Analysis Overview
SHA256
c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e
Threat Level: Known bad
The file c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e was found to be: Known bad.
Malicious Activity Summary
UPX dump on OEP (original entry point)
UPX dump on OEP (original entry point)
Detects executables containing possible sandbox analysis VM usernames
Reads user/profile data of web browsers
UPX packed file
Checks computer location settings
Enumerates connected drives
Adds Run key to start application
Drops file in System32 directory
Drops file in Windows directory
Drops file in Program Files directory
Enumerates physical storage devices
Unsigned PE
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-08 01:04
Signatures
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-08 01:04
Reported
2024-04-08 01:06
Platform
win7-20240221-en
Max time kernel
151s
Max time network
154s
Command Line
Signatures
Detects executables containing possible sandbox analysis VM usernames
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\american kicking beast [milf] feet mistress (Melissa).zip.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\beast catfight (Liz).zip.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\canadian horse uncut glans femdom .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\gay girls .rar.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\danish cumshot gay [free] sm (Christine,Sarah).zip.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\nude trambling [free] glans .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Windows\System32\LogFiles\Fax\Incoming\indian animal horse licking sweet .avi.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\japanese porn gay lesbian castration (Sonja,Melissa).rar.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\shared\blowjob catfight .avi.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\shared\danish cum trambling catfight hairy .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\DVD Maker\Shared\cumshot trambling hidden (Jade).avi.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\microsoft shared\trambling [milf] .avi.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\bukkake hot (!) .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\xxx catfight cock gorgeoushorny (Janette).zip.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\italian animal gay masturbation blondie .zip.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\italian beastiality horse [bangbus] feet .zip.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\bukkake full movie feet shoes .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\black cum sperm [milf] titts YEâPSè& (Jade).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Program Files\Windows Journal\Templates\brasilian porn xxx voyeur glans granny .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Shared Gadgets\swedish beastiality fucking lesbian glans .zip.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\lesbian licking cock .rar.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\danish fetish horse [milf] shower .zip.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\beast voyeur glans traffic (Samantha).zip.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\black porn horse hot (!) .rar.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\Download\black handjob trambling sleeping cock .zip.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\xxx voyeur .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_aea650787d30ed8a\horse lesbian lady .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_515dc677700303ec\xxx [milf] swallow .avi.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_94ab98ac6d213009\xxx public fishy (Gina,Curtney).mpg.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_4fe2107fd06efdd8\chinese sperm sleeping lady .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5d6ada54ed6d35a2\cum xxx public .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\brasilian action gay big .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_d81c96999f75bd77\danish cum bukkake girls titts penetration .avi.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_05ea1d9b8e2bf020\brasilian cum lingerie girls black hairunshaved (Kathrin,Samantha).zip.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\indian action lingerie [bangbus] wifey .avi.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\black gang bang gay sleeping glans .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0835101f2d90c7b6\lesbian several models .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\Downloads\brasilian porn gay girls glans granny .zip.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_39c9d74ef2ad6c7b\brasilian cumshot fucking catfight cock (Anniston,Tatjana).zip.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_39374e2435a71b47\xxx masturbation glans .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_ddab3bcb3a4ffb45\beastiality horse girls (Janette).avi.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_dd18b2a07d49aa11\canadian trambling voyeur titts traffic (Melissa).mpg.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_5e4ff1f4cf2dee9b\spanish gay licking cock 50+ .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\black gang bang beast lesbian young .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_657d9a203abeb154\japanese cum hardcore hidden blondie .rar.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ea4a469ab7713182\cumshot hardcore licking .zip.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_6.1.7600.16385_none_af6f98ff87b0e3cc\horse [milf] sweet .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\russian horse sperm lesbian YEâPSè& .rar.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_6.1.7600.16385_none_6377027f0030a06a\japanese fetish gay catfight 40+ .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_6208b91f46896156\american nude xxx public glans .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_cd2006602e5ee22e\african sperm several models hole .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_3d98a610fed70b75\indian beastiality blowjob [bangbus] wifey .zip.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\sperm [free] hole upskirt .zip.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Windows\winsxs\Temp\american animal lesbian [bangbus] (Jade).zip.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\lingerie [free] titts .zip.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Windows\Downloaded Program Files\tyrkish horse sperm sleeping redhair .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8d9f242de8497d58\french lesbian catfight girly .zip.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\russian horse fucking uncut castration .rar.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_f27c4f066f5c6701\black horse blowjob voyeur cock .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_34400a5790d1d336\swedish horse lesbian full movie feet redhair .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ad7c61fb28607522\spanish sperm full movie hole lady (Melissa).mpg.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Windows\winsxs\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_6b16fa9f975e1109\porn sperm sleeping hole upskirt (Melissa).zip.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_965db382b6fef5cb\asian trambling several models cock black hairunshaved .zip.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Windows\mssrv.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_de-de_5803850b2f40840e\canadian blowjob hot (!) circumcision .rar.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_bacc7ceffc55dca2\animal beast uncut hole .zip.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0af98f1835676d1b\gay public fishy .rar.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_60a2cbbf935c42b4\german gay public .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\japanese action horse lesbian cock YEâPSè& (Jade).avi.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\russian kicking beast masturbation cock .zip.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_293ea1e3e6bc5364\gay girls hole upskirt .avi.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_en-us_00f45b041e1e8fd3\beast uncut titts high heels (Melissa).mpg.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_2e7f079c3208e549\fucking public cock 40+ (Sarah).avi.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_c26c5b8280c6af34\swedish beastiality lingerie hot (!) .rar.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_7f84cd98a7a56fd8\cum blowjob [bangbus] cock .avi.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\lingerie public .rar.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5d9f7d70ed4643fd\swedish nude hardcore hot (!) .rar.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e30b5ec05031d17d\african trambling uncut high heels .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8bfc34b93f0fdd42\hardcore [free] glans .avi.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_bcc167434bb9b3ea\malaysia sperm big .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_1412267f4b3bb985\danish handjob lingerie public hairy .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_4d274741486b900c\italian action fucking catfight glans .rar.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f25d066604c2ad34\action bukkake hidden (Samantha).zip.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8c6fc5a7aa8c435d\gang bang sperm lesbian .rar.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8bc7919d3f36cee7\swedish handjob beast full movie upskirt .rar.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_f3c374fc18118ca2\asian horse hot (!) glans redhair (Karin).rar.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Windows\SoftwareDistribution\Download\beast uncut glans ìï .avi.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a3772de7111797da\malaysia beast sleeping mistress (Britney,Karin).rar.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_a945e2c500c90142\gang bang xxx [milf] 40+ .avi.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe
"C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe"
C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe
"C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe"
C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe
"C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 132.170.69.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.224.70.65.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.203.254.183.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 109.70.185.153.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 250.164.238.249.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.97.118.156.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.16.57.212.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.139.113.29.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 109.53.246.113.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.9.164.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 215.230.191.83.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 166.202.28.119.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 189.86.208.205.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.93.249.80.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 182.158.69.22.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 211.138.187.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 120.33.117.15.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.29.224.17.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 127.116.16.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 54.237.186.76.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 45.172.182.202.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.154.68.49.in-addr.arpa | udp |
Files
memory/2196-0-0x0000000000400000-0x000000000041B000-memory.dmp
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\beast voyeur glans traffic (Samantha).zip.exe
| MD5 | 03671fcea7df9c3628e0b224e6e087d5 |
| SHA1 | 2b7145cd5af0d253c7057306ee5f2479f7c57e0d |
| SHA256 | b1d56cb083431a8e1dfa5fa2f019e957fe82d3996133bff0dbb7d1eb776cc1da |
| SHA512 | 26d2ad977d0077274941e5e1b32d30fda8b4a943f7191bb6fa0cf92ccb3cff820d6a1a90c89147aeb852f10c1601376e018a58a344f26491d3db1883ecd67955 |
memory/2196-15-0x0000000004980000-0x000000000499B000-memory.dmp
memory/2652-16-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2428-59-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2652-58-0x0000000004680000-0x000000000469B000-memory.dmp
memory/2196-83-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2652-84-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2428-85-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2196-86-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2196-87-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2196-90-0x0000000004980000-0x000000000499B000-memory.dmp
memory/2652-92-0x0000000004680000-0x000000000469B000-memory.dmp
memory/2196-93-0x0000000000400000-0x000000000041B000-memory.dmp
C:\debug.txt
| MD5 | c43d77c769eb0077b8baea8661692f7d |
| SHA1 | d1710dd9dafe965ab43014dfa8c4454794bf7efc |
| SHA256 | c68f36a5454cf4e161fe9c56e6bacd52e95dae2c4279ef5e0865ed1bf3c47ebe |
| SHA512 | ff24997f9302759b0cd8fd424869a1f7950976ea681971d2c64f2f07b2b904e74916f0024754062ead7e77df99c541708bcffa8807b9f6b285b2668c72ce7d22 |
memory/2196-106-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2196-109-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2196-112-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2196-115-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2196-118-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2196-123-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2196-126-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2196-129-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2196-132-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2196-135-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2196-138-0x0000000000400000-0x000000000041B000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-08 01:04
Reported
2024-04-08 01:06
Platform
win10v2004-20240319-en
Max time kernel
150s
Max time network
161s
Command Line
Signatures
Detects executables containing possible sandbox analysis VM usernames
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\System32\DriverStore\Temp\black cumshot lingerie catfight feet beautyfull (Jade).mpg.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\canadian horse [free] .avi.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\blowjob girls hole ash .zip.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\horse hidden wifey .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\SHARED\bukkake full movie glans .zip.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\horse voyeur .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\xxx hot (!) hole mature (Karin).avi.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Windows\System32\LogFiles\Fax\Incoming\russian handjob horse licking cock latex .avi.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\beast hot (!) castration .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\italian cum horse hidden feet castration (Sylvia).zip.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\russian porn xxx catfight .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\SHARED\swedish beastiality beast hidden .rar.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\brasilian kicking lesbian several models leather .zip.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\italian cumshot lingerie several models boots .rar.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\gay girls .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\blowjob full movie penetration (Sonja,Sarah).rar.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Program Files\Microsoft Office\Updates\Download\bukkake uncut cock ¼ë .rar.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\Download\lesbian several models .avi.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\american cumshot fucking uncut shower .rar.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\chinese hardcore [milf] granny .avi.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\japanese kicking trambling catfight beautyfull .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\lesbian licking .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Program Files\dotnet\shared\bukkake hidden .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Templates\sperm voyeur cock sweet .avi.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\blowjob big .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\blowjob catfight boots .avi.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Install\{D3EA2F86-0081-495C-8439-1E64CA71F999}\EDGEMITMP_57EE5.tmp\black nude xxx big glans .zip.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\indian cumshot beast [milf] glans mistress .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\danish cum trambling [bangbus] glans leather .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Shared Gadgets\spanish horse catfight (Sylvia).zip.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Microsoft Shared\russian nude hardcore masturbation glans ash (Tatjana).mpg.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_es-es_c9ce604ef4cbf323\animal gay sleeping (Karin).avi.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.746_none_a06b29f6c4bab99e\british bukkake hidden traffic .zip.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.1266_none_7916f7558927ae23\british hardcore public feet wifey .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_e79b400a6df5fd2c\chinese bukkake hot (!) feet upskirt (Samantha).avi.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_10.0.19041.1_none_096bb4dc0d5d63a0\horse trambling public glans .zip.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedpc-sharedpccsp_31bf3856ad364e35_10.0.19041.746_none_4cfe603abbcbfd86\american cumshot trambling sleeping .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_10.0.19041.1_none_01240756137c3159\italian cum gay public femdom .zip.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\brasilian nude gay hot (!) blondie (Gina,Tatjana).zip.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\tyrkish beastiality sperm hidden titts sweet .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1151_none_fbdc4c5f677dc2ec\action horse [bangbus] .avi.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-u..tyvm-sysprep-shared_31bf3856ad364e35_10.0.19041.1_none_3ba048793ab5eb3f\danish nude xxx masturbation bondage .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.1_none_4a03fd12cb3f16c2\horse lingerie hidden traffic .rar.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-a..gement-uevtemplates_31bf3856ad364e35_10.0.19041.1_none_0d66b54875835a49\asian fucking lesbian .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_14c898cc82025c76\tyrkish nude horse hot (!) hole .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Windows\WinSxS\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_10.0.19041.1_none_15ba23b7f1e2b81b\british beast sleeping cock swallow .rar.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_ab42fb092bda9182\russian beastiality bukkake catfight femdom (Sonja,Karin).avi.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_93c5f32b7859ec4f\blowjob [free] .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-t..ervices-tsfairshare_31bf3856ad364e35_10.0.19041.1_none_e32b64807ab11fd2\american action horse catfight wifey .zip.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Windows\WinSxS\x86_microsoft-windows-m..-temptable-provider_31bf3856ad364e35_10.0.19041.1_none_77cfea69a421a4a1\malaysia bukkake hot (!) leather .avi.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.1_none_abfc9db6c377b91f\russian porn horse sleeping boots (Sonja,Sylvia).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_en-us_e5f85095c4bc5d16\chinese xxx big titts .zip.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.1_none_6e0e425bd0e83959\japanese gang bang fucking [milf] feet ejaculation (Tatjana).zip.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_215194e2327a46ac\beastiality bukkake voyeur balls .zip.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_10.0.19041.1_none_bd731e5b85dd203e\black beastiality beast [milf] gorgeoushorny .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_a4f93129c473df49\asian bukkake big leather .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.867_none_c29826784f9429f8\british trambling hot (!) .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.746_none_d404daff82e97769\norwegian bukkake [milf] high heels .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_it-it_1a80ce63d483fe70\fetish trambling [milf] hole pregnant .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Windows\WinSxS\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_10.0.19041.1_none_4ab14109a3e1e067\action bukkake big (Sarah).rar.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Windows\WinSxS\x86_netfx4-uninstallsqlstatetemplate_sql_b03f5f7f11d50a3a_4.0.15805.0_none_231ddfc33015c6db\black cum lesbian [free] girly .zip.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\Downloads\japanese horse fucking big (Sarah).mpg.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_es-es_bf79b5fcc06b3128\action sperm hidden hole YEâPSè& .avi.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-u..ell-sharedutilities_31bf3856ad364e35_10.0.19041.546_none_a93e4a2569276206\cum sperm girls bondage .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_ee7ea14f7d8a3ee3\swedish fetish horse sleeping cock shower (Samantha).avi.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1_none_0b596e2a33be7d4c\horse [bangbus] titts gorgeoushorny .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_10.0.19041.1_none_965fbcbe4df0916b\russian horse beast masturbation hairy .avi.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_10.0.19041.1_none_0341fea186758116\gay uncut .zip.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\templates\tyrkish kicking gay [milf] .zip.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..s-ime-eashared-ihds_31bf3856ad364e35_10.0.19041.1_none_e8996b7d3512363f\malaysia fucking masturbation .zip.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_10.0.19041.1_none_551afa5edf8be30e\black cumshot gay [bangbus] hole (Britney,Curtney).zip.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx4-_dataoraclec.._shared12_neutral_h_b03f5f7f11d50a3a_4.0.15805.0_none_3b8d4dacc2ea6b71\canadian bukkake full movie feet sm .rar.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Windows\PLA\Templates\xxx catfight upskirt .rar.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1_none_97e9c0335b4cd39a\spanish beast hot (!) glans redhair .avi.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_it-it_f1a0741e853eda74\asian blowjob voyeur castration .rar.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-s..mon-sharedresources_31bf3856ad364e35_10.0.19041.1_none_5417ea1f38dbb76b\norwegian bukkake uncut glans .zip.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_fe0807c37141be7a\malaysia gay [bangbus] cock hotel .rar.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.746_none_b53f8b98f2b3a373\asian beast [bangbus] lady (Sandy,Melissa).rar.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Windows\Downloaded Program Files\bukkake sleeping feet .avi.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1288_none_56c05939711f0938\beast big feet hairy .rar.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_ca03036af4a5017e\fucking hidden hotel (Sonja,Karin).avi.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.84_none_81616275259e37fe\spanish fucking [bangbus] traffic .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_de-de_e4e52f411b7b0526\trambling girls girly .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-m..ineshared.resources_31bf3856ad364e35_10.0.19041.1_en-us_a4327320c19e2fa7\russian handjob horse [milf] .zip.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.572_none_d9e58b774d1b6e80\action lesbian hidden feet .rar.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_2426cc56d654beaa\japanese horse gay masturbation pregnant (Gina,Sarah).avi.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Windows\InputMethod\SHARED\russian gang bang xxx lesbian Ôï .rar.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.906_none_ef0e010d1381269b\american beastiality gay [bangbus] pregnant .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx4-uninstallsqlstatetemplate_sql_b03f5f7f11d50a3a_4.0.15805.0_none_db70a8ec1b999dd5\black nude horse [milf] (Jade).avi.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\brasilian action blowjob hot (!) sm (Jenna,Janette).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.1_none_b201c2e68d8dbc0d\canadian lesbian girls upskirt (Anniston,Karin).avi.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedpc-sharedpccsp_31bf3856ad364e35_10.0.19041.1_none_24f622f1fc5a3f3c\asian xxx catfight stockings .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_6c6bd34f082a97f1\danish gang bang horse several models hole .rar.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_10.0.19041.1_none_91025638be651781\animal trambling voyeur shoes .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_62312bfbb33d478a\gang bang xxx hidden glans Ôï .rar.exe | C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe
"C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe"
C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe
"C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe"
C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe
"C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe"
C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe
"C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1328 --field-trial-handle=2260,i,11662483365823245381,11064702639240765741,262144 --variations-seed-version /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 74.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.228.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.204.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.114.53.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 20.231.121.79:80 | tcp | |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| GB | 13.105.221.15:443 | tcp | |
| GB | 13.105.221.15:443 | tcp | |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.131.43.109.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.62.248.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.255.58.232.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.247.46.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.114.129.212.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 148.59.181.226.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.70.95.229.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.130.77.1.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 177.154.9.215.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 166.64.154.36.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 176.54.37.11.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 242.223.51.236.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.75.122.165.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.26.129.138.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 160.113.52.76.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 114.152.204.68.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 177.158.4.105.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.61.164.211.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 182.247.55.188.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.180.179.248.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 242.176.12.111.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 120.84.111.24.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 84.87.9.115.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 219.89.224.203.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 236.129.169.121.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 215.11.178.125.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 93.129.13.125.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 164.36.216.246.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.229.69.30.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 246.37.230.227.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.44.202.119.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.109.10.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.227.97.159.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.155.97.190.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.85.188.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.182.63.220.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 167.233.172.176.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.203.138.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.221.213.80.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.49.250.83.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 239.206.32.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 214.15.37.165.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 164.201.138.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.36.208.223.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.95.168.143.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 123.63.206.41.in-addr.arpa | udp |
Files
memory/1972-0-0x0000000000400000-0x000000000041B000-memory.dmp
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\gay girls .mpeg.exe
| MD5 | 0f22294037af3cfe46cde04d0f4c852e |
| SHA1 | e031e2a6fedc683297af3e9005f46c2b01e0f2f1 |
| SHA256 | 7778c2b0eb9c248283d9d39b5eadd84605b5380486445ea3b5b96e7411bd2b4b |
| SHA512 | a41e5a98ac5d6967356cc6c81d3c2a540a9b3d56c7d8a3a4e77b28cd087d957d21e7bec3818382be5e77cd375f0f7b617c31a922a75f94e1a4b609ee8adb1144 |
memory/968-10-0x0000000000400000-0x000000000041B000-memory.dmp
memory/4264-55-0x0000000000400000-0x000000000041B000-memory.dmp
memory/1972-147-0x0000000000400000-0x000000000041B000-memory.dmp
memory/968-168-0x0000000000400000-0x000000000041B000-memory.dmp
memory/4264-176-0x0000000000400000-0x000000000041B000-memory.dmp
memory/3120-177-0x0000000000400000-0x000000000041B000-memory.dmp
memory/1972-188-0x0000000000400000-0x000000000041B000-memory.dmp
memory/1972-189-0x0000000000400000-0x000000000041B000-memory.dmp
memory/1972-193-0x0000000000400000-0x000000000041B000-memory.dmp
memory/1972-197-0x0000000000400000-0x000000000041B000-memory.dmp
memory/1972-201-0x0000000000400000-0x000000000041B000-memory.dmp
memory/1972-206-0x0000000000400000-0x000000000041B000-memory.dmp
memory/1972-212-0x0000000000400000-0x000000000041B000-memory.dmp
memory/1972-226-0x0000000000400000-0x000000000041B000-memory.dmp
memory/1972-230-0x0000000000400000-0x000000000041B000-memory.dmp
memory/1972-234-0x0000000000400000-0x000000000041B000-memory.dmp
memory/1972-238-0x0000000000400000-0x000000000041B000-memory.dmp
memory/1972-243-0x0000000000400000-0x000000000041B000-memory.dmp
memory/1972-247-0x0000000000400000-0x000000000041B000-memory.dmp