Analysis Overview
SHA256
c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523
Threat Level: Known bad
The file c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523 was found to be: Known bad.
Malicious Activity Summary
UPX dump on OEP (original entry point)
Detects executables containing possible sandbox analysis VM usernames
UPX dump on OEP (original entry point)
Reads user/profile data of web browsers
Checks computer location settings
UPX packed file
Adds Run key to start application
Enumerates connected drives
Drops file in System32 directory
Drops file in Program Files directory
Drops file in Windows directory
Unsigned PE
Enumerates physical storage devices
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-08 01:11
Signatures
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-08 01:11
Reported
2024-04-08 01:14
Platform
win10v2004-20240319-en
Max time kernel
150s
Max time network
155s
Command Line
Signatures
Detects executables containing possible sandbox analysis VM usernames
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\handjob full movie (Jade).mpg.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\trambling cum licking (Gina).zip.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\horse kicking lesbian girly .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\SHARED\fetish bukkake uncut cock (Jade).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\horse animal sleeping ash (Sonja,Sonja).rar.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\black action catfight titts YEâPSè& .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\canadian trambling kicking masturbation latex .zip.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\SHARED\fetish sleeping sweet (Sylvia).rar.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\russian lingerie lesbian .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\beast hot (!) hairy .rar.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Windows\System32\LogFiles\Fax\Incoming\animal big .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\japanese beast gang bang licking (Tatjana,Christine).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\dotnet\shared\tyrkish nude bukkake [milf] fishy .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Install\{D3EA2F86-0081-495C-8439-1E64CA71F999}\EDGEMITMP_57EE5.tmp\porn horse full movie wifey .rar.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\horse licking Ôï .rar.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\german beast xxx [free] bondage .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Shared Gadgets\kicking hidden glans penetration .avi.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\norwegian beastiality several models .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\african cumshot horse big titts .rar.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\american horse blowjob hot (!) ash traffic (Melissa,Kathrin).rar.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\swedish horse blowjob hot (!) vagina .zip.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Templates\indian trambling gang bang full movie ash femdom .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\gay blowjob big leather .avi.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\tyrkish beastiality sleeping boobs boots .rar.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\porn [milf] fishy .avi.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\Download\german hardcore nude lesbian .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\american beastiality lesbian penetration .avi.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\brasilian fucking action hot (!) .avi.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\chinese cumshot fucking catfight young (Kathrin).zip.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Program Files\Microsoft Office\Updates\Download\gay sperm public (Kathrin,Ashley).mpg.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Microsoft Shared\trambling trambling hot (!) .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..se-shared-datafiles_31bf3856ad364e35_10.0.19041.1_none_2f5f00d280dce9f6\lingerie bukkake masturbation (Christine).avi.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.1_none_abfc9db6c377b91f\canadian blowjob cumshot [milf] feet Ôï .avi.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_10.0.19041.207_none_e2f2dfeea7fa44fc\norwegian action action [bangbus] pregnant (Anniston).rar.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_3a3c49005c947bac\canadian nude big .rar.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_es-es_c9ce604ef4cbf323\black gay sleeping (Gina,Ashley).zip.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_cb389cf57d74d691\beast sperm masturbation bedroom (Jenna,Jenna).avi.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_4c786ae2f508e6d5\american horse hardcore lesbian ash (Melissa,Gina).rar.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Windows\WinSxS\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_10.0.19041.1_none_4ab14109a3e1e067\indian gang bang hot (!) pregnant (Sandy).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-a..gement-uevtemplates_31bf3856ad364e35_10.0.19041.1_none_0d66b54875835a49\german bukkake fucking hot (!) lady (Melissa).zip.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1_none_0b596e2a33be7d4c\trambling bukkake hidden .zip.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_93c5f32b7859ec4f\handjob cum uncut .zip.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.789_en-us_58ebf9ecc407e3c0\spanish sperm several models .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_89c0bf1761110f07\beastiality hot (!) glans black hairunshaved .rar.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_es-es_bf79b5fcc06b3128\porn horse girls vagina .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\templates\french gay fetish sleeping balls .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_es-es_64c107d8bb3ade94\asian horse girls .rar.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_67a96afcfa248327\tyrkish horse voyeur blondie .zip.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\templates\cumshot animal girls (Jade,Britney).avi.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\brasilian gay animal uncut .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.867_en-us_49453482f1fb5356\porn trambling masturbation .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_1bbb9ab9fc52bac9\italian hardcore sperm voyeur (Jade,Sylvia).rar.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Windows\InputMethod\SHARED\asian bukkake several models hole shower (Jade,Jenna).avi.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_10.0.19041.746_none_e2c6a972a81b8d2c\black sperm hardcore masturbation ash traffic .avi.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_bca64d70c79f104b\russian beastiality horse licking .zip.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_56cd15352969a8d0\chinese hardcore several models .avi.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1202_none_e2f5ebbcec2d8fca\italian gang bang horse lesbian .zip.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Windows\WinSxS\x86_netfx4-uninstallsqlstatetemplate_sql_b03f5f7f11d50a3a_4.0.15805.0_none_231ddfc33015c6db\french handjob [milf] leather .avi.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_it-it_f1a0741e853eda74\xxx fetish big (Sylvia).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-update-upshared_31bf3856ad364e35_10.0.19041.84_none_85259eff919b7c9e\canadian handjob several models cock .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_6c6bd34f082a97f1\chinese blowjob handjob girls sm .zip.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_it-it_72a319bf8ee74a9b\norwegian cum [bangbus] .rar.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1288_none_6115038ba57fcb33\japanese action catfight .rar.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1151_none_fbdc4c5f677dc2ec\danish lingerie [milf] .zip.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_adfc5e0bfca53431\beastiality licking nipples (Tatjana).rar.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_3058d81cfd5218f2\japanese horse horse [milf] ejaculation .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_10.0.19041.1_none_0341fea186758116\beastiality lingerie masturbation .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\Downloads\swedish fucking [free] boots .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..ces-ime-eashared-lm_31bf3856ad364e35_10.0.19041.1_none_3d0229d17c310f10\swedish lesbian [milf] (Kathrin).rar.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_e79b400a6df5fd2c\xxx bukkake catfight gorgeoushorny .zip.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.844_none_67b5915b5651dd8a\italian blowjob girls 50+ .zip.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_7860bee9439c3ae7\spanish gang bang fucking voyeur boobs circumcision .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_en-us_310bfb76047869ad\lesbian hot (!) sweet .zip.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_2fe79eae2833b9b1\russian fucking fetish public shower .avi.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\blowjob animal public .zip.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_en-us_e5f85095c4bc5d16\african beast [bangbus] ash .rar.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Windows\SystemResources\Windows.ShellCommon.SharedResources\nude beastiality licking .rar.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_5af076e0a3cb0fa7\fucking horse lesbian granny .avi.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedpc-sharedpccsp_31bf3856ad364e35_10.0.19041.746_none_4cfe603abbcbfd86\blowjob catfight .zip.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.546_none_cd016aa683e5a345\canadian lesbian gang bang public feet pregnant (Jade,Christine).mpg.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Windows\PLA\Templates\asian cum girls Ôï .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.964_none_1c1a193f5bfcf136\gay xxx voyeur feet (Melissa,Sonja).mpg.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_fad1fa0072ef4a3a\german gang bang lesbian masturbation .rar.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Windows\WinSxS\x86_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_10.0.19041.1_none_34e3bab50607a64b\cum [milf] boots (Melissa,Gina).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Windows\security\templates\spanish horse full movie traffic (Jade).rar.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-t..ervices-tsfairshare_31bf3856ad364e35_10.0.19041.1_none_e32b64807ab11fd2\gang bang full movie nipples shoes .zip.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_10.0.19041.1_none_91025638be651781\beastiality catfight YEâPSè& .rar.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Windows\WinSxS\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_10.0.19041.1_none_15ba23b7f1e2b81b\fucking masturbation mistress .rar.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..s-ime-eashared-ihds_31bf3856ad364e35_10.0.19041.1_none_e8996b7d3512363f\black sperm sleeping castration .rar.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.1_none_a80cea873b2a6772\african handjob hidden legs granny .zip.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.746_none_2212358fc33cc10f\danish beastiality animal several models legs black hairunshaved (Gina).rar.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.746_none_96167fa49059f7a3\hardcore hardcore [free] (Janette).zip.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_10.0.19041.1_none_359f84f8e5af60e2\american animal xxx lesbian nipples YEâPSè& .rar.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Windows\SoftwareDistribution\Download\SharedFileCache\spanish horse [milf] vagina upskirt .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_215194e2327a46ac\sperm beast catfight bedroom .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe
"C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe"
C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe
"C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe"
C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe
"C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe"
C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe
"C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1392 --field-trial-handle=2844,i,5640589924128028832,7963280732661142908,262144 --variations-seed-version /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 71.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.154.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.114.53.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 13.107.246.64:443 | tcp | |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.118.77.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.204.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 250.192.214.48.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.234.121.100.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 87.210.158.117.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.169.243.183.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.156.147.17.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 96.221.109.11.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.17.38.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 250.93.113.29.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 207.240.149.146.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 51.115.142.36.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.47.6.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 48.135.97.145.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 246.52.238.244.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.128.245.206.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.95.183.99.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.65.69.112.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.119.134.254.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 47.196.17.33.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.149.85.232.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.208.156.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 51.228.98.68.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.88.119.189.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.64.17.164.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.94.105.98.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 93.77.18.77.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.26.20.194.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 245.110.101.50.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.35.72.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 123.178.180.50.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 118.19.3.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.102.203.67.in-addr.arpa | udp |
Files
memory/4572-0-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\gay blowjob big leather .avi.exe
| MD5 | 1e3da10c6d5f18a1a23f3b2d494782db |
| SHA1 | c10825d72f4e74cd2cc7ff35b801b2ed3e575f88 |
| SHA256 | 3ed097748381e893a242c0a03642c31438589a879888c07ca08ec4aaeb31d034 |
| SHA512 | a6a780c877c91e6eeabc50bdf543b77534676db9634b3f9645daa82ee5c9f03bf15e428a8aee5b2f186c791a55e79dcc9cf19790c1553852b90142ee457a6529 |
memory/2084-14-0x0000000000400000-0x000000000041F000-memory.dmp
memory/1224-27-0x0000000000400000-0x000000000041F000-memory.dmp
memory/3844-31-0x0000000000400000-0x000000000041F000-memory.dmp
memory/4572-191-0x0000000000400000-0x000000000041F000-memory.dmp
memory/2084-194-0x0000000000400000-0x000000000041F000-memory.dmp
memory/1224-197-0x0000000000400000-0x000000000041F000-memory.dmp
memory/3844-198-0x0000000000400000-0x000000000041F000-memory.dmp
C:\debug.txt
| MD5 | 6039e7cd088207465e02c01cf828a18e |
| SHA1 | 01c0b9320b3715d08aea85287197e15696598cb3 |
| SHA256 | 7e584f07b2b88955a9cd7339d83a8df66e3c0fdc09bd8fa182c2ffaad0f5aba0 |
| SHA512 | 202b524bf2989f0e69323fee93760776bdbfd25b2f14adf8b16fac24993956b7610a5b93db99327385340519c498cd1d9af2a49a0e753d565e12e87b242a87fb |
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-08 01:11
Reported
2024-04-08 01:14
Platform
win7-20240221-en
Max time kernel
150s
Max time network
151s
Command Line
Signatures
Detects executables containing possible sandbox analysis VM usernames
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\config\systemprofile\horse voyeur (Sylvia).zip.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\italian handjob sperm voyeur hole .avi.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\shared\tyrkish cumshot trambling sleeping shower (Jenna,Melissa).avi.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\japanese beastiality fucking masturbation hole black hairunshaved .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\brasilian nude hardcore [free] girly .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\lesbian [bangbus] (Sylvia).avi.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Windows\System32\LogFiles\Fax\Incoming\indian gang bang hardcore voyeur redhair (Sandy,Sylvia).rar.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\horse hidden .rar.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\brasilian nude xxx voyeur cock bondage .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\shared\xxx catfight feet balls .zip.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Google\Temp\japanese fetish sperm girls .zip.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\russian porn fucking lesbian redhair (Christine,Samantha).zip.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\american horse gay uncut (Tatjana).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\hardcore licking upskirt .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\fucking voyeur titts .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\italian horse blowjob [bangbus] .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\swedish kicking horse hot (!) sweet (Christine,Samantha).avi.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\hardcore licking glans beautyfull .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Shared Gadgets\gay [bangbus] wifey .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\Download\black animal trambling masturbation .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\indian beastiality hardcore hidden swallow .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\microsoft shared\swedish kicking horse catfight hole leather (Tatjana).zip.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\brasilian cum sperm lesbian cock .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Program Files\DVD Maker\Shared\russian porn fucking hidden glans .avi.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Program Files\Windows Journal\Templates\indian cum trambling masturbation cock hotel .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_293ea1e3e6bc5364\danish action gay catfight sweet .avi.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_de-de_5803850b2f40840e\spanish lesbian uncut penetration (Anniston,Tatjana).zip.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_39c9d74ef2ad6c7b\xxx licking feet penetration (Jade).zip.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-m..-temptable-provider_31bf3856ad364e35_6.1.7600.16385_none_1dd3ce8d1e7524cd\indian fetish xxx several models (Tatjana).zip.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\russian action lingerie licking feet ash (Melissa).avi.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\brasilian fetish blowjob hot (!) high heels (Sandy,Curtney).mpg.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Windows\SoftwareDistribution\Download\horse hidden ejaculation .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Windows\winsxs\Temp\swedish fetish lesbian public titts shower (Liz).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_05ea1d9b8e2bf020\asian beast full movie (Sylvia).zip.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\italian beastiality trambling uncut .rar.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\Downloads\hardcore uncut .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\hardcore licking feet mature .rar.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_bacc7ceffc55dca2\spanish lingerie hidden pregnant (Anniston,Karin).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_39374e2435a71b47\indian action sperm sleeping feet .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_965db382b6fef5cb\norwegian lingerie [bangbus] cock femdom .zip.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\xxx catfight shoes .zip.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\brasilian fetish trambling uncut .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\danish animal sperm public cock black hairunshaved .zip.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_4fe2107fd06efdd8\asian lingerie big .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_6.1.7600.16385_none_5499606faffb3f9f\spanish gay [free] glans YEâPSè& .zip.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_16a2bb1dbab1c595\hardcore several models lady .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_aea650787d30ed8a\japanese gang bang horse catfight sm .zip.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2fc4a33adb648f33\kicking lingerie masturbation hole (Gina,Karin).avi.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Windows\winsxs\InstallTemp\cumshot hardcore hot (!) traffic (Sonja,Liz).mpg.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_515dc677700303ec\bukkake full movie hole .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Windows\assembly\temp\brasilian action blowjob [free] hotel (Anniston,Curtney).mpg.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_bcc167434bb9b3ea\kicking bukkake lesbian ash .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_65b23d3c3a97bfaf\italian animal lingerie [free] .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ad7c61fb28607522\japanese animal lesbian several models glans young .rar.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Windows\winsxs\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_79642285ffd2a388\nude gay big glans hairy (Karin).avi.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Windows\mssrv.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a3772de7111797da\xxx girls .rar.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_6208b91f46896156\gang bang lingerie masturbation glans swallow (Janette).avi.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_095efe9c8261401e\fucking full movie fishy .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_d8216ed3d8746200\british lesbian masturbation femdom .rar.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8c6fc5a7aa8c435d\american kicking hardcore hot (!) cock .avi.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_3b85bcbe4734e96a\beast licking glans upskirt .zip.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\hardcore uncut wifey .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_en-us_00f45b041e1e8fd3\chinese beast hot (!) cock bondage .avi.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_60a2cbbf935c42b4\cumshot lingerie hot (!) girly .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_664dbffec8693dfe\indian action lesbian girls redhair .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\sperm big latex (Anniston,Melissa).rar.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Windows\PLA\Templates\swedish cum beast full movie (Melissa).zip.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\horse lesbian .avi.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_dba3691c6002e10e\japanese cumshot sperm lesbian feet .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Windows\assembly\tmp\american cum fucking [bangbus] hole sm .rar.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\italian gang bang hardcore uncut femdom .zip.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_94828572f7ddbf0f\norwegian hardcore hidden glans castration (Melissa).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b4aea777fe683838\spanish horse girls pregnant .avi.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\italian beastiality gay [free] beautyfull .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_99b74194b7347cab\sperm [bangbus] femdom .zip.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_d81c96999f75bd77\indian nude lesbian hot (!) (Melissa).avi.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_6.1.7600.16385_none_49dd84a06c7c8863\gang bang lesbian masturbation cock 40+ .avi.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_9498b282333b64ec\gay hot (!) sweet .rar.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_f0ca3430257ea13f\swedish animal fucking sleeping titts (Britney,Sarah).avi.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_7bfdfb15e7184c41\malaysia sperm voyeur hole pregnant (Tatjana).mpg.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8bfc34b93f0fdd42\indian cumshot beast public hole hairy .avi.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_3d98a610fed70b75\american nude fucking catfight cock swallow .avi.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_6.1.7600.16385_none_2958d4a31d2ec64f\canadian sperm lesbian circumcision .rar.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Windows\security\templates\danish nude horse several models black hairunshaved .avi.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\blowjob several models cock shower (Janette).mpg.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_es-es_00bfb7e81e458178\norwegian trambling lesbian pregnant .avi.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_3863e9ef3f804dd9\brasilian animal bukkake uncut hole .avi.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0af98f1835676d1b\asian sperm big hole boots (Samantha).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe
"C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe"
C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe
"C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe"
C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe
"C:\Users\Admin\AppData\Local\Temp\c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 73.109.244.78.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.198.168.231.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.138.171.102.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.179.131.24.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 201.252.195.181.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.84.233.9.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.121.181.22.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.119.7.235.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.255.217.19.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.125.81.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 153.121.195.230.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.153.82.41.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.119.36.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 218.251.112.86.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.41.171.228.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.243.232.186.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.67.203.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 186.81.182.121.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.52.32.146.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.135.148.137.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.173.98.215.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 159.219.51.86.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 236.63.186.255.in-addr.arpa | udp |
Files
memory/856-0-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Program Files\Windows Sidebar\Shared Gadgets\gay [bangbus] wifey .mpeg.exe
| MD5 | b108a40a36c2fb2b7f449e5d0c904112 |
| SHA1 | faa92a831de2441394307f26c61f9f85323786d4 |
| SHA256 | b875292cc4f47e0ebf8870b724ee624075a7a98800b5008bdac414d3b1cac878 |
| SHA512 | 2941aded3596f79882d285f4848d031670e4ade085d527f871ef25eb15c417d19a5ca87f0c44f59c8e2085ab111fb9ebdfae67e4f826402cd1e229263f820758 |
memory/2580-16-0x0000000000400000-0x000000000041F000-memory.dmp
memory/2580-61-0x0000000001E00000-0x0000000001E1F000-memory.dmp
memory/2496-63-0x0000000000400000-0x000000000041F000-memory.dmp
memory/856-95-0x0000000000400000-0x000000000041F000-memory.dmp
memory/856-98-0x0000000004A80000-0x0000000004A9F000-memory.dmp
memory/2580-99-0x0000000000400000-0x000000000041F000-memory.dmp
memory/2580-100-0x0000000001E00000-0x0000000001E1F000-memory.dmp
memory/2496-102-0x0000000000400000-0x000000000041F000-memory.dmp
C:\debug.txt
| MD5 | 2f3580057fc3a11fb56d83bf5adca673 |
| SHA1 | cd9a3521dbe6afd4fe8fb0a3af8245ccfb67690a |
| SHA256 | 5e1e06df3353d8b267839ad1aadae335a99b8d9f168607be6f551221ed09d4a7 |
| SHA512 | 75da0d8e27714f2cffd70efc69b2e27c6d5b9b74883892cdfd7fe422084398e9f4e89cc1293d26fe04d843d9239a70b20101eafedaec60daf0963ae184c35d88 |