Analysis Overview
SHA256
3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757
Threat Level: Known bad
The file 3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757 was found to be: Known bad.
Malicious Activity Summary
UPX dump on OEP (original entry point)
UPX dump on OEP (original entry point)
UPX packed file
Checks computer location settings
Reads user/profile data of web browsers
Adds Run key to start application
Enumerates connected drives
Drops file in System32 directory
Drops file in Program Files directory
Drops file in Windows directory
Enumerates physical storage devices
Unsigned PE
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-07 20:05
Signatures
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-07 20:05
Reported
2024-04-07 20:07
Platform
win7-20240221-en
Max time kernel
151s
Max time network
153s
Command Line
Signatures
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\config\systemprofile\italian gang bang xxx [free] (Liz).avi.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\trambling licking .mpg.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\shared\trambling big .zip.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\danish beastiality horse hidden cock hotel (Karin).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\lingerie masturbation cock YEâPSè& .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\british fucking voyeur (Tatjana).rar.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Windows\System32\LogFiles\Fax\Incoming\gay licking feet .mpg.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\danish gang bang lingerie several models boots (Christine,Samantha).rar.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\danish porn horse girls shoes .zip.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\shared\beast hot (!) cock stockings .zip.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\italian animal gay [bangbus] 50+ (Kathrin,Liz).avi.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\gay masturbation wifey .mpg.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\microsoft shared\black nude lesbian [free] ejaculation .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\american animal trambling [milf] cock black hairunshaved .zip.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\hardcore voyeur femdom .avi.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Program Files\Windows Journal\Templates\black fetish gay [milf] lady .avi.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\sperm [bangbus] .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\blowjob girls feet pregnant .rar.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\tyrkish handjob horse licking shoes .avi.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Program Files\DVD Maker\Shared\lingerie [free] ejaculation .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\Download\russian horse bukkake full movie cock hairy (Melissa).avi.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\gay big (Liz).mpg.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\tyrkish porn beast uncut cock .mpg.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Shared Gadgets\japanese horse gay masturbation .mpg.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\brasilian porn horse hidden cock mature .zip.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_7bfdfb15e7184c41\handjob bukkake girls ìï .rar.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_05ea1d9b8e2bf020\german sperm sleeping feet .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a3772de7111797da\canadian blowjob public .rar.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ad7c61fb28607522\italian porn xxx several models latex .mpg.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\sperm hot (!) (Jade).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-m..-temptable-provider_31bf3856ad364e35_6.1.7600.16385_none_1dd3ce8d1e7524cd\brasilian kicking lesbian catfight feet ìï (Karin).zip.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8bfc34b93f0fdd42\indian horse bukkake full movie cock .avi.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_16a2bb1dbab1c595\fucking hidden .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_515dc677700303ec\canadian xxx [milf] penetration .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_664dbffec8693dfe\tyrkish cum fucking catfight shoes .avi.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Windows\Downloaded Program Files\blowjob uncut glans femdom (Jade).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5d9f7d70ed4643fd\german beast hidden titts girly .mpg.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_dba3691c6002e10e\asian horse hidden titts (Kathrin,Jade).avi.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Windows\winsxs\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_6b16fa9f975e1109\american nude fucking hidden redhair .avi.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_99b74194b7347cab\xxx voyeur feet lady (Curtney).rar.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_de-de_5803850b2f40840e\russian action trambling public .mpg.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_9498b282333b64ec\beast catfight feet shower .mpg.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_dd18b2a07d49aa11\canadian lesbian voyeur titts .rar.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\italian nude blowjob big .rar.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\sperm hot (!) glans stockings .avi.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_b7f38afb92de484f\beast hot (!) sweet .rar.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Windows\assembly\temp\italian nude lesbian [bangbus] titts traffic .avi.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0ac4ebfc358e5ec0\brasilian nude hardcore [milf] glans .zip.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_963e6ae24c653bfe\chinese xxx public sm .mpg.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_ddab3bcb3a4ffb45\fucking masturbation feet .mpg.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_6.1.7600.16385_none_2958d4a31d2ec64f\cumshot trambling girls hole (Christine,Karin).avi.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\indian porn xxx licking .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_a945e2c500c90142\french blowjob uncut titts (Kathrin,Tatjana).zip.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\gay several models (Curtney).zip.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f25d066604c2ad34\chinese blowjob masturbation boots .avi.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8bc7919d3f36cee7\horse full movie shower .rar.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_6.1.7600.16385_none_a727eb798dcfb185\french blowjob lesbian gorgeoushorny (Jenna,Samantha).rar.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Windows\winsxs\InstallTemp\british gay [bangbus] lady .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_aedaf3947d09fbe5\japanese porn blowjob hot (!) hole bedroom (Janette).zip.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\tyrkish handjob sperm catfight .rar.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\american horse blowjob public girly .zip.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_60c2504d62fd4f0e\cum fucking [bangbus] castration .avi.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_d8216ed3d8746200\french bukkake sleeping shoes .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_5e4ff1f4cf2dee9b\tyrkish fetish bukkake [bangbus] 40+ (Kathrin,Sylvia).mpg.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_f27c4f066f5c6701\xxx full movie (Sylvia).mpg.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b4aea777fe683838\horse lesbian [bangbus] glans young (Liz).mpg.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_00225053e03f4c04\tyrkish cumshot bukkake big .rar.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_6.1.7600.16385_none_6377027f0030a06a\asian lesbian public 50+ .avi.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_6.1.7600.16385_none_5499606faffb3f9f\malaysia bukkake public ìï .avi.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\danish porn fucking several models young (Kathrin,Melissa).rar.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5d6ada54ed6d35a2\fetish blowjob several models ìï .avi.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8c6fc5a7aa8c435d\spanish xxx big feet penetration (Samantha).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_6.1.7600.16385_none_49dd84a06c7c8863\beast [free] hole .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\blowjob big wifey .avi.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\gay full movie ash .mpg.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Windows\winsxs\Temp\black animal lingerie [milf] shower .mpg.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_94ab98ac6d213009\malaysia blowjob licking glans 40+ .avi.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_bacc7ceffc55dca2\gang bang beast lesbian .mpg.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_39374e2435a71b47\asian trambling uncut YEâPSè& .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Windows\assembly\tmp\indian porn lesbian hot (!) .zip.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0835101f2d90c7b6\beastiality gay lesbian .zip.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2fc4a33adb648f33\japanese beastiality horse public .zip.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_3b85bcbe4734e96a\horse full movie titts .rar.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\gay voyeur feet (Kathrin,Jade).avi.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\american action blowjob several models titts .avi.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_39c9d74ef2ad6c7b\chinese lesbian lesbian blondie (Ashley,Melissa).avi.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Windows\winsxs\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_79642285ffd2a388\blowjob full movie sm .mpg.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_aea650787d30ed8a\animal gay catfight .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\italian kicking horse catfight .rar.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe
"C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe"
C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe
"C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe"
C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe
"C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe"
C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe
"C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 165.102.59.244.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.54.172.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.3.92.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.157.20.131.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 246.181.240.195.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.161.137.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 211.9.96.158.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 246.64.72.201.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.249.192.59.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.215.242.139.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 188.59.88.188.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.206.145.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 170.204.209.191.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.80.118.65.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 102.170.221.123.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 177.156.61.6.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.123.116.57.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.127.237.255.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.163.242.158.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 87.51.115.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.1.12.107.in-addr.arpa | udp |
Files
memory/1924-0-0x0000000000400000-0x000000000041D000-memory.dmp
C:\Program Files\Windows Sidebar\Shared Gadgets\japanese horse gay masturbation .mpg.exe
| MD5 | b26719cb2f95731e9ad0593b6c1d637d |
| SHA1 | 14ce0f6ff37d0be8e8b375736bf4d07fb47dba4b |
| SHA256 | a34b540ed4a4b05853bff10ad91d7c2ced4dc775d8efcd3e8fae027690c03c3c |
| SHA512 | 7e1114a54ac6adde745b4439579f689e728e0e83531629218bc5b1caa336dd6979ea567ba4b396e423b4850320f47a01923ba8ee89eea3040e6cbdb52a93a335 |
memory/1924-17-0x0000000004D40000-0x0000000004D5D000-memory.dmp
memory/2632-18-0x0000000000400000-0x000000000041D000-memory.dmp
memory/2632-60-0x00000000045D0000-0x00000000045ED000-memory.dmp
memory/1924-61-0x0000000005270000-0x000000000528D000-memory.dmp
memory/2464-62-0x0000000000400000-0x000000000041D000-memory.dmp
memory/1924-96-0x0000000000400000-0x000000000041D000-memory.dmp
memory/1924-98-0x0000000004D40000-0x0000000004D5D000-memory.dmp
memory/2632-99-0x00000000045D0000-0x00000000045ED000-memory.dmp
memory/1924-102-0x0000000005270000-0x000000000528D000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-07 20:05
Reported
2024-04-07 20:07
Platform
win10v2004-20240226-en
Max time kernel
159s
Max time network
160s
Command Line
Signatures
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\IME\SHARED\bukkake bukkake voyeur .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\danish beastiality animal girls gorgeoushorny .avi.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\italian lingerie action lesbian .rar.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\gang bang cumshot several models leather .avi.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\canadian sperm action lesbian lady (Sarah,Melissa).rar.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\nude [bangbus] .rar.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\gang bang big .mpg.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\SHARED\chinese fucking blowjob uncut fishy .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\cumshot lingerie public .rar.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\brasilian beastiality blowjob voyeur .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\hardcore cum full movie titts YEâPSè& .rar.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Windows\System32\LogFiles\Fax\Incoming\beastiality licking (Tatjana).mpg.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\swedish sperm hot (!) .zip.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Program Files\Microsoft Office\Updates\Download\lingerie bukkake voyeur stockings .rar.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\french kicking hidden (Ashley).mpg.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Shared Gadgets\animal [free] balls .zip.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\american lingerie catfight .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\hardcore [bangbus] circumcision .avi.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Microsoft Shared\american hardcore cum public .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Program Files\dotnet\shared\african hardcore kicking lesbian .rar.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Templates\indian horse handjob masturbation .zip.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\canadian fetish uncut cock femdom (Christine,Sarah).avi.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\french porn porn [milf] 50+ (Jenna).avi.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\cum trambling [bangbus] shoes .zip.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\french fucking hot (!) .zip.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\Download\nude handjob hot (!) cock (Sonja,Sonja).zip.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\norwegian porn girls .mpg.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\malaysia horse hot (!) leather (Anniston).avi.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\swedish lesbian gang bang sleeping titts redhair (Sandy).mpg.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\WinSxS\amd64_netfx4-_dataperfcou.._shared12_neutral_h_b03f5f7f11d50a3a_4.0.15805.0_none_24ed4511dcc3019e\malaysia lingerie lesbian public cock young .avi.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.84_none_81616275259e37fe\nude gang bang hidden pregnant .mpg.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_19d22204a1f3fcaf\norwegian horse [bangbus] 40+ .rar.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_14c898cc82025c76\sperm gang bang licking feet pregnant .rar.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-s..mon-sharedresources_31bf3856ad364e35_10.0.19041.1_none_5417ea1f38dbb76b\kicking kicking sleeping feet penetration .avi.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.84_none_c494b3b28da10665\horse voyeur (Ashley).avi.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_215194e2327a46ac\brasilian porn beastiality lesbian nipples granny .zip.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_fad1fa0072ef4a3a\british gang bang beastiality [milf] (Anniston).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.1_none_4a03fd12cb3f16c2\beast bukkake [free] .rar.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1_none_a23e6a858fad9595\russian blowjob beast catfight lady .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.867_none_c29826784f9429f8\norwegian animal lesbian pregnant (Samantha).avi.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_1bbb9ab9fc52bac9\chinese hardcore porn catfight latex (Jade).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.1_none_c6da8048542fddc7\american beastiality hardcore licking girly .mpg.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_ca03036af4a5017e\italian nude hot (!) glans .zip.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_6c85d64de79e0985\lingerie bukkake hidden legs gorgeoushorny (Tatjana,Gina).rar.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-security-ntlmshared_31bf3856ad364e35_10.0.19041.1_none_7d9dab4e456449b1\tyrkish gay cumshot [milf] (Jenna).mpg.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_it-it_bdb6c49fcea35732\xxx full movie feet Ôï .zip.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-a..gement-uevtemplates_31bf3856ad364e35_10.0.19041.1_none_0d66b54875835a49\asian kicking voyeur girly (Karin).mpg.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_5b152a8d329397ec\canadian cum uncut .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.1_none_fa09f84703cb02c5\brasilian nude girls mistress (Melissa).rar.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.572_none_cf90e12518baac85\japanese gang bang sleeping cock YEâPSè& .avi.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Windows\WinSxS\x86_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_10.0.19041.1_none_34e3bab50607a64b\fucking uncut swallow .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\templates\bukkake gay several models latex .zip.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_f8d34ba1b1eb00de\beast hardcore hot (!) .rar.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Windows\WinSxS\x86_netfx4-uninstallsqlstatetemplate_sql_b03f5f7f11d50a3a_4.0.15805.0_none_231ddfc33015c6db\horse public girly .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_9aa486d790131d4e\gang bang several models latex (Curtney,Samantha).mpg.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_b597a55b603b537d\swedish trambling gang bang uncut (Tatjana,Samantha).mpg.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1151_none_fbdc4c5f677dc2ec\asian animal several models ash latex .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_de-de_21122d7205c6f5b9\cum beastiality [free] (Anniston,Karin).avi.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_855aff45853749ef\horse fucking girls upskirt .mpg.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.746_none_d01527cffa9c25bc\brasilian action public .mpg.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1202_none_d8a1416ab7cccdcf\chinese blowjob porn sleeping .zip.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..ces-ime-eashared-lm_31bf3856ad364e35_10.0.19041.1_none_4756d423b091d10b\chinese bukkake gang bang catfight (Sarah,Ashley).rar.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_621728fcd3c9d5f6\lesbian lesbian titts .zip.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.1266_none_7916f7558927ae23\chinese animal kicking public .mpg.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedpc-sharedpccsp_31bf3856ad364e35_10.0.19041.746_none_4cfe603abbcbfd86\african bukkake handjob girls mistress .rar.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_10.0.19041.746_none_292c449ed2edefa3\german handjob hidden glans (Sylvia).rar.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c3d467c525734eb3\fucking horse hot (!) upskirt .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_en-us_8dd6053a0a5910eb\swedish hardcore voyeur .zip.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.1_none_b201c2e68d8dbc0d\kicking girls (Anniston).zip.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_es-es_64c107d8bb3ade94\bukkake catfight ash (Jenna,Sandy).avi.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_f3b35d713ce0fc7f\british gay porn voyeur fishy .avi.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_10.0.19041.1_none_8c0b126c198fcf70\japanese kicking gay voyeur .avi.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-security-ntlmshared_31bf3856ad364e35_10.0.19041.1_none_734900fc110387b6\african kicking handjob hidden shower .avi.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.1_none_6e0e425bd0e83959\action blowjob sleeping .zip.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.1_none_b6514808f7d87b1a\action lesbian [milf] .mpg.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_de-de_881b257d159a5de8\brasilian cumshot several models nipples young .mpg.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_10.0.19041.1_none_de1581e9a275faf8\black cum handjob [free] titts granny .mpg.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_it-it_f1a0741e853eda74\horse big black hairunshaved (Curtney,Christine).avi.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-s..-kf-commondownloads_31bf3856ad364e35_10.0.19041.1_none_a914e3e3f19ceda1\tyrkish fucking fetish full movie nipples circumcision .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_de-de_3d077a9cd5de5151\russian xxx full movie traffic .mpg.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_10.0.19041.1_none_359f84f8e5af60e2\american horse lingerie public YEâPSè& .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_10.0.19041.1_none_965fbcbe4df0916b\porn beastiality [bangbus] vagina upskirt .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..s-ime-eashared-ihds_31bf3856ad364e35_10.0.19041.1_none_e8996b7d3512363f\sperm horse uncut hole (Liz,Kathrin).rar.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_de-de_e4e52f411b7b0526\canadian fucking horse big .zip.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx-aspnet-nonwow64-shared_b03f5f7f11d50a3a_4.0.19041.1_none_d66d07dacac85e2d\brasilian sperm cum [bangbus] titts lady .mpg.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\indian handjob bukkake catfight nipples (Britney).mpg.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Windows\security\templates\black lingerie horse [milf] hairy .rar.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Windows\SystemResources\Windows.ShellCommon.SharedResources\british beastiality lesbian full movie granny (Melissa).mpg.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.928_none_33e0d5558cdd7c61\lingerie big .zip.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\fucking trambling full movie hole .mpg.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Windows\WinSxS\msil_microsoft.powershel..filedownloadmanager_31bf3856ad364e35_10.0.19041.1_none_cb69bad627df9263\french kicking lesbian big vagina fishy .zip.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_2426cc56d654beaa\japanese horse sleeping vagina shower .zip.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
| File created | C:\Windows\InputMethod\SHARED\animal big boobs (Anniston,Gina).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe
"C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe"
C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe
"C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe"
C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe
"C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe"
C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe
"C:\Users\Admin\AppData\Local\Temp\3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.174.177.228.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 164.110.176.135.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.211.140.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 239.246.124.176.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.123.236.22.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.157.138.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 153.17.156.244.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 162.121.127.243.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.50.172.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.198.78.239.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 114.238.63.148.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.50.40.146.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.202.80.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.174.88.59.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 168.172.57.96.in-addr.arpa | udp |
Files
memory/5004-0-0x0000000000400000-0x000000000041D000-memory.dmp
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\malaysia horse hot (!) leather (Anniston).avi.exe
| MD5 | f1cbaa8aec71c748e57a9e1ccb110e0f |
| SHA1 | 4371db57e321a0c969993df86d6b5af1d770cc9a |
| SHA256 | e416ebe36e0785b833adbaae6dd55bfe61be3437986f426e3d8a863f4de994c0 |
| SHA512 | ac6940a3aba60e42295d87ad2549c03ee771ff557084b08ef9c9e9ab9808b482b27dd0f9f3c09f07f3ffe30524bfa9eafcc8f16c6b5b95873c61d95d74a3d3da |
memory/4316-10-0x0000000000400000-0x000000000041D000-memory.dmp
memory/2608-17-0x0000000000400000-0x000000000041D000-memory.dmp
memory/1684-18-0x0000000000400000-0x000000000041D000-memory.dmp
memory/5004-106-0x0000000000400000-0x000000000041D000-memory.dmp
memory/4316-168-0x0000000000400000-0x000000000041D000-memory.dmp
memory/2608-180-0x0000000000400000-0x000000000041D000-memory.dmp
memory/1684-181-0x0000000000400000-0x000000000041D000-memory.dmp