Analysis Overview
SHA256
3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381
Threat Level: Known bad
The file 3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381 was found to be: Known bad.
Malicious Activity Summary
UPX dump on OEP (original entry point)
UPX dump on OEP (original entry point)
Detects executables containing possible sandbox analysis VM usernames
Checks computer location settings
Reads user/profile data of web browsers
UPX packed file
Adds Run key to start application
Enumerates connected drives
Drops file in System32 directory
Drops file in Program Files directory
Drops file in Windows directory
Enumerates physical storage devices
Unsigned PE
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-07 20:10
Signatures
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-07 20:10
Reported
2024-04-07 20:13
Platform
win7-20231129-en
Max time kernel
150s
Max time network
145s
Command Line
Signatures
Detects executables containing possible sandbox analysis VM usernames
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\System32\LogFiles\Fax\Incoming\gay girls hole hairy .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\american porn sperm girls .avi.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\shared\russian nude lesbian big feet .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\danish cum sperm licking leather .avi.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\shared\gay full movie stockings .mpg.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\tyrkish action xxx public shoes .mpg.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\swedish animal bukkake uncut hole .mpg.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\hardcore [free] boots .avi.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\russian cum lingerie voyeur (Melissa).avi.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\hardcore voyeur glans shower (Melissa).avi.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\Windows Journal\Templates\horse hidden feet .avi.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\microsoft shared\swedish beastiality trambling girls glans .rar.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\Download\lesbian [free] YEâPSè& .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\bukkake big 50+ .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\fucking hidden feet .mpg.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Shared Gadgets\blowjob masturbation leather .zip.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\tyrkish nude sperm several models .avi.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\american fetish sperm [bangbus] cock .mpg.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\italian porn lingerie licking femdom .avi.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\gay [milf] sweet (Ashley,Tatjana).rar.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\swedish nude hardcore several models glans girly (Sylvia).avi.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Program Files\DVD Maker\Shared\swedish action lesbian uncut .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\swedish handjob bukkake girls YEâPSè& .rar.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\tyrkish gang bang fucking licking hairy .rar.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\bukkake big .rar.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\lesbian full movie boots .mpg.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_bacc7ceffc55dca2\french blowjob girls feet hairy (Liz).mpg.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_cd2006602e5ee22e\russian cumshot lesbian [milf] hole .avi.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_387a16fe7addf3b6\german bukkake public young .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b4aea777fe683838\spanish xxx catfight girly .zip.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\black porn beast voyeur hole ejaculation .mpg.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\beast masturbation upskirt (Gina,Sarah).avi.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Windows\SoftwareDistribution\Download\black kicking hardcore public stockings .zip.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_d8216ed3d8746200\tyrkish kicking hardcore lesbian cock femdom .zip.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Windows\assembly\temp\tyrkish porn trambling uncut titts shower .zip.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Windows\Downloaded Program Files\danish gang bang lesbian [free] sm .rar.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\indian gang bang lingerie hot (!) young .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_39374e2435a71b47\cum bukkake sleeping feet blondie .zip.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Windows\mssrv.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\brasilian kicking fucking hot (!) black hairunshaved .zip.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_99b74194b7347cab\norwegian bukkake [free] shoes .mpg.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_39c9d74ef2ad6c7b\xxx hot (!) young (Ashley,Karin).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-m..-temptable-provider_31bf3856ad364e35_6.1.7600.16385_none_1dd3ce8d1e7524cd\gang bang horse masturbation titts hairy (Sarah).avi.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_94ab98ac6d213009\swedish gang bang hardcore licking .mpg.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\brasilian porn bukkake [bangbus] (Melissa).avi.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\lesbian masturbation mature .rar.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8c6fc5a7aa8c435d\swedish fetish sperm voyeur cock penetration .avi.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_es-es_00bfb7e81e458178\swedish horse blowjob sleeping hairy .mpg.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8bfc34b93f0fdd42\chinese horse [bangbus] (Tatjana).rar.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_7bfdfb15e7184c41\italian animal lesbian [free] hole .zip.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_664dbffec8693dfe\lesbian masturbation feet boots .zip.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\japanese nude hardcore lesbian cock .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\bukkake uncut .rar.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f25d066604c2ad34\swedish cumshot gay full movie hole .avi.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_94828572f7ddbf0f\xxx masturbation titts 50+ (Liz).avi.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_6.1.7600.16385_none_49dd84a06c7c8863\norwegian hardcore [free] hole ash (Karin).zip.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_963e6ae24c653bfe\swedish kicking hardcore public hotel .mpg.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\lingerie sleeping cock beautyfull .mpg.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_34400a5790d1d336\canadian fucking licking blondie .mpg.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_it-it_18a6fde3093acac7\indian porn bukkake masturbation glans hotel .avi.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_aea650787d30ed8a\french xxx licking hole upskirt (Melissa).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\black cum blowjob [bangbus] (Liz).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_6208b91f46896156\african horse girls titts .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_657d9a203abeb154\indian fetish gay [milf] granny (Jenna,Curtney).rar.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5d9f7d70ed4643fd\danish nude lesbian uncut 40+ .avi.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_de-de_5803850b2f40840e\beast voyeur cock 50+ .avi.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_1412267f4b3bb985\cum beast voyeur shoes .mpg.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_6.1.7600.16385_none_a727eb798dcfb185\german gay [milf] cock castration (Jade).mpg.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_16a2bb1dbab1c595\kicking bukkake several models (Janette).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_f3c374fc18118ca2\asian sperm [milf] shoes .rar.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Windows\PLA\Templates\indian gang bang bukkake sleeping (Curtney).rar.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05\sperm [bangbus] sm .avi.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Windows\winsxs\InstallTemp\german hardcore catfight lady .avi.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Windows\security\templates\japanese animal blowjob big hole blondie (Tatjana).zip.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ea4a469ab7713182\beast hidden pregnant .zip.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_6.1.7600.16385_none_5499606faffb3f9f\beastiality beast several models .avi.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_f0ca3430257ea13f\italian nude hardcore masturbation cock YEâPSè& (Tatjana).rar.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_ddab3bcb3a4ffb45\swedish beastiality xxx [free] .mpg.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\black beastiality horse hidden hole femdom (Samantha).zip.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\swedish nude trambling [bangbus] blondie .avi.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\tyrkish fetish bukkake [milf] titts granny .zip.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_6f0f7833cb71e18d\horse gay masturbation cock girly .mpg.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0af98f1835676d1b\trambling public .avi.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_a945e2c500c90142\spanish xxx uncut .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0993a1b8823a4e79\malaysia lesbian masturbation (Liz).mpg.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\american horse blowjob girls titts .rar.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_3d98a610fed70b75\black cumshot lesbian big titts leather (Tatjana).zip.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ac16749b75335680\danish cum lingerie big boots .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_b7f38afb92de484f\porn beast girls .mpg.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe
"C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe"
C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe
"C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe"
C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe
"C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 193.57.232.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 184.51.74.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 214.40.225.165.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.32.141.235.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 159.149.205.161.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 38.41.232.25.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 115.231.53.205.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.28.81.42.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 148.174.213.5.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.184.212.218.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 250.179.16.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 160.6.207.149.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 93.139.214.238.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 162.176.166.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.132.222.245.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 190.51.23.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.127.168.107.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 247.28.169.159.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.154.9.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.82.27.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.35.188.254.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.2.140.36.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 120.6.98.6.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 47.61.130.160.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 248.211.156.144.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 255.124.125.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.168.59.133.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 107.28.90.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | udp |
Files
memory/2820-0-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Program Files\Windows Sidebar\Shared Gadgets\blowjob masturbation leather .zip.exe
| MD5 | 8611c319c34066286e603798573f7963 |
| SHA1 | ac7325f0dcc091113cbbdff3c8a41f98c8ccc3a5 |
| SHA256 | 960952d464d50da083b45b0f8e1f02b7ddfbeb62da9385303a210f55525d6bb7 |
| SHA512 | b42a98c09734bf3a4bdea81a9805931df60ed842c1c79b454affb34d3d058034b0e9bfb4029644e9fc8c03d693a84f2895be290b4a998ec1aa9cbf64746dc394 |
memory/2820-75-0x0000000004B50000-0x0000000004B6F000-memory.dmp
memory/1612-76-0x0000000000400000-0x000000000041F000-memory.dmp
memory/1612-88-0x0000000004540000-0x000000000455F000-memory.dmp
memory/2908-89-0x0000000000400000-0x000000000041F000-memory.dmp
memory/2820-104-0x0000000000400000-0x000000000041F000-memory.dmp
memory/1612-107-0x0000000000400000-0x000000000041F000-memory.dmp
memory/2908-109-0x0000000000400000-0x000000000041F000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-07 20:10
Reported
2024-04-07 20:13
Platform
win10v2004-20240226-en
Max time kernel
150s
Max time network
147s
Command Line
Signatures
Detects executables containing possible sandbox analysis VM usernames
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\System32\DriverStore\Temp\cum horse [milf] .zip.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\french hardcore fetish hot (!) glans circumcision .mpg.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\french beastiality cumshot catfight bondage .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\SHARED\african horse uncut latex .zip.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\norwegian hardcore blowjob uncut lady (Anniston).mpg.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\cumshot [milf] ash .zip.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\xxx gang bang hot (!) bedroom .mpg.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\SHARED\cum handjob hot (!) circumcision .avi.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Windows\System32\LogFiles\Fax\Incoming\spanish fucking catfight sweet .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\trambling porn [free] gorgeoushorny .zip.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\canadian beastiality catfight 40+ (Britney,Tatjana).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\action bukkake full movie boobs blondie .rar.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\dotnet\shared\black action [free] glans .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Templates\cumshot sperm uncut nipples .avi.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\asian gang bang [bangbus] balls .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\tyrkish gay public .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\swedish beast big castration (Christine,Sylvia).zip.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\handjob masturbation ejaculation (Anniston,Melissa).zip.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\gay nude [free] (Sandy).avi.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\hardcore cum full movie glans balls .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\cum lesbian [milf] .rar.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\beastiality beastiality [free] glans femdom (Liz,Liz).rar.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Program Files\Microsoft Office\Updates\Download\beastiality beast voyeur high heels (Tatjana).mpg.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\russian gang bang lesbian [milf] fishy .zip.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\swedish nude cum full movie .rar.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\Download\spanish beastiality fetish big swallow .avi.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\indian nude several models cock (Tatjana).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Microsoft Shared\horse lesbian .rar.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\brasilian action gay voyeur feet bondage .avi.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Shared Gadgets\swedish beast beastiality hidden .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-u..ell-sharedutilities_31bf3856ad364e35_10.0.19041.546_none_a93e4a2569276206\asian cumshot xxx several models .rar.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx-shared_registry_whidbey_31bf3856ad364e35_10.0.19041.1_none_1c68775f06732f08\cum voyeur feet redhair (Sarah).mpg.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.572_none_d9e58b774d1b6e80\sperm action uncut granny .zip.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_5abbd3c4a3f2014c\chinese lingerie kicking big (Janette).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_en-us_64f5aaf4bb13ecef\japanese horse full movie 50+ (Christine).mpg.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedrealitysvc_31bf3856ad364e35_10.0.19041.1_none_5a23b464e1e0b15e\malaysia kicking cumshot catfight hole high heels .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedrealitysvc_31bf3856ad364e35_10.0.19041.746_none_822bf1ada1526fa8\kicking lingerie several models wifey (Ashley,Karin).zip.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_1bbb9ab9fc52bac9\indian lesbian masturbation nipples .avi.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_621728fcd3c9d5f6\lingerie lesbian traffic .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_07787dd7ae0cf4f6\brasilian fucking beastiality public boots .zip.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx4-installsqlstatetemplate_sql_b03f5f7f11d50a3a_4.0.15805.0_none_7636d1cd418015c8\bukkake sperm masturbation wifey (Jenna,Curtney).mpg.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Windows\PLA\Templates\cum bukkake lesbian ash mistress .zip.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.1_none_7862ecae0548fb54\spanish cum sperm girls granny .mpg.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.746_none_a06b29f6c4bab99e\russian gay fetish masturbation traffic .mpg.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_es-es_30d7585a049f5b52\hardcore cumshot [milf] redhair .mpg.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_89c0bf1761110f07\sperm action hidden femdom (Gina).avi.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-t..ervices-tsfairshare_31bf3856ad364e35_10.0.19041.746_none_0b33a1c93a22de1c\african fetish [free] swallow (Anniston).zip.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx4-_dataoraclec.._shared12_neutral_h_b03f5f7f11d50a3a_4.0.15805.0_none_3b8d4dacc2ea6b71\american action masturbation .avi.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.1_none_a7ad1894592cfa12\gay uncut feet (Sarah).avi.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_b1ffa0e7b4ed03e2\british bukkake sleeping penetration (Sonja).avi.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_en-us_8dd6053a0a5910eb\canadian cumshot catfight cock .mpg.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_d58d4747b1d5988c\american animal big leather .zip.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_10.0.19041.1_none_551afa5edf8be30e\chinese cum [milf] (Liz,Karin).zip.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_211cf1c632a13851\swedish beast lesbian Ôï .rar.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_855aff45853749ef\brasilian cum public upskirt (Sandy,Britney).avi.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_14c898cc82025c76\spanish lesbian horse public .avi.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..ces-ime-eashared-lm_31bf3856ad364e35_10.0.19041.1_none_4756d423b091d10b\black action beastiality masturbation .zip.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx4-_dataperfcou.._shared12_neutral_h_b03f5f7f11d50a3a_4.0.15805.0_none_24ed4511dcc3019e\italian beastiality licking vagina .zip.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Windows\CbsTemp\fucking [milf] (Ashley).mpg.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\beastiality [bangbus] sm .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.867_en-us_49453482f1fb5356\chinese action gang bang licking cock shoes .rar.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_cb389cf57d74d691\asian lingerie girls mistress (Sonja,Kathrin).avi.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_f07d4fae3e8e883f\lesbian girls (Anniston,Anniston).avi.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_it-it_72a319bf8ee74a9b\indian blowjob public .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1288_none_6115038ba57fcb33\cum full movie (Karin).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_5d54c0aac5c3c12c\japanese handjob girls (Sonja).mpg.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.746_none_aaeae146be52e178\bukkake kicking masturbation (Samantha,Kathrin).mpg.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_5b152a8d329397ec\indian action several models legs wifey .rar.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1151_none_fbdc4c5f677dc2ec\action cumshot catfight titts high heels .avi.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1288_none_56c05939711f0938\canadian xxx uncut beautyfull (Britney).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-security-ntlmshared_31bf3856ad364e35_10.0.19041.1_none_7d9dab4e456449b1\italian lingerie animal voyeur feet .avi.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\italian cumshot gay [milf] latex .rar.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_ab42fb092bda9182\gay licking vagina .zip.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_62312bfbb33d478a\norwegian fetish [bangbus] leather .mpg.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_en-us_e5f85095c4bc5d16\gang bang xxx voyeur pregnant (Karin,Christine).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.546_none_cd016aa683e5a345\horse hidden .mpg.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.746_none_96167fa49059f7a3\blowjob big girly .avi.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-t..ervices-tsfairshare_31bf3856ad364e35_10.0.19041.1_none_e32b64807ab11fd2\tyrkish horse beast hidden ejaculation (Samantha).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.1_none_4a03fd12cb3f16c2\asian cum trambling [free] hole mature .avi.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-s..-kf-commondownloads_31bf3856ad364e35_10.0.19041.1_none_a914e3e3f19ceda1\lingerie catfight (Jenna,Karin).rar.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_10.0.19041.1_none_03040a328f65b761\african handjob big hotel .zip.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_it-it_f1a0741e853eda74\spanish lingerie fucking [bangbus] wifey (Kathrin,Sylvia).mpg.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Windows\WinSxS\Temp\black trambling beast big sm .avi.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\kicking uncut hole young (Janette).zip.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\horse hidden castration (Anniston,Gina).mpg.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_de-de_16bd831fd16633be\japanese trambling uncut .zip.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-s..mon-sharedresources_31bf3856ad364e35_10.0.19041.1_none_5417ea1f38dbb76b\chinese gay trambling full movie bondage .zip.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_10.0.19041.1_none_91025638be651781\xxx gang bang girls latex .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_f8d34ba1b1eb00de\asian lingerie beast lesbian (Jade).mpg.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Windows\WinSxS\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_10.0.19041.1_none_c049dbdb4e15bdd2\gay licking traffic (Sonja).mpg.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Windows\assembly\tmp\cumshot xxx [bangbus] mature (Christine,Anniston).rar.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\Downloads\horse hidden penetration (Curtney,Anniston).zip.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1_none_3cfd44d351b1a8ab\italian lingerie [bangbus] (Sarah).mpg.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-u..tyvm-sysprep-shared_31bf3856ad364e35_10.0.19041.1_none_3ba048793ab5eb3f\russian sperm horse several models YEâPSè& (Kathrin).avi.exe | C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe
"C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe"
C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe
"C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe"
C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe
"C:\Users\Admin\AppData\Local\Temp\3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.204.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.118.77.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 143.84.4.137.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 223.98.109.223.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 243.165.127.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 160.30.117.113.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.39.235.56.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.152.112.42.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.209.3.215.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.36.123.201.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 184.43.104.14.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.22.72.9.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 125.89.106.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.91.71.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 143.75.8.219.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 248.182.132.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 151.167.118.143.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.171.29.135.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.92.200.41.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.140.101.100.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.169.222.77.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.86.2.19.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 51.65.40.161.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.90.107.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.195.16.119.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 244.16.11.41.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.77.91.86.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.37.121.61.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 126.209.58.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 141.122.172.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.73.54.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.62.176.161.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.149.117.119.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.52.34.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 215.4.125.5.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 170.13.248.15.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.47.213.169.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.160.15.105.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.155.130.211.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 120.9.146.7.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 47.5.20.208.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.57.143.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.137.111.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 93.222.190.211.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.93.86.90.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.182.202.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.12.125.247.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 247.89.212.102.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.200.205.110.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.247.128.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.216.134.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.201.235.153.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.76.218.223.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 45.89.9.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.33.160.12.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 177.84.18.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.100.220.212.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 51.183.176.16.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.97.7.82.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 118.141.16.223.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 116.159.201.122.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.168.110.170.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.217.36.244.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.180.51.217.in-addr.arpa | udp |
Files
memory/2252-0-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\indian nude several models cock (Tatjana).mpeg.exe
| MD5 | d464e83adcf9b8339dac1e8a6f763f68 |
| SHA1 | 0d6330a738d95aafe111529d20be39d9509bb205 |
| SHA256 | 1c7f10b7f315c8aadc215c80e635f20a66e3878a7706a2fe86ba683268f7e0c4 |
| SHA512 | ed3606e732c659952ed2d4304cd2886f93dbc9c1d30f8fb6725585687955ca47dcfbe3a15112bafc9bd5df35ea2beeff763ccc250d85b5675c1acf05026f934a |
memory/3088-49-0x0000000000400000-0x000000000041F000-memory.dmp
memory/2908-158-0x0000000000400000-0x000000000041F000-memory.dmp
memory/2252-191-0x0000000000400000-0x000000000041F000-memory.dmp
memory/3088-193-0x0000000000400000-0x000000000041F000-memory.dmp
memory/2908-196-0x0000000000400000-0x000000000041F000-memory.dmp