .mpg.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\Windows Journal\Templates\blowjob girls ejaculation .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\italian cumshot blowjob masturbation ash .mpg.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\Download\sperm voyeur .rar.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\bukkake hidden beautyfull .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\american porn fucking licking granny .avi.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\swedish animal xxx lesbian hole bondage .zip.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Program Files\DVD Maker\Shared\black fetish fucking several models hole hairy .rar.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\microsoft shared\trambling [milf] .avi.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\swedish action sperm catfight .rar.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\indian horse xxx public cock balls .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\gay hot (!) .mpg.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\indian handjob gay several models feet circumcision .rar.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Shared Gadgets\american action horse hidden swallow .avi.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\gay sleeping fishy (Sandy,Tatjana).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\black kicking blowjob catfight glans hotel .zip.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\brasilian handjob xxx [free] cock pregnant .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_34400a5790d1d336\danish gang bang beast [bangbus] titts 50+ .zip.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_7bfdfb15e7184c41\horse blowjob several models mistress .zip.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\tyrkish beastiality sperm big .avi.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5d6ada54ed6d35a2\lingerie several models hole mistress .mpg.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0af98f1835676d1b\horse horse public .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_dba3691c6002e10e\spanish xxx [bangbus] black hairunshaved (Sonja,Janette).rar.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_d81c96999f75bd77\asian fucking [milf] titts girly (Curtney).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_65b23d3c3a97bfaf\italian beastiality xxx masturbation blondie .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_16a2bb1dbab1c595\british xxx public glans stockings (Sarah).avi.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ac16749b75335680\animal trambling licking sm .zip.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_963e6ae24c653bfe\beast [bangbus] high heels .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Windows\SoftwareDistribution\Download\russian beastiality lingerie uncut feet .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8bc7919d3f36cee7\indian handjob trambling sleeping (Samantha).rar.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_9498b282333b64ec\cumshot gay catfight .avi.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_05ea1d9b8e2bf020\action hardcore [free] (Curtney).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_387a16fe7addf3b6\malaysia lingerie catfight ash .avi.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_664dbffec8693dfe\italian animal sperm voyeur pregnant .avi.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\indian horse gay sleeping fishy .zip.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_f27c4f066f5c6701\canadian lesbian [free] .avi.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_657d9a203abeb154\italian handjob lesbian uncut glans fishy .zip.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_1412267f4b3bb985\american handjob lesbian catfight feet young (Samantha).avi.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\Downloads\lingerie masturbation glans granny (Janette).avi.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f25d066604c2ad34\lingerie catfight beautyfull (Christine,Sylvia).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_en-us_00f45b041e1e8fd3\chinese hardcore hot (!) glans boots .mpg.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_6.1.7600.16385_none_af6f98ff87b0e3cc\spanish xxx several models hairy .zip.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_6.1.7600.16385_none_a727eb798dcfb185\kicking trambling masturbation penetration .avi.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_515dc677700303ec\sperm big .mpg.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_7f84cd98a7a56fd8\cumshot fucking [free] .mpg.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05\russian cumshot beast several models feet sm (Karin).mpg.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_it-it_18a6fde3093acac7\black gang bang sperm hot (!) titts .mpg.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_a945e2c500c90142\nude lingerie licking 50+ .zip.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Windows\winsxs\InstallTemp\kicking lesbian big castration .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_3d98a610fed70b75\porn xxx voyeur sweet .mpg.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-m..-temptable-provider_31bf3856ad364e35_6.1.7600.16385_none_1dd3ce8d1e7524cd\italian kicking blowjob full movie feet (Christine,Jade).mpg.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\bukkake sleeping cock 50+ .mpg.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_60c2504d62fd4f0e\hardcore full movie bedroom (Ashley,Karin).mpg.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_965db382b6fef5cb\malaysia horse uncut hole .avi.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_cd2006602e5ee22e\lesbian [bangbus] (Tatjana).avi.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_5e4ff1f4cf2dee9b\italian horse gay voyeur titts stockings .avi.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Windows\mssrv.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\italian handjob horse girls black hairunshaved (Sonja,Janette).avi.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5d9f7d70ed4643fd\horse xxx masturbation hole .mpg.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_b7f38afb92de484f\japanese beastiality horse hot (!) hole mature (Liz).zip.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\horse licking feet bondage .avi.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Windows\PLA\Templates\swedish beastiality fucking [free] leather (Anniston,Tatjana).avi.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e30b5ec05031d17d\chinese hardcore hot (!) titts hotel .zip.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\russian horse hardcore girls shoes .avi.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\italian gang bang xxx [bangbus] granny .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\swedish nude fucking public young (Kathrin,Curtney).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\fucking uncut .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_00225053e03f4c04\norwegian horse hot (!) black hairunshaved .rar.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_6.1.7600.16385_none_49dd84a06c7c8863\japanese gang bang xxx full movie .avi.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_6.1.7600.16385_none_5499606faffb3f9f\xxx [bangbus] cock ash .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ea4a469ab7713182\danish cumshot sperm several models redhair .mpg.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_bacc7ceffc55dca2\american horse horse full movie wifey .avi.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_4d274741486b900c\cumshot sperm [milf] titts .avi.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\japanese animal bukkake catfight young (Gina,Janette).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\hardcore licking glans .rar.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_99b74194b7347cab\beastiality fucking licking 40+ .mpg.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_94828572f7ddbf0f\norwegian hardcore public bondage .zip.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_2e7f079c3208e549\british gay [free] black hairunshaved .zip.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_f0ca3430257ea13f\animal blowjob catfight .avi.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\danish animal blowjob hidden hole .zip.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe
"C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe"
C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe
"C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe"
C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe
"C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 122.245.178.171.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.221.111.107.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 141.80.148.191.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.211.40.186.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.118.159.235.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.78.230.49.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 170.141.107.113.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.120.146.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.237.151.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 248.253.185.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.30.198.116.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.235.231.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.108.147.242.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.207.150.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.20.218.119.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.54.222.27.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.56.2.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.178.144.169.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.57.243.85.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 224.232.250.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.57.149.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 45.166.140.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.52.48.109.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 213.32.40.221.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 139.58.50.115.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 60.54.206.205.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 112.99.203.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.13.109.238.in-addr.arpa | udp |
Files
memory/1244-0-0x0000000000400000-0x0000000000420000-memory.dmp
C:\Program Files\Windows Sidebar\Shared Gadgets\american action horse hidden swallow .avi.exe
| MD5 | 8ccfa239a8694c5ca64851bffcaecb5d |
| SHA1 | a852c43de00ce1552748431ff9a0ee5351c1e660 |
| SHA256 | b28b155ed4e317eb3262ffe9ca23fc982641b7adb9cfb0dbf22eec7ee7dd554c |
| SHA512 | 21c038132b2fb061ff76fc67c5848672f9dfda41c2472a3a4b5a85123d947521dd7ad63404fa47ffee1ba3a88121fc569c805c5c1c204905662c82ef85e42067 |
memory/2112-65-0x0000000000400000-0x0000000000420000-memory.dmp
memory/2112-88-0x0000000004F10000-0x0000000004F30000-memory.dmp
memory/292-89-0x0000000000400000-0x0000000000420000-memory.dmp
memory/1244-93-0x0000000000400000-0x0000000000420000-memory.dmp
memory/292-103-0x0000000000400000-0x0000000000420000-memory.dmp
memory/1244-104-0x0000000000400000-0x0000000000420000-memory.dmp
memory/1244-105-0x0000000000400000-0x0000000000420000-memory.dmp
memory/1244-108-0x0000000000400000-0x0000000000420000-memory.dmp
memory/1244-111-0x0000000000400000-0x0000000000420000-memory.dmp
memory/1244-114-0x0000000000400000-0x0000000000420000-memory.dmp
memory/1244-119-0x0000000000400000-0x0000000000420000-memory.dmp
memory/1244-122-0x0000000000400000-0x0000000000420000-memory.dmp
memory/1244-125-0x0000000000400000-0x0000000000420000-memory.dmp
memory/1244-128-0x0000000000400000-0x0000000000420000-memory.dmp
memory/1244-131-0x0000000000400000-0x0000000000420000-memory.dmp
memory/1244-134-0x0000000000400000-0x0000000000420000-memory.dmp
memory/1244-137-0x0000000000400000-0x0000000000420000-memory.dmp
memory/1244-140-0x0000000000400000-0x0000000000420000-memory.dmp
memory/1244-143-0x0000000000400000-0x0000000000420000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-07 20:23
Reported
2024-04-07 20:25
Platform
win10v2004-20240319-en
Max time kernel
150s
Max time network
155s
Command Line
Signatures
Detects executables containing possible sandbox analysis VM usernames
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\FxsTmp\indian xxx lesbian several models hairy .avi.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\malaysia gay gang bang catfight .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\SHARED\tyrkish cum hardcore big vagina .avi.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\asian horse lesbian hole .zip.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\brasilian lesbian lesbian glans .rar.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\russian kicking blowjob girls bondage .mpg.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\bukkake big .zip.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\SHARED\animal bukkake catfight vagina 40+ (Liz).avi.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Windows\System32\LogFiles\Fax\Incoming\russian porn public (Sonja,Kathrin).mpg.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\indian blowjob animal public .rar.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\american cum hot (!) vagina (Sylvia).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\russian lingerie voyeur .avi.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\tyrkish action big swallow (Tatjana).mpg.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\malaysia handjob hidden 50+ .mpg.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Program Files\Microsoft Office\Updates\Download\american blowjob voyeur feet (Anniston).mpg.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Microsoft Shared\russian xxx masturbation titts .rar.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\spanish horse cumshot [free] 50+ .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Program Files\dotnet\shared\german animal big cock .zip.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Templates\norwegian lingerie handjob hidden titts blondie .rar.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\italian porn cumshot catfight femdom .avi.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\brasilian action hardcore big hole swallow .zip.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\indian beastiality nude hidden ash ash (Tatjana,Janette).zip.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\malaysia blowjob full movie feet circumcision .rar.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\danish cum lesbian titts latex .zip.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\action handjob licking mistress .avi.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\american trambling action sleeping .zip.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\Download\spanish cumshot animal uncut feet bondage .rar.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\beastiality gay girls wifey .avi.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Install\{D3EA2F86-0081-495C-8439-1E64CA71F999}\EDGEMITMP_57EE5.tmp\cumshot kicking big .avi.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\hardcore full movie .zip.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Shared Gadgets\trambling gay several models swallow .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d38ece58f77171b4\russian handjob lesbian vagina leather (Sandy,Janette).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_fd7349c396c417ae\swedish gay cumshot lesbian .mpg.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-m..ineshared.resources_31bf3856ad364e35_10.0.19041.1_en-us_a4327320c19e2fa7\action sperm several models nipples .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_8d8f6812a0c99533\italian cum trambling lesbian hole shower .zip.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.1_none_b6514808f7d87b1a\horse voyeur .rar.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-composable-sharepicker_31bf3856ad364e35_10.0.19041.1_none_c87e96327faffd0e\beast gang bang sleeping beautyfull .mpg.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_56cd15352969a8d0\black beastiality big glans boots .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Windows\WinSxS\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_10.0.19041.1_none_a723631dce180fe0\bukkake kicking catfight titts ash (Sonja,Liz).avi.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\brasilian cumshot lesbian nipples bedroom .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_10.0.19041.207_none_e2f2dfeea7fa44fc\black hardcore [milf] fishy .avi.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Windows\WinSxS\x86_netfx4-uninstallsqlstatetemplate_sql_b03f5f7f11d50a3a_4.0.15805.0_none_231ddfc33015c6db\french fetish handjob voyeur legs femdom .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_es-es_30d7585a049f5b52\danish beast big bondage (Melissa,Jade).mpg.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-w..acejoin-gptemplates_31bf3856ad364e35_10.0.19041.1_none_609f27436445f4da\lesbian masturbation .zip.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_es-es_bf79b5fcc06b3128\american cum lesbian [free] shower .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_10.0.19041.746_none_292c449ed2edefa3\lingerie [free] boots .mpg.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_es-es_64c107d8bb3ade94\british beast uncut bedroom (Sonja,Sarah).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5021dd18efc0460c\lingerie masturbation .zip.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-u..tyvm-sysprep-shared_31bf3856ad364e35_10.0.19041.1_none_3ba048793ab5eb3f\canadian beast girls redhair .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.746_none_d404daff82e97769\russian horse xxx uncut ash .rar.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.1_none_b201c2e68d8dbc0d\canadian cumshot sleeping pregnant .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_621728fcd3c9d5f6\indian beast animal public stockings .rar.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-update-upshared_31bf3856ad364e35_10.0.19041.84_none_85259eff919b7c9e\american trambling lesbian (Jade,Britney).rar.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1202_none_d8a1416ab7cccdcf\american blowjob fetish licking titts shoes .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_5af076e0a3cb0fa7\brasilian sperm sleeping legs .zip.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_5abbd3c4a3f2014c\fetish big redhair (Sonja).avi.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_3058d81cfd5218f2\chinese beast catfight .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_67a96afcfa248327\canadian fetish sperm girls .mpg.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_2610450c30b37cc4\animal horse hidden feet leather .zip.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.746_none_d01527cffa9c25bc\black cumshot masturbation .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_ee7ea14f7d8a3ee3\danish sperm cumshot girls ejaculation .mpg.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_de-de_bc04d4fbcc35e12a\japanese beastiality [milf] sweet .mpg.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Windows\Downloaded Program Files\african horse fetish sleeping latex .avi.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.867_en-us_49453482f1fb5356\horse [milf] girly .zip.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\templates\bukkake trambling catfight .avi.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_19d22204a1f3fcaf\norwegian cumshot voyeur .rar.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Windows\PLA\Templates\brasilian porn public stockings .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Windows\security\templates\animal hot (!) hairy .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_3a3c49005c947bac\xxx hardcore masturbation shoes .rar.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Windows\SystemResources\Windows.ShellCommon.SharedResources\beast lesbian several models swallow .avi.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_211cf1c632a13851\gang bang hot (!) redhair (Sonja).mpg.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.1_none_0bc0f3d4cd7dc8fd\norwegian fetish action catfight .avi.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.1_none_4a03fd12cb3f16c2\american nude voyeur feet balls .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\templates\bukkake several models beautyfull (Kathrin).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedpc-sharedpccsp_31bf3856ad364e35_10.0.19041.746_none_4cfe603abbcbfd86\german porn girls glans hairy .zip.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx4-_dataoraclec.._shared12_neutral_h_b03f5f7f11d50a3a_4.0.15805.0_none_3b8d4dacc2ea6b71\fetish lingerie masturbation hole .avi.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.1_none_fa09f84703cb02c5\lingerie lesbian ash .rar.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_de-de_16bd831fd16633be\african trambling catfight (Janette).avi.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_a4f93129c473df49\action uncut titts ejaculation .zip.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.906_none_ef0e010d1381269b\fetish girls lady (Karin,Anniston).rar.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_de-de_3d077a9cd5de5151\beast horse licking vagina leather .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_10.0.19041.1_none_8c0b126c198fcf70\swedish beast lingerie masturbation hairy (Liz).avi.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.746_none_de598551b74a3964\nude beastiality full movie 40+ .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-sx-shared_31bf3856ad364e35_10.0.19041.1_none_f8e978b0ed48a6bb\blowjob action [milf] cock circumcision .rar.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_de-de_881b257d159a5de8\swedish kicking bukkake [milf] wifey (Samantha).rar.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_en-us_310bfb76047869ad\japanese blowjob beast [free] (Gina).avi.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\Downloads\beastiality lesbian public legs beautyfull .mpg.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedrealitysvc_31bf3856ad364e35_10.0.19041.1_none_5a23b464e1e0b15e\porn gang bang hot (!) high heels .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_bca64d70c79f104b\japanese fucking animal voyeur ash black hairunshaved .avi.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.906_none_f962ab5f47e1e896\indian gay licking girly .zip.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..ces-ime-eashared-lm_31bf3856ad364e35_10.0.19041.1_none_3d0229d17c310f10\indian action bukkake several models (Sarah,Samantha).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1288_none_ca3007304990b2ea\gay trambling voyeur traffic .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_ca03036af4a5017e\cumshot girls nipples shoes .avi.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_f8d34ba1b1eb00de\asian lesbian cumshot sleeping high heels .mpg.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
| File created | C:\Windows\assembly\tmp\italian fucking [free] hairy .mpg.exe | C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe
"C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe"
C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe
"C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe"
C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe
"C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe"
C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe
"C:\Users\Admin\AppData\Local\Temp\3f9d4d1e7bb684a6d391abe02152e320047bf3e7e586a8e0484daa24e230f80b.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4140 --field-trial-handle=2228,i,8155065313278028490,17854605419281052753,262144 --variations-seed-version /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 74.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.154.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.114.53.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| NL | 142.250.179.202:443 | tcp | |
| IE | 94.245.104.56:443 | tcp | |
| GB | 51.140.242.104:443 | tcp | |
| GB | 51.140.244.186:443 | tcp | |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.118.77.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 242.144.242.31.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 144.111.68.190.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.185.251.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 164.102.188.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 166.16.151.177.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.48.106.247.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.227.96.233.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 218.139.69.127.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.136.143.248.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.200.166.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 116.58.106.166.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 176.7.121.136.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 44.140.219.252.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.255.247.72.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.78.169.205.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 182.248.47.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.200.157.70.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.78.46.38.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.236.57.137.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.186.232.160.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 224.173.217.76.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.128.3.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.180.211.213.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.55.165.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 218.49.113.60.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 85.35.77.59.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.65.44.133.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 179.160.250.236.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 141.236.216.72.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.66.156.175.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.104.141.203.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 51.73.245.214.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.101.26.78.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.209.150.29.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.201.29.249.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.165.209.220.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.72.42.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.208.201.223.in-addr.arpa | udp |
Files
memory/116-0-0x0000000000400000-0x0000000000420000-memory.dmp
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\tyrkish action big swallow (Tatjana).mpg.exe
| MD5 | 9984c719c31b7cf460deebd33e6bd24e |
| SHA1 | 0ca62c4f8acd647c1adfafec2e189cee8df9486b |
| SHA256 | fb48dce5550b4a6d417e2e8945b030345a6d8e622cdad7798ae06fdc3fad81f0 |
| SHA512 | d06c35c0a7fb7bb149cf603b90a25f0ecdd62a1f5ff312177f191c7513db29eb2e3ee81c760580fb930eb8c30e94b674fbb2780fca8faf9e130d52c93c3caadd |
memory/3008-11-0x0000000000400000-0x0000000000420000-memory.dmp
memory/1208-32-0x0000000000400000-0x0000000000420000-memory.dmp
memory/116-146-0x0000000000400000-0x0000000000420000-memory.dmp
memory/3008-174-0x0000000000400000-0x0000000000420000-memory.dmp
memory/1208-185-0x0000000000400000-0x0000000000420000-memory.dmp
memory/3168-186-0x0000000000400000-0x0000000000420000-memory.dmp
memory/116-187-0x0000000000400000-0x0000000000420000-memory.dmp
memory/116-188-0x0000000000400000-0x0000000000420000-memory.dmp
memory/116-192-0x0000000000400000-0x0000000000420000-memory.dmp
memory/116-196-0x0000000000400000-0x0000000000420000-memory.dmp
memory/116-201-0x0000000000400000-0x0000000000420000-memory.dmp
memory/116-207-0x0000000000400000-0x0000000000420000-memory.dmp
C:\debug.txt
| MD5 | 5330a6b0e3b6957cb6c6882d6a9dd584 |
| SHA1 | d48cbc615aad1d1bb7b99ac61707af6c7a93a3ad |
| SHA256 | 1e641a00e5ce771139b0078c16b4e4d98eea15e66dccb75a6099fc40cdf4cb6e |
| SHA512 | 854dab6fd5b7eeed628535b8b94957a0fb539ceb0b97a51b7a4daa2e4510900cb252c020c632772ce723deeee939bef1d6446e5dd609b39145c090e97f5c3aa4 |
memory/116-221-0x0000000000400000-0x0000000000420000-memory.dmp
memory/116-226-0x0000000000400000-0x0000000000420000-memory.dmp
memory/116-230-0x0000000000400000-0x0000000000420000-memory.dmp
memory/116-234-0x0000000000400000-0x0000000000420000-memory.dmp
memory/116-238-0x0000000000400000-0x0000000000420000-memory.dmp
memory/116-242-0x0000000000400000-0x0000000000420000-memory.dmp
memory/116-246-0x0000000000400000-0x0000000000420000-memory.dmp