Analysis Overview
SHA256
22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c
Threat Level: Known bad
The file 22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c was found to be: Known bad.
Malicious Activity Summary
UPX dump on OEP (original entry point)
Detects executables containing possible sandbox analysis VM usernames
UPX dump on OEP (original entry point)
Checks computer location settings
UPX packed file
Reads user/profile data of web browsers
Adds Run key to start application
Enumerates connected drives
Drops file in System32 directory
Drops file in Program Files directory
Drops file in Windows directory
Enumerates physical storage devices
Unsigned PE
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-03 19:24
Signatures
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-03 19:24
Reported
2024-04-03 19:27
Platform
win7-20240221-en
Max time kernel
150s
Max time network
150s
Command Line
Signatures
Detects executables containing possible sandbox analysis VM usernames
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\FxsTmp\cum sperm hot (!) hole .zip.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\shared\swedish porn beast big ash .mpg.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\shared\swedish beastiality fucking [bangbus] .mpg.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\fucking sleeping glans redhair .avi.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\horse voyeur titts 50+ .avi.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\swedish porn blowjob masturbation traffic .rar.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\brasilian beastiality beast catfight .mpg.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\tyrkish nude lingerie hidden latex .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\beast full movie (Janette).rar.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Windows\System32\LogFiles\Fax\Incoming\japanese beastiality xxx several models (Sarah).zip.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\Windows Journal\Templates\tyrkish beastiality xxx voyeur granny .rar.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\black nude horse uncut feet .rar.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\american cum horse [bangbus] sweet .zip.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\danish beastiality beast uncut .zip.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Program Files\DVD Maker\Shared\american animal lingerie several models young .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Shared Gadgets\horse hot (!) hairy .avi.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\danish gang bang lingerie voyeur cock hairy (Tatjana).avi.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\xxx hot (!) sm (Ashley,Sylvia).avi.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\beast [free] fishy .rar.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\microsoft shared\american fetish trambling several models balls .zip.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\Download\danish animal sperm big glans stockings .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\brasilian fetish sperm sleeping feet .rar.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\horse catfight .zip.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\blowjob hidden feet penetration .avi.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\tyrkish action hardcore full movie hole penetration (Jade).rar.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\ServiceProfiles\LocalService\Downloads\italian horse beast uncut glans (Britney,Curtney).rar.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\Downloads\black cum bukkake licking glans .avi.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_9498b282333b64ec\german sperm [bangbus] (Janette).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_095efe9c8261401e\xxx [milf] hairy .mpg.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_3863e9ef3f804dd9\canadian fucking licking .mpg.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\trambling [bangbus] (Tatjana).mpg.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\tyrkish kicking fucking sleeping lady .mpg.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a3772de7111797da\beast several models (Jade).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2fc4a33adb648f33\american kicking gay full movie titts ìï .rar.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_6208b91f46896156\danish animal hardcore hot (!) .mpg.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_3d98a610fed70b75\porn beast lesbian feet .zip.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_963e6ae24c653bfe\norwegian trambling hot (!) .rar.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_bcc167434bb9b3ea\black cum trambling several models .rar.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_d8216ed3d8746200\spanish beast voyeur (Melissa).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_6f0f7833cb71e18d\horse beast [free] hole bondage (Melissa).avi.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ad7c61fb28607522\malaysia lesbian [free] .rar.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_a945e2c500c90142\blowjob [milf] high heels .mpg.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_664dbffec8693dfe\lesbian girls glans .rar.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\beast girls granny .zip.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_f3c374fc18118ca2\african beast uncut ejaculation (Anniston,Curtney).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5d6ada54ed6d35a2\indian animal horse [milf] blondie .rar.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_6.1.7600.16385_none_49dd84a06c7c8863\american cum horse uncut titts blondie (Janette).avi.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0af98f1835676d1b\spanish horse catfight titts pregnant (Janette).avi.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0993a1b8823a4e79\spanish blowjob several models castration .mpg.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Windows\Downloaded Program Files\fucking lesbian ô .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b4aea777fe683838\cum lesbian sleeping ejaculation .zip.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0ac4ebfc358e5ec0\chinese trambling catfight (Curtney).rar.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_c26c5b8280c6af34\hardcore several models ìï .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_965db382b6fef5cb\sperm [bangbus] hole girly (Tatjana).avi.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_05ea1d9b8e2bf020\japanese animal trambling hidden hole .rar.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_00225053e03f4c04\russian beastiality gay full movie feet castration .zip.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_de-de_5803850b2f40840e\swedish kicking blowjob [milf] titts swallow .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ac16749b75335680\lingerie masturbation .zip.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_b7f38afb92de484f\trambling [milf] glans .avi.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_94ab98ac6d213009\danish nude sperm public titts granny .mpg.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_97a45841ff925aa0\french xxx public titts .rar.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\danish cum gay [bangbus] .rar.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f25d066604c2ad34\beastiality trambling hot (!) redhair .avi.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_515dc677700303ec\porn blowjob several models .avi.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_5e4ff1f4cf2dee9b\african trambling hot (!) (Melissa).avi.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\bukkake girls .avi.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\tyrkish porn lingerie hidden bondage .mpg.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\tyrkish fetish xxx [milf] lady .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_1412267f4b3bb985\porn gay lesbian penetration (Britney,Sylvia).mpg.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Windows\winsxs\Temp\russian fetish sperm lesbian wifey .avi.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_7bfdfb15e7184c41\spanish lingerie [milf] cock shower (Liz).rar.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\swedish cumshot fucking [bangbus] titts upskirt .zip.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\brasilian cumshot xxx [milf] titts black hairunshaved .avi.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0835101f2d90c7b6\african bukkake [free] feet hotel .zip.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e30b5ec05031d17d\porn horse voyeur fishy (Ashley,Sarah).avi.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_4fe2107fd06efdd8\action gay licking blondie (Sonja,Sarah).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_34400a5790d1d336\animal trambling licking mistress .mpg.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_bacc7ceffc55dca2\british bukkake [bangbus] .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\japanese porn sperm public (Curtney).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Windows\winsxs\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_79642285ffd2a388\american gang bang bukkake [milf] mature .avi.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Windows\winsxs\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_6b16fa9f975e1109\brasilian handjob lesbian lesbian YEâPSè& .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-m..-temptable-provider_31bf3856ad364e35_6.1.7600.16385_none_1dd3ce8d1e7524cd\norwegian horse voyeur bondage .avi.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\bukkake hidden (Samantha).mpg.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_99b74194b7347cab\hardcore full movie hole leather .zip.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8bfc34b93f0fdd42\german horse big traffic .rar.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_f0ca3430257ea13f\norwegian lingerie lesbian feet (Anniston,Karin).rar.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_aedaf3947d09fbe5\italian animal xxx uncut upskirt (Gina,Jade).zip.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Windows\assembly\temp\italian porn horse big titts .avi.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_d81c96999f75bd77\asian gay sleeping traffic .mpg.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe
"C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe"
C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe
"C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe"
C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe
"C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 77.80.53.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 87.104.1.75.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 7.57.195.242.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.69.179.24.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.155.133.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 181.82.28.99.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.54.41.228.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 12.241.251.1.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 224.236.6.111.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.24.121.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.80.18.105.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 250.55.43.118.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.37.41.127.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 45.116.159.252.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.138.231.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.233.48.161.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 143.32.15.61.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 118.251.29.49.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.251.119.188.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 184.198.13.43.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 245.224.37.175.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 201.242.252.48.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.170.142.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 239.81.219.57.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 135.204.26.175.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 235.219.56.114.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 176.47.184.9.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.181.30.175.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.2.255.251.in-addr.arpa | udp |
Files
memory/2940-0-0x0000000000400000-0x000000000041B000-memory.dmp
C:\Program Files\Windows Sidebar\Shared Gadgets\horse hot (!) hairy .avi.exe
| MD5 | 919fd206a107bf0f4df41afe7e096425 |
| SHA1 | f6b4ffcd8fe63040d0e26bcbed4cbb5013783012 |
| SHA256 | f1aa0fc3ac86cc41b6903442ce958cc432b48644c01e81f6120e99084e601f1b |
| SHA512 | 9814802fe7d74c64ddf5531795c8fc585a9f648d687ef93e505c19a88b9806dcabaa87ea136ba9a3c293d001149a1dc2031c774ef8311b54438e7cb236e2575a |
memory/2556-55-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2556-88-0x0000000001E50000-0x0000000001E6B000-memory.dmp
memory/2296-89-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2940-91-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2556-94-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2296-103-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2940-104-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2940-107-0x0000000004850000-0x000000000486B000-memory.dmp
memory/2556-108-0x0000000001E50000-0x0000000001E6B000-memory.dmp
memory/2940-109-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2940-112-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2940-115-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2940-120-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2940-123-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2940-126-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2940-129-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2940-132-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2940-135-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2940-138-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2940-141-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2940-144-0x0000000000400000-0x000000000041B000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-03 19:24
Reported
2024-04-03 19:27
Platform
win10v2004-20240226-en
Max time kernel
150s
Max time network
151s
Command Line
Signatures
Detects executables containing possible sandbox analysis VM usernames
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\IME\SHARED\beast [free] hole ejaculation .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\brasilian gay masturbation latex .zip.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\lingerie lesbian .mpg.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\brasilian hardcore fetish catfight black hairunshaved .avi.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\nude handjob several models ash girly .mpg.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Windows\System32\LogFiles\Fax\Incoming\african hardcore gay girls boots .avi.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\american animal beast licking cock (Sonja,Samantha).mpg.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\japanese handjob horse several models mistress (Sandy,Samantha).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\american beastiality kicking uncut (Jade,Janette).avi.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\SHARED\indian animal beast big .mpg.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\asian nude horse hidden (Sylvia).avi.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\nude kicking voyeur .mpg.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\sperm public legs shoes .zip.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Program Files\Microsoft Office\Updates\Download\swedish lingerie action voyeur hotel (Jenna,Anniston).mpg.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\canadian horse action big beautyfull .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Templates\japanese nude several models .mpg.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\animal girls (Tatjana,Liz).mpg.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Shared Gadgets\tyrkish nude bukkake licking blondie (Britney,Kathrin).avi.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\british trambling [bangbus] .mpg.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\african kicking hardcore licking fishy .zip.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Microsoft Shared\asian cumshot public shower .rar.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\black trambling sleeping hole shoes .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Program Files\dotnet\shared\sperm fucking [milf] upskirt .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\canadian bukkake handjob uncut blondie .rar.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\tyrkish horse fucking big black hairunshaved (Gina).avi.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\german nude gay lesbian mature .mpg.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\black lingerie hot (!) .avi.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\malaysia fucking fucking uncut .rar.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\action cum full movie .avi.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\Download\spanish hardcore several models (Anniston,Sylvia).mpg.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.867_en-us_49453482f1fb5356\trambling full movie hole femdom .mpg.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_10.0.19041.1_none_de1581e9a275faf8\black gay masturbation nipples bedroom (Ashley,Christine).rar.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx-aspnet-nonwow64-shared_b03f5f7f11d50a3a_4.0.19041.1_none_d66d07dacac85e2d\french horse xxx sleeping YEâPSè& .rar.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_621728fcd3c9d5f6\danish porn public penetration (Ashley,Karin).mpg.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedrealitysvc_31bf3856ad364e35_10.0.19041.1_none_5a23b464e1e0b15e\danish horse masturbation .avi.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.746_none_aaeae146be52e178\porn xxx licking hairy .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Windows\WinSxS\Temp\canadian handjob animal voyeur glans redhair (Sylvia).zip.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\british cumshot girls sweet .mpg.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\templates\porn big titts fishy (Samantha,Anniston).rar.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_adfc5e0bfca53431\canadian cumshot sleeping .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_10.0.19041.1_none_bd731e5b85dd203e\cumshot licking femdom (Gina).zip.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1288_none_ca3007304990b2ea\swedish cum lesbian hotel .avi.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_en-us_e5f85095c4bc5d16\horse uncut glans gorgeoushorny .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_10.0.19041.1_none_4ac6500cab2b2113\indian horse licking .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Windows\mssrv.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.572_none_cf90e12518baac85\lingerie bukkake sleeping balls .mpg.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1288_none_56c05939711f0938\gang bang masturbation feet young .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_en-us_8dd6053a0a5910eb\nude bukkake licking fishy .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_10.0.19041.1_none_91025638be651781\french blowjob full movie nipples mature .avi.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-m..ineshared.resources_31bf3856ad364e35_10.0.19041.1_en-us_a4327320c19e2fa7\norwegian hardcore handjob uncut young (Sonja,Curtney).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Windows\WinSxS\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_10.0.19041.1_none_4ab14109a3e1e067\danish bukkake cumshot hidden ejaculation (Karin).rar.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\fucking catfight 40+ .zip.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_f07d4fae3e8e883f\french horse animal hidden .mpg.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_10.0.19041.1_none_ee94ce5eb8e7e4c0\german handjob big wifey (Sonja).zip.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_10.0.19041.746_none_292c449ed2edefa3\cumshot [milf] high heels .rar.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_6c85d64de79e0985\indian fetish hidden balls .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.1_none_d12f2a9a88909fc2\swedish kicking [milf] vagina 50+ (Christine).rar.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-a..gement-uevtemplates_31bf3856ad364e35_10.0.19041.1_none_0d66b54875835a49\danish bukkake catfight ash .avi.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_4c786ae2f508e6d5\tyrkish horse full movie vagina 40+ (Sandy).avi.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx4-_dataoraclec.._shared12_neutral_h_b03f5f7f11d50a3a_4.0.15805.0_none_3b8d4dacc2ea6b71\beastiality masturbation hole .zip.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.746_none_b53f8b98f2b3a373\lingerie masturbation feet Ôï .mpg.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_10.0.19041.1_none_8c0b126c198fcf70\lingerie xxx [free] boots .avi.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_211cf1c632a13851\italian handjob big titts .avi.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx-shared_registry_whidbey_31bf3856ad364e35_10.0.19041.1_none_1c68775f06732f08\gay hardcore masturbation feet leather .zip.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_2610450c30b37cc4\lingerie gang bang full movie gorgeoushorny .avi.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Windows\PLA\Templates\xxx fetish [milf] .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_93c5f32b7859ec4f\black fetish nude [bangbus] pregnant .rar.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.1_none_6e0e425bd0e83959\italian sperm beastiality public sweet (Britney).mpg.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedrealitysvc_31bf3856ad364e35_10.0.19041.746_none_822bf1ada1526fa8\canadian hardcore hardcore several models mature .rar.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\templates\african handjob hot (!) granny (Jenna).rar.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5021dd18efc0460c\swedish horse girls .avi.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_1bbb9ab9fc52bac9\horse [free] titts leather .zip.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.1_none_abfc9db6c377b91f\horse masturbation ash swallow .avi.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_a4f93129c473df49\french trambling licking young (Christine).rar.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.906_none_f962ab5f47e1e896\gay girls legs .avi.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\sperm full movie femdom .zip.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\lingerie masturbation legs pregnant .rar.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Windows\SoftwareDistribution\Download\lesbian gang bang sleeping 50+ (Kathrin,Karin).rar.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_215194e2327a46ac\italian handjob blowjob girls vagina black hairunshaved .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_it-it_4c5922428a6f2d08\american xxx girls ash 40+ .rar.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\beast catfight .avi.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-composable-sharepicker_31bf3856ad364e35_10.0.19041.1_none_c87e96327faffd0e\swedish cumshot [bangbus] hotel .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.1_none_a7ad1894592cfa12\german action uncut beautyfull .mpg.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-u..tyvm-sysprep-shared_31bf3856ad364e35_10.0.19041.1_none_3ba048793ab5eb3f\lesbian fetish catfight .rar.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.572_none_d9e58b774d1b6e80\tyrkish handjob action uncut latex .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5fdc43acc1be690d\malaysia beast bukkake sleeping .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_cb389cf57d74d691\canadian lingerie several models shower .rar.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_57eddd48e7a74274\cumshot blowjob several models nipples latex (Britney,Jenna).avi.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_ca03036af4a5017e\indian gang bang big (Kathrin).zip.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.746_none_d01527cffa9c25bc\african lesbian sleeping .mpg.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_07787dd7ae0cf4f6\swedish blowjob nude full movie legs (Sonja,Christine).mpg.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-u..ell-sharedutilities_31bf3856ad364e35_10.0.19041.546_none_a93e4a2569276206\japanese animal [milf] .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_es-es_8da1621e0a800290\italian trambling catfight penetration .rar.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1151_none_fbdc4c5f677dc2ec\chinese cumshot [milf] circumcision .avi.exe | C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe
"C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe"
C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe
"C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe"
C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe
"C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.117.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.123.167.215.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 218.122.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.131.124.135.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.232.34.211.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.173.58.15.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 184.201.51.57.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.11.185.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 191.168.17.76.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 60.154.109.205.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.79.188.170.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.112.51.81.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.48.188.17.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.114.165.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.45.151.38.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.66.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.74.253.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 94.139.45.144.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 159.196.101.210.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.201.194.80.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.122.9.223.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.96.49.28.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.200.223.136.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 219.175.21.135.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 111.95.15.79.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 124.19.141.56.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 116.42.82.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.136.137.240.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.11.209.78.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 60.89.244.244.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.237.27.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 190.128.191.116.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.221.84.212.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.78.17.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.210.205.110.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 220.143.253.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 96.213.194.207.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.16.162.207.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.57.248.190.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.29.200.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 139.143.84.106.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.180.62.86.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 179.72.154.22.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.204.48.102.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 135.128.35.183.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.8.129.119.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 93.38.249.16.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 213.62.16.26.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.69.234.206.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 141.187.161.123.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 182.161.85.251.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.152.109.111.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 44.216.104.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.174.227.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 39.126.235.170.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 39.95.235.139.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 111.187.156.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 170.42.163.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 246.37.20.36.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.252.88.57.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.161.228.41.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.135.58.28.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 122.56.168.121.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 252.110.230.166.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 127.206.145.101.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.204.19.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.206.83.57.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 87.16.118.215.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 60.158.207.116.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 231.59.198.1.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.104.59.79.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.107.37.60.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.185.64.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.165.41.79.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.25.252.99.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.220.147.170.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 190.92.26.243.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.56.208.177.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.126.170.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.173.122.108.in-addr.arpa | udp |
Files
memory/4352-0-0x0000000000400000-0x000000000041B000-memory.dmp
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\canadian bukkake handjob uncut blondie .rar.exe
| MD5 | 73b11566ccf1ef5e3351dab403fe4cc3 |
| SHA1 | 9ab0b7a43ef2fd45a77ff6dfaaa62c5abcdbee7c |
| SHA256 | c6d720d699af9edb9f4be1a799d9d06104b5cfedac88c18f7f154ef76f6979f2 |
| SHA512 | 9f463d8a5684e921dc86e5dc1e61708c9890c629ed11baeae81d26172f11ae66a49fde95b8269df240620934fc0ec82cd68f86796912c71da7f112d388d83c74 |
memory/4584-45-0x0000000000400000-0x000000000041B000-memory.dmp
memory/4352-184-0x0000000000400000-0x000000000041B000-memory.dmp
memory/4880-186-0x0000000000400000-0x000000000041B000-memory.dmp
memory/4352-188-0x0000000000400000-0x000000000041B000-memory.dmp
memory/4352-193-0x0000000000400000-0x000000000041B000-memory.dmp
memory/4352-202-0x0000000000400000-0x000000000041B000-memory.dmp
memory/4352-205-0x0000000000400000-0x000000000041B000-memory.dmp
memory/4352-209-0x0000000000400000-0x000000000041B000-memory.dmp
memory/4352-212-0x0000000000400000-0x000000000041B000-memory.dmp
memory/4352-215-0x0000000000400000-0x000000000041B000-memory.dmp
memory/4352-218-0x0000000000400000-0x000000000041B000-memory.dmp
memory/4352-221-0x0000000000400000-0x000000000041B000-memory.dmp
memory/4352-224-0x0000000000400000-0x000000000041B000-memory.dmp
memory/4352-227-0x0000000000400000-0x000000000041B000-memory.dmp
memory/4352-230-0x0000000000400000-0x000000000041B000-memory.dmp
memory/4352-233-0x0000000000400000-0x000000000041B000-memory.dmp