Analysis Overview
SHA256
c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac
Threat Level: Known bad
The file c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac was found to be: Known bad.
Malicious Activity Summary
UPX dump on OEP (original entry point)
Detects executables containing possible sandbox analysis VM usernames
UPX dump on OEP (original entry point)
Checks computer location settings
Reads user/profile data of web browsers
UPX packed file
Adds Run key to start application
Enumerates connected drives
Drops file in System32 directory
Drops file in Windows directory
Drops file in Program Files directory
Unsigned PE
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-08 01:20
Signatures
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-08 01:20
Reported
2024-04-08 01:23
Platform
win7-20240221-en
Max time kernel
150s
Max time network
152s
Command Line
Signatures
Detects executables containing possible sandbox analysis VM usernames
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\IME\shared\gay voyeur glans upskirt (Karin).zip.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\black cum blowjob sleeping (Melissa).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\swedish gang bang gay licking titts (Anniston,Melissa).mpg.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\danish handjob xxx big glans sm .rar.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\brasilian animal bukkake catfight (Sarah).avi.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\lingerie full movie Ôë .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\xxx big cock hotel .rar.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Windows\System32\LogFiles\Fax\Incoming\american gang bang beast public hotel .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\bukkake masturbation glans bedroom (Jade).avi.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\shared\danish fetish bukkake uncut YEâPSè& (Christine,Janette).zip.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\sperm girls bondage .zip.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Program Files\Windows Journal\Templates\brasilian fetish beast public 50+ .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\microsoft shared\russian gang bang horse public titts (Kathrin,Samantha).zip.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\danish animal blowjob voyeur femdom .rar.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\russian horse hardcore catfight (Sarah).rar.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\italian cum hardcore uncut penetration .zip.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\tyrkish handjob xxx sleeping .avi.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\black porn blowjob lesbian hole YEâPSè& .avi.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Program Files\DVD Maker\Shared\cumshot bukkake hidden swallow .rar.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\japanese cumshot horse full movie hole sweet (Samantha).avi.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\black kicking fucking masturbation sm .rar.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Shared Gadgets\fucking girls feet traffic .avi.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\blowjob big (Tatjana).avi.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\Download\blowjob public (Curtney).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\black gang bang lesbian [free] glans (Christine,Liz).mpg.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_es-es_00bfb7e81e458178\tyrkish animal blowjob [free] upskirt .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_97a45841ff925aa0\cum lingerie catfight .avi.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_60c2504d62fd4f0e\russian porn beast uncut glans traffic (Samantha).avi.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_3d98a610fed70b75\black cum fucking catfight .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_f3c374fc18118ca2\indian gang bang horse catfight leather .avi.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_05ea1d9b8e2bf020\cumshot fucking [milf] glans high heels .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\american porn beast [milf] wifey .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_34400a5790d1d336\porn sperm girls upskirt .avi.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_b7f38afb92de484f\action horse lesbian hairy .zip.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\japanese cumshot sperm voyeur glans mistress (Sarah).zip.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\hardcore lesbian glans gorgeoushorny .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\xxx uncut sweet (Kathrin,Melissa).zip.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5d9f7d70ed4643fd\french fucking catfight glans shoes .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_6208b91f46896156\horse uncut girly .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\american fetish sperm licking beautyfull .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\Downloads\french lingerie [milf] .avi.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_2e7f079c3208e549\lingerie catfight girly (Anniston,Sarah).mpg.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_aea650787d30ed8a\japanese action fucking masturbation titts stockings .avi.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Windows\mssrv.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_963e6ae24c653bfe\indian beastiality blowjob licking .avi.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_293ea1e3e6bc5364\cumshot bukkake lesbian cock .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_095efe9c8261401e\japanese action blowjob uncut .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\american nude gay uncut girly .rar.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Windows\SoftwareDistribution\Download\fucking several models hole ash (Curtney).rar.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_00225053e03f4c04\lesbian licking titts .zip.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_a945e2c500c90142\action trambling uncut (Melissa).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_99b74194b7347cab\brasilian cumshot gay several models hole castration (Karin).zip.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_39374e2435a71b47\beast girls titts .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\black fetish bukkake hidden bedroom .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\sperm [free] beautyfull (Christine,Tatjana).zip.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ad7c61fb28607522\lesbian masturbation titts pregnant .avi.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Windows\winsxs\InstallTemp\asian sperm public glans (Gina,Samantha).mpg.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_6.1.7600.16385_none_6377027f0030a06a\porn hardcore public (Jade).mpg.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0ac4ebfc358e5ec0\gay girls high heels .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a3772de7111797da\brasilian cumshot lingerie uncut glans .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_it-it_18a6fde3093acac7\norwegian xxx public titts .rar.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Windows\winsxs\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_6b16fa9f975e1109\asian sperm [milf] glans .avi.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05\nude lingerie public cock femdom .zip.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_65b23d3c3a97bfaf\animal lesbian several models .avi.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Windows\winsxs\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_79642285ffd2a388\spanish trambling public (Tatjana).rar.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_94828572f7ddbf0f\danish cumshot horse voyeur femdom (Jenna,Sylvia).avi.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_39c9d74ef2ad6c7b\porn gay voyeur granny .rar.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\sperm several models hole (Ashley,Liz).rar.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_60a2cbbf935c42b4\black gang bang sperm girls titts (Gina,Melissa).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_aedaf3947d09fbe5\french horse public granny .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_5e4ff1f4cf2dee9b\sperm girls titts pregnant .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Windows\security\templates\tyrkish kicking lesbian [milf] glans .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\Downloads\lingerie big .zip.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_de-de_5803850b2f40840e\black fetish sperm lesbian mistress .rar.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8bfc34b93f0fdd42\black horse lesbian [free] circumcision (Gina,Melissa).rar.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_16a2bb1dbab1c595\gay [milf] blondie .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Windows\winsxs\Temp\brasilian gang bang xxx [free] (Janette).avi.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\italian horse horse big shower (Kathrin,Sarah).zip.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\indian beastiality hardcore hot (!) (Jade).mpg.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0993a1b8823a4e79\african sperm masturbation young .zip.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_657d9a203abeb154\fetish gay full movie .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_6.1.7600.16385_none_af6f98ff87b0e3cc\horse bukkake public hole YEâPSè& (Karin).rar.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8c6fc5a7aa8c435d\french beast catfight 50+ .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_c26c5b8280c6af34\action hardcore lesbian high heels (Christine,Sylvia).mpg.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\brasilian animal lesbian [bangbus] mature .rar.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b4aea777fe683838\action bukkake girls feet sm .avi.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_f0ca3430257ea13f\porn fucking [bangbus] (Karin).avi.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_d81c96999f75bd77\malaysia xxx sleeping (Jade).avi.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e30b5ec05031d17d\british blowjob [free] feet .avi.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe
"C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe"
C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe
"C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe"
C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe
"C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe"
C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe
"C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 145.228.98.36.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.72.11.136.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.178.58.115.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 208.14.165.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.21.174.82.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 230.97.91.50.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.165.88.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 181.158.184.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.63.204.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.182.249.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.189.203.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.147.217.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.213.171.225.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.12.254.83.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.33.210.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 132.1.68.176.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.148.244.97.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.161.197.235.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.113.197.164.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.26.194.85.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 224.131.222.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.46.198.90.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.190.203.80.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.45.159.87.in-addr.arpa | udp |
Files
memory/1460-0-0x0000000000400000-0x000000000041E000-memory.dmp
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\blowjob big (Tatjana).avi.exe
| MD5 | f94a8de47fb16915655fa7471ec594b7 |
| SHA1 | 701e59e8b6a1db75c5cae8b5092d84b9ae48f8c6 |
| SHA256 | b2a27f4ce87adbd876cedd47d2926f8193575185bcd1393f027c26a2c1c08e52 |
| SHA512 | 111c40f708e87e13b857fdf72da5636a81d1462a1f59e4fe3747229588426d7970344ca4341e041d4c9db311b8975f3ad0bc099875dab9d7c855a0bbabf3fbd9 |
memory/1460-22-0x0000000004EC0000-0x0000000004EDE000-memory.dmp
memory/2624-23-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2400-63-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1460-62-0x0000000005230000-0x000000000524E000-memory.dmp
memory/2624-64-0x0000000001E20000-0x0000000001E3E000-memory.dmp
memory/2784-65-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1460-91-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2624-92-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2400-93-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2784-94-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1460-95-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1460-96-0x0000000004EC0000-0x0000000004EDE000-memory.dmp
memory/1460-97-0x0000000005230000-0x000000000524E000-memory.dmp
memory/1460-99-0x0000000000400000-0x000000000041E000-memory.dmp
memory/2624-101-0x0000000001E20000-0x0000000001E3E000-memory.dmp
memory/1460-106-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1460-118-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1460-122-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1460-126-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1460-130-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1460-134-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1460-140-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1460-144-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1460-148-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1460-152-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1460-156-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1460-160-0x0000000000400000-0x000000000041E000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-08 01:20
Reported
2024-04-08 01:23
Platform
win10v2004-20240226-en
Max time kernel
150s
Max time network
154s
Command Line
Signatures
Detects executables containing possible sandbox analysis VM usernames
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\config\systemprofile\hardcore horse [milf] .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\swedish gay blowjob several models sm (Sandy,Kathrin).avi.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\xxx fetish girls (Samantha,Kathrin).mpg.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\porn kicking girls high heels .zip.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\malaysia lesbian lesbian [free] hairy .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\spanish gay handjob hidden (Samantha,Jade).mpg.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\SHARED\horse horse sleeping (Karin,Sonja).mpg.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Windows\System32\LogFiles\Fax\Incoming\bukkake public sweet .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\hardcore catfight (Britney).zip.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\SHARED\horse several models feet gorgeoushorny .rar.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\danish bukkake public .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\japanese porn kicking masturbation .rar.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\spanish gang bang full movie (Jade,Anniston).mpg.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Shared Gadgets\indian lesbian action [bangbus] shower .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\chinese gay bukkake hidden mistress .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Program Files\dotnet\shared\asian xxx catfight (Melissa,Kathrin).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Program Files\Microsoft Office\Updates\Download\blowjob bukkake sleeping feet .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\danish gay sperm [free] (Jade).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\swedish bukkake uncut mature .avi.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Microsoft Shared\british animal cumshot [milf] high heels .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Templates\african handjob beastiality sleeping boobs hotel .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\porn gang bang big ash .zip.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\chinese gay gay lesbian .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\fetish handjob full movie ash fishy (Sonja,Karin).rar.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\horse lesbian catfight legs penetration .zip.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\Download\sperm trambling licking swallow .zip.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\horse bukkake [milf] hole gorgeoushorny .zip.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\porn lesbian boobs (Liz).avi.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\japanese gang bang big castration .zip.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\american beastiality hardcore uncut black hairunshaved .avi.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_14c898cc82025c76\indian gang bang hot (!) sweet .rar.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-s..mon-sharedresources_31bf3856ad364e35_10.0.19041.1_none_5417ea1f38dbb76b\russian hardcore horse hot (!) boobs traffic (Liz,Sarah).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_en-us_64f5aaf4bb13ecef\xxx fucking big pregnant .avi.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx-aspnet-sharedcomponents_b03f5f7f11d50a3a_4.0.19041.1_none_47ca94859da20b28\german nude licking Ôï (Sarah).avi.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx4-_dataoraclec.._shared12_neutral_h_b03f5f7f11d50a3a_4.0.15805.0_none_3b8d4dacc2ea6b71\swedish sperm lingerie lesbian (Curtney).mpg.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\templates\brasilian fucking action [free] pregnant .rar.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_2426cc56d654beaa\cum big glans .rar.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_9aa486d790131d4e\tyrkish action hardcore lesbian blondie (Sonja).zip.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-sx-shared_31bf3856ad364e35_10.0.19041.1_none_f8e978b0ed48a6bb\xxx licking .rar.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Windows\SoftwareDistribution\Download\SharedFileCache\french animal several models ¼ë .avi.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_7860bee9439c3ae7\fetish uncut .zip.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.1266_none_7916f7558927ae23\porn big balls .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_es-es_e5c3ad79c4e34ebb\asian fucking hot (!) cock sweet (Liz,Kathrin).mpg.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..ces-ime-eashared-lm_31bf3856ad364e35_10.0.19041.1_none_4756d423b091d10b\spanish fucking catfight cock shower .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_it-it_1a80ce63d483fe70\sperm cum voyeur ejaculation (Jenna,Sarah).zip.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_bca64d70c79f104b\brasilian lingerie big titts black hairunshaved (Sandy).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.546_none_cd016aa683e5a345\japanese handjob girls ash blondie (Britney).rar.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_en-us_310bfb76047869ad\nude action [milf] lady (Sylvia).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_de-de_21122d7205c6f5b9\bukkake trambling sleeping bedroom .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_215194e2327a46ac\spanish animal several models young .zip.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.906_none_ef0e010d1381269b\cum [bangbus] cock (Sandy).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.746_none_a06b29f6c4bab99e\malaysia blowjob xxx hot (!) YEâPSè& .zip.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Windows\WinSxS\x86_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_10.0.19041.1_none_34e3bab50607a64b\brasilian sperm cumshot [bangbus] bondage .avi.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.1_none_7862ecae0548fb54\gang bang licking (Sonja,Ashley).avi.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\fucking lesbian shoes .rar.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.1_none_0bc0f3d4cd7dc8fd\bukkake lesbian stockings .zip.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.153_none_e23c926e32d07dc1\italian animal [milf] black hairunshaved .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_5af076e0a3cb0fa7\danish porn blowjob full movie femdom .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-s..-kf-commondownloads_31bf3856ad364e35_10.0.19041.1_none_a914e3e3f19ceda1\swedish handjob kicking several models .rar.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_fad1fa0072ef4a3a\black blowjob gay public .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.1_none_b6514808f7d87b1a\gay sleeping .zip.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\fucking action hidden .rar.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\bukkake hardcore hot (!) .zip.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.867_none_c29826784f9429f8\russian action full movie boots .rar.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_f07d4fae3e8e883f\norwegian handjob voyeur hole black hairunshaved .avi.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_bfae5918c0443f83\horse voyeur nipples (Liz).rar.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_887b2378b7b5651d\fucking hidden ash leather .zip.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-u..ell-sharedutilities_31bf3856ad364e35_10.0.19041.546_none_a93e4a2569276206\blowjob [free] stockings (Tatjana).avi.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Windows\WinSxS\x86_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_10.0.19041.1_none_d980e9752d51efac\canadian gang bang lingerie lesbian glans .rar.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Windows\PLA\Templates\tyrkish cumshot several models .zip.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1_none_0b596e2a33be7d4c\bukkake horse girls hairy .avi.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.1_none_abfc9db6c377b91f\fucking uncut upskirt .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_fd7349c396c417ae\american trambling fetish hot (!) .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1288_none_56c05939711f0938\cumshot [free] .zip.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_de-de_bc04d4fbcc35e12a\beastiality catfight cock 40+ (Tatjana,Melissa).rar.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedpc-sharedpccsp_31bf3856ad364e35_10.0.19041.1_none_24f622f1fc5a3f3c\beast public pregnant .rar.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_fe0807c37141be7a\lesbian hidden feet .avi.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-w..acejoin-gptemplates_31bf3856ad364e35_10.0.19041.1_none_609f27436445f4da\animal trambling uncut (Britney).rar.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_es-es_8da1621e0a800290\swedish lingerie full movie vagina .avi.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx-shared_registry_whidbey_31bf3856ad364e35_10.0.19041.1_none_1c68775f06732f08\japanese xxx sperm several models 50+ (Curtney,Anniston).mpg.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\asian horse gang bang sleeping wifey .rar.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_4c786ae2f508e6d5\cum catfight hole beautyfull .zip.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-security-ntlmshared_31bf3856ad364e35_10.0.19041.1_none_734900fc110387b6\malaysia bukkake licking fishy .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_10.0.19041.1_none_01240756137c3159\action big feet (Ashley,Curtney).rar.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_8fafa997b9980bea\kicking nude masturbation femdom (Melissa,Sylvia).mpg.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\Downloads\asian gang bang full movie legs .rar.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.746_none_d01527cffa9c25bc\swedish beastiality fucking voyeur nipples leather .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedrealitysvc_31bf3856ad364e35_10.0.19041.1_none_5a23b464e1e0b15e\brasilian porn catfight (Curtney).rar.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_it-it_56adcc94becfef03\kicking cumshot girls .zip.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_5b152a8d329397ec\danish hardcore hidden traffic .avi.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Windows\WinSxS\Temp\russian gang bang action public .zip.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_es-es_c9ce604ef4cbf323\indian beastiality lesbian catfight granny .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Windows\WinSxS\x86_microsoft-windows-m..-temptable-provider_31bf3856ad364e35_10.0.19041.1_none_77cfea69a421a4a1\horse licking feet high heels .mpg.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_19d22204a1f3fcaf\porn several models vagina YEâPSè& (Liz,Sarah).mpg.exe | C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe
"C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe"
C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe
"C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe"
C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe
"C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe"
C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe
"C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.204.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.121.197.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.139.54.12.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 218.216.89.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.91.20.111.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.136.233.159.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 96.37.215.249.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 176.182.147.144.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 54.62.203.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.167.161.238.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.145.252.114.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 144.53.253.218.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.158.33.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.245.116.149.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.192.25.55.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.13.13.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.4.117.248.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 253.220.15.26.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.52.109.65.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.19.86.134.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.42.140.148.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.112.184.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.43.23.43.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.154.8.203.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.216.106.171.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.237.62.176.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.11.151.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.36.48.220.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.230.149.246.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.207.153.183.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.169.223.233.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.7.81.110.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 211.235.47.161.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.232.157.70.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.111.145.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.109.119.127.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 126.238.10.78.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.189.179.28.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.116.46.118.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 7.51.148.253.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.216.207.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.163.67.39.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 255.213.187.82.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 51.22.140.61.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.17.13.214.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.62.6.82.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.117.190.171.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 231.80.186.236.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.65.175.77.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.8.178.59.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 47.58.190.160.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 51.126.145.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.164.183.248.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.139.147.230.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 39.6.224.63.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 116.120.162.112.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.44.245.7.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 199.182.202.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 151.65.169.169.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.66.246.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.171.143.182.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.180.91.195.in-addr.arpa | udp |
Files
memory/1100-0-0x0000000000400000-0x000000000041E000-memory.dmp
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\porn gang bang big ash .zip.exe
| MD5 | 2e54ca0e6c106d637a69c43c27d6770e |
| SHA1 | 3450b98e4f3696436eed803778e8848b234f48d3 |
| SHA256 | a585522be5c98f0870651fa9320761dbf8887ece9f09cf4c7d5d9343f161727f |
| SHA512 | a2d674cf0f382d451b5e25e067e4ab71841f278fd27ec282ca158e5f0a86fb07671b4e2b02e972986614fc42321fdb92882b33d0e1de57e4ccd370a8f5785c45 |
memory/4472-23-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1828-40-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1100-158-0x0000000000400000-0x000000000041E000-memory.dmp
memory/4472-167-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1828-185-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1568-186-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1100-187-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1100-188-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1100-192-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1100-205-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1100-210-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1100-216-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1100-230-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1100-234-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1100-238-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1100-242-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1100-247-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1100-251-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1100-255-0x0000000000400000-0x000000000041E000-memory.dmp