Malware Analysis Report

2025-08-05 10:00

Sample ID 240403-x4lxhaac7t
Target 22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c
SHA256 22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c
Tags
upx persistence spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c

Threat Level: Known bad

The file 22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c was found to be: Known bad.

Malicious Activity Summary

upx persistence spyware stealer

UPX dump on OEP (original entry point)

Detects executables containing possible sandbox analysis VM usernames

UPX dump on OEP (original entry point)

Checks computer location settings

UPX packed file

Reads user/profile data of web browsers

Adds Run key to start application

Enumerates connected drives

Drops file in System32 directory

Drops file in Program Files directory

Drops file in Windows directory

Enumerates physical storage devices

Unsigned PE

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-03 19:24

Signatures

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-03 19:24

Reported

2024-04-03 19:27

Platform

win7-20240221-en

Max time kernel

150s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe"

Signatures

Detects executables containing possible sandbox analysis VM usernames

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\FxsTmp\cum sperm hot (!) hole .zip.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Windows\SysWOW64\IME\shared\swedish porn beast big ash .mpg.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Windows\SysWOW64\IME\shared\swedish beastiality fucking [bangbus] .mpg.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\fucking sleeping glans redhair .avi.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\horse voyeur titts 50+ .avi.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\swedish porn blowjob masturbation traffic .rar.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\brasilian beastiality beast catfight .mpg.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\tyrkish nude lingerie hidden latex .mpeg.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Windows\System32\DriverStore\Temp\beast full movie (Janette).rar.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Windows\System32\LogFiles\Fax\Incoming\japanese beastiality xxx several models (Sarah).zip.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Windows Journal\Templates\tyrkish beastiality xxx voyeur granny .rar.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\black nude horse uncut feet .rar.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\american cum horse [bangbus] sweet .zip.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\danish beastiality beast uncut .zip.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Program Files\DVD Maker\Shared\american animal lingerie several models young .mpeg.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Program Files\Windows Sidebar\Shared Gadgets\horse hot (!) hairy .avi.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\danish gang bang lingerie voyeur cock hairy (Tatjana).avi.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\xxx hot (!) sm (Ashley,Sylvia).avi.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\beast [free] fishy .rar.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\american fetish trambling several models balls .zip.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Program Files (x86)\Google\Update\Download\danish animal sperm big glans stockings .mpeg.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\brasilian fetish sperm sleeping feet .rar.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Program Files (x86)\Google\Temp\horse catfight .zip.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\blowjob hidden feet penetration .avi.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\tyrkish action hardcore full movie hole penetration (Jade).rar.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\ServiceProfiles\LocalService\Downloads\italian horse beast uncut glans (Britney,Curtney).rar.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\Downloads\black cum bukkake licking glans .avi.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_9498b282333b64ec\german sperm [bangbus] (Janette).mpeg.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_095efe9c8261401e\xxx [milf] hairy .mpg.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_3863e9ef3f804dd9\canadian fucking licking .mpg.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\trambling [bangbus] (Tatjana).mpg.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\tyrkish kicking fucking sleeping lady .mpg.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a3772de7111797da\beast several models (Jade).mpeg.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2fc4a33adb648f33\american kicking gay full movie titts ìï .rar.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_6208b91f46896156\danish animal hardcore hot (!) .mpg.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_3d98a610fed70b75\porn beast lesbian feet .zip.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_963e6ae24c653bfe\norwegian trambling hot (!) .rar.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_bcc167434bb9b3ea\black cum trambling several models .rar.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_d8216ed3d8746200\spanish beast voyeur (Melissa).mpeg.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_6f0f7833cb71e18d\horse beast [free] hole bondage (Melissa).avi.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ad7c61fb28607522\malaysia lesbian [free] .rar.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Windows\winsxs\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_a945e2c500c90142\blowjob [milf] high heels .mpg.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_664dbffec8693dfe\lesbian girls glans .rar.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\beast girls granny .zip.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_f3c374fc18118ca2\african beast uncut ejaculation (Anniston,Curtney).mpeg.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5d6ada54ed6d35a2\indian animal horse [milf] blondie .rar.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_6.1.7600.16385_none_49dd84a06c7c8863\american cum horse uncut titts blondie (Janette).avi.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0af98f1835676d1b\spanish horse catfight titts pregnant (Janette).avi.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0993a1b8823a4e79\spanish blowjob several models castration .mpg.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Windows\Downloaded Program Files\fucking lesbian ô .mpeg.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b4aea777fe683838\cum lesbian sleeping ejaculation .zip.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0ac4ebfc358e5ec0\chinese trambling catfight (Curtney).rar.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Windows\winsxs\amd64_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_c26c5b8280c6af34\hardcore several models ìï .mpeg.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_965db382b6fef5cb\sperm [bangbus] hole girly (Tatjana).avi.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_05ea1d9b8e2bf020\japanese animal trambling hidden hole .rar.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_00225053e03f4c04\russian beastiality gay full movie feet castration .zip.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_de-de_5803850b2f40840e\swedish kicking blowjob [milf] titts swallow .mpeg.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ac16749b75335680\lingerie masturbation .zip.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_b7f38afb92de484f\trambling [milf] glans .avi.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_94ab98ac6d213009\danish nude sperm public titts granny .mpg.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_97a45841ff925aa0\french xxx public titts .rar.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\danish cum gay [bangbus] .rar.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f25d066604c2ad34\beastiality trambling hot (!) redhair .avi.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_515dc677700303ec\porn blowjob several models .avi.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Windows\winsxs\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_5e4ff1f4cf2dee9b\african trambling hot (!) (Melissa).avi.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\bukkake girls .avi.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\tyrkish porn lingerie hidden bondage .mpg.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\tyrkish fetish xxx [milf] lady .mpeg.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_1412267f4b3bb985\porn gay lesbian penetration (Britney,Sylvia).mpg.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Windows\winsxs\Temp\russian fetish sperm lesbian wifey .avi.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_7bfdfb15e7184c41\spanish lingerie [milf] cock shower (Liz).rar.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\swedish cumshot fucking [bangbus] titts upskirt .zip.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\brasilian cumshot xxx [milf] titts black hairunshaved .avi.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0835101f2d90c7b6\african bukkake [free] feet hotel .zip.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e30b5ec05031d17d\porn horse voyeur fishy (Ashley,Sarah).avi.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_4fe2107fd06efdd8\action gay licking blondie (Sonja,Sarah).mpeg.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_34400a5790d1d336\animal trambling licking mistress .mpg.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_bacc7ceffc55dca2\british bukkake [bangbus] .mpeg.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\japanese porn sperm public (Curtney).mpeg.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_79642285ffd2a388\american gang bang bukkake [milf] mature .avi.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_6b16fa9f975e1109\brasilian handjob lesbian lesbian YEâPSè& .mpeg.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-m..-temptable-provider_31bf3856ad364e35_6.1.7600.16385_none_1dd3ce8d1e7524cd\norwegian horse voyeur bondage .avi.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\bukkake hidden (Samantha).mpg.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_99b74194b7347cab\hardcore full movie hole leather .zip.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8bfc34b93f0fdd42\german horse big traffic .rar.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_f0ca3430257ea13f\norwegian lingerie lesbian feet (Anniston,Karin).rar.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_aedaf3947d09fbe5\italian animal xxx uncut upskirt (Gina,Jade).zip.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Windows\assembly\temp\italian porn horse big titts .avi.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_d81c96999f75bd77\asian gay sleeping traffic .mpg.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2940 wrote to memory of 2556 N/A C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe
PID 2940 wrote to memory of 2556 N/A C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe
PID 2940 wrote to memory of 2556 N/A C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe
PID 2940 wrote to memory of 2556 N/A C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe
PID 2556 wrote to memory of 2296 N/A C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe
PID 2556 wrote to memory of 2296 N/A C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe
PID 2556 wrote to memory of 2296 N/A C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe
PID 2556 wrote to memory of 2296 N/A C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe

Processes

C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe

"C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe"

C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe

"C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe"

C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe

"C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 77.80.53.140.in-addr.arpa udp
US 8.8.8.8:53 87.104.1.75.in-addr.arpa udp
US 8.8.8.8:53 7.57.195.242.in-addr.arpa udp
US 8.8.8.8:53 84.69.179.24.in-addr.arpa udp
US 8.8.8.8:53 155.155.133.91.in-addr.arpa udp
US 8.8.8.8:53 181.82.28.99.in-addr.arpa udp
US 8.8.8.8:53 240.54.41.228.in-addr.arpa udp
US 8.8.8.8:53 12.241.251.1.in-addr.arpa udp
US 8.8.8.8:53 224.236.6.111.in-addr.arpa udp
US 8.8.8.8:53 100.24.121.199.in-addr.arpa udp
US 8.8.8.8:53 8.80.18.105.in-addr.arpa udp
US 8.8.8.8:53 250.55.43.118.in-addr.arpa udp
US 8.8.8.8:53 105.37.41.127.in-addr.arpa udp
US 8.8.8.8:53 45.116.159.252.in-addr.arpa udp
US 8.8.8.8:53 71.138.231.37.in-addr.arpa udp
US 8.8.8.8:53 55.233.48.161.in-addr.arpa udp
US 8.8.8.8:53 143.32.15.61.in-addr.arpa udp
US 8.8.8.8:53 118.251.29.49.in-addr.arpa udp
US 8.8.8.8:53 152.251.119.188.in-addr.arpa udp
US 8.8.8.8:53 184.198.13.43.in-addr.arpa udp
US 8.8.8.8:53 245.224.37.175.in-addr.arpa udp
US 8.8.8.8:53 201.242.252.48.in-addr.arpa udp
US 8.8.8.8:53 41.170.142.35.in-addr.arpa udp
US 8.8.8.8:53 239.81.219.57.in-addr.arpa udp
US 8.8.8.8:53 135.204.26.175.in-addr.arpa udp
US 8.8.8.8:53 235.219.56.114.in-addr.arpa udp
US 8.8.8.8:53 176.47.184.9.in-addr.arpa udp
US 8.8.8.8:53 71.181.30.175.in-addr.arpa udp
US 8.8.8.8:53 17.2.255.251.in-addr.arpa udp

Files

memory/2940-0-0x0000000000400000-0x000000000041B000-memory.dmp

C:\Program Files\Windows Sidebar\Shared Gadgets\horse hot (!) hairy .avi.exe

MD5 919fd206a107bf0f4df41afe7e096425
SHA1 f6b4ffcd8fe63040d0e26bcbed4cbb5013783012
SHA256 f1aa0fc3ac86cc41b6903442ce958cc432b48644c01e81f6120e99084e601f1b
SHA512 9814802fe7d74c64ddf5531795c8fc585a9f648d687ef93e505c19a88b9806dcabaa87ea136ba9a3c293d001149a1dc2031c774ef8311b54438e7cb236e2575a

memory/2556-55-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2556-88-0x0000000001E50000-0x0000000001E6B000-memory.dmp

memory/2296-89-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2940-91-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2556-94-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2296-103-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2940-104-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2940-107-0x0000000004850000-0x000000000486B000-memory.dmp

memory/2556-108-0x0000000001E50000-0x0000000001E6B000-memory.dmp

memory/2940-109-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2940-112-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2940-115-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2940-120-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2940-123-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2940-126-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2940-129-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2940-132-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2940-135-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2940-138-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2940-141-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2940-144-0x0000000000400000-0x000000000041B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-04-03 19:24

Reported

2024-04-03 19:27

Platform

win10v2004-20240226-en

Max time kernel

150s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe"

Signatures

Detects executables containing possible sandbox analysis VM usernames

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\IME\SHARED\beast [free] hole ejaculation .mpeg.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\brasilian gay masturbation latex .zip.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\lingerie lesbian .mpg.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Windows\System32\DriverStore\Temp\brasilian hardcore fetish catfight black hairunshaved .avi.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\nude handjob several models ash girly .mpg.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Windows\System32\LogFiles\Fax\Incoming\african hardcore gay girls boots .avi.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\american animal beast licking cock (Sonja,Samantha).mpg.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\japanese handjob horse several models mistress (Sandy,Samantha).mpeg.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\american beastiality kicking uncut (Jade,Janette).avi.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Windows\SysWOW64\IME\SHARED\indian animal beast big .mpg.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\asian nude horse hidden (Sylvia).avi.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\nude kicking voyeur .mpg.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\sperm public legs shoes .zip.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Program Files\Microsoft Office\Updates\Download\swedish lingerie action voyeur hotel (Jenna,Anniston).mpg.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\canadian horse action big beautyfull .mpeg.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\japanese nude several models .mpg.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\animal girls (Tatjana,Liz).mpg.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Program Files\Windows Sidebar\Shared Gadgets\tyrkish nude bukkake licking blondie (Britney,Kathrin).avi.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\british trambling [bangbus] .mpg.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\african kicking hardcore licking fishy .zip.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\asian cumshot public shower .rar.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\black trambling sleeping hole shoes .mpeg.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Program Files\dotnet\shared\sperm fucking [milf] upskirt .mpeg.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\canadian bukkake handjob uncut blondie .rar.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\tyrkish horse fucking big black hairunshaved (Gina).avi.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\german nude gay lesbian mature .mpg.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\black lingerie hot (!) .avi.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Program Files\Common Files\microsoft shared\malaysia fucking fucking uncut .rar.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Program Files (x86)\Google\Temp\action cum full movie .avi.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Program Files (x86)\Google\Update\Download\spanish hardcore several models (Anniston,Sylvia).mpg.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.867_en-us_49453482f1fb5356\trambling full movie hole femdom .mpg.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_10.0.19041.1_none_de1581e9a275faf8\black gay masturbation nipples bedroom (Ashley,Christine).rar.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Windows\WinSxS\amd64_netfx-aspnet-nonwow64-shared_b03f5f7f11d50a3a_4.0.19041.1_none_d66d07dacac85e2d\french horse xxx sleeping YEâPSè& .rar.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_621728fcd3c9d5f6\danish porn public penetration (Ashley,Karin).mpg.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedrealitysvc_31bf3856ad364e35_10.0.19041.1_none_5a23b464e1e0b15e\danish horse masturbation .avi.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.746_none_aaeae146be52e178\porn xxx licking hairy .mpeg.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Windows\WinSxS\Temp\canadian handjob animal voyeur glans redhair (Sylvia).zip.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\british cumshot girls sweet .mpg.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\templates\porn big titts fishy (Samantha,Anniston).rar.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_adfc5e0bfca53431\canadian cumshot sleeping .mpeg.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_10.0.19041.1_none_bd731e5b85dd203e\cumshot licking femdom (Gina).zip.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1288_none_ca3007304990b2ea\swedish cum lesbian hotel .avi.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_en-us_e5f85095c4bc5d16\horse uncut glans gorgeoushorny .mpeg.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_10.0.19041.1_none_4ac6500cab2b2113\indian horse licking .mpeg.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Windows\mssrv.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.572_none_cf90e12518baac85\lingerie bukkake sleeping balls .mpg.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1288_none_56c05939711f0938\gang bang masturbation feet young .mpeg.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_en-us_8dd6053a0a5910eb\nude bukkake licking fishy .mpeg.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_10.0.19041.1_none_91025638be651781\french blowjob full movie nipples mature .avi.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-m..ineshared.resources_31bf3856ad364e35_10.0.19041.1_en-us_a4327320c19e2fa7\norwegian hardcore handjob uncut young (Sonja,Curtney).mpeg.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Windows\WinSxS\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_10.0.19041.1_none_4ab14109a3e1e067\danish bukkake cumshot hidden ejaculation (Karin).rar.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\fucking catfight 40+ .zip.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_f07d4fae3e8e883f\french horse animal hidden .mpg.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_10.0.19041.1_none_ee94ce5eb8e7e4c0\german handjob big wifey (Sonja).zip.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_10.0.19041.746_none_292c449ed2edefa3\cumshot [milf] high heels .rar.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_6c85d64de79e0985\indian fetish hidden balls .mpeg.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.1_none_d12f2a9a88909fc2\swedish kicking [milf] vagina 50+ (Christine).rar.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-a..gement-uevtemplates_31bf3856ad364e35_10.0.19041.1_none_0d66b54875835a49\danish bukkake catfight ash .avi.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_4c786ae2f508e6d5\tyrkish horse full movie vagina 40+ (Sandy).avi.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Windows\WinSxS\amd64_netfx4-_dataoraclec.._shared12_neutral_h_b03f5f7f11d50a3a_4.0.15805.0_none_3b8d4dacc2ea6b71\beastiality masturbation hole .zip.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.746_none_b53f8b98f2b3a373\lingerie masturbation feet Ôï .mpg.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_10.0.19041.1_none_8c0b126c198fcf70\lingerie xxx [free] boots .avi.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_211cf1c632a13851\italian handjob big titts .avi.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Windows\WinSxS\amd64_netfx-shared_registry_whidbey_31bf3856ad364e35_10.0.19041.1_none_1c68775f06732f08\gay hardcore masturbation feet leather .zip.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_2610450c30b37cc4\lingerie gang bang full movie gorgeoushorny .avi.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Windows\PLA\Templates\xxx fetish [milf] .mpeg.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_93c5f32b7859ec4f\black fetish nude [bangbus] pregnant .rar.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.1_none_6e0e425bd0e83959\italian sperm beastiality public sweet (Britney).mpg.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedrealitysvc_31bf3856ad364e35_10.0.19041.746_none_822bf1ada1526fa8\canadian hardcore hardcore several models mature .rar.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\templates\african handjob hot (!) granny (Jenna).rar.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5021dd18efc0460c\swedish horse girls .avi.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_1bbb9ab9fc52bac9\horse [free] titts leather .zip.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.1_none_abfc9db6c377b91f\horse masturbation ash swallow .avi.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_a4f93129c473df49\french trambling licking young (Christine).rar.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.906_none_f962ab5f47e1e896\gay girls legs .avi.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\sperm full movie femdom .zip.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\lingerie masturbation legs pregnant .rar.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Windows\SoftwareDistribution\Download\lesbian gang bang sleeping 50+ (Kathrin,Karin).rar.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_215194e2327a46ac\italian handjob blowjob girls vagina black hairunshaved .mpeg.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_it-it_4c5922428a6f2d08\american xxx girls ash 40+ .rar.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Windows\WinSxS\InstallTemp\beast catfight .avi.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-composable-sharepicker_31bf3856ad364e35_10.0.19041.1_none_c87e96327faffd0e\swedish cumshot [bangbus] hotel .mpeg.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.1_none_a7ad1894592cfa12\german action uncut beautyfull .mpg.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-u..tyvm-sysprep-shared_31bf3856ad364e35_10.0.19041.1_none_3ba048793ab5eb3f\lesbian fetish catfight .rar.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.572_none_d9e58b774d1b6e80\tyrkish handjob action uncut latex .mpeg.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5fdc43acc1be690d\malaysia beast bukkake sleeping .mpeg.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_cb389cf57d74d691\canadian lingerie several models shower .rar.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_57eddd48e7a74274\cumshot blowjob several models nipples latex (Britney,Jenna).avi.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_ca03036af4a5017e\indian gang bang big (Kathrin).zip.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.746_none_d01527cffa9c25bc\african lesbian sleeping .mpg.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_07787dd7ae0cf4f6\swedish blowjob nude full movie legs (Sonja,Christine).mpg.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-u..ell-sharedutilities_31bf3856ad364e35_10.0.19041.546_none_a93e4a2569276206\japanese animal [milf] .mpeg.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_es-es_8da1621e0a800290\italian trambling catfight penetration .rar.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1151_none_fbdc4c5f677dc2ec\chinese cumshot [milf] circumcision .avi.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4352 wrote to memory of 4584 N/A C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe
PID 4352 wrote to memory of 4584 N/A C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe
PID 4352 wrote to memory of 4584 N/A C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe
PID 4584 wrote to memory of 4880 N/A C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe
PID 4584 wrote to memory of 4880 N/A C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe
PID 4584 wrote to memory of 4880 N/A C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe

Processes

C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe

"C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe"

C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe

"C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe"

C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe

"C:\Users\Admin\AppData\Local\Temp\22ab4f1b0766feb77f11e4cda513a76251a18527eff97219098dc293690ee37c.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 138.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 72.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 216.123.167.215.in-addr.arpa udp
US 8.8.8.8:53 218.122.19.2.in-addr.arpa udp
US 8.8.8.8:53 20.131.124.135.in-addr.arpa udp
US 8.8.8.8:53 136.232.34.211.in-addr.arpa udp
US 8.8.8.8:53 17.173.58.15.in-addr.arpa udp
US 8.8.8.8:53 184.201.51.57.in-addr.arpa udp
US 8.8.8.8:53 203.11.185.74.in-addr.arpa udp
US 8.8.8.8:53 191.168.17.76.in-addr.arpa udp
US 8.8.8.8:53 60.154.109.205.in-addr.arpa udp
US 8.8.8.8:53 237.79.188.170.in-addr.arpa udp
US 8.8.8.8:53 140.112.51.81.in-addr.arpa udp
US 8.8.8.8:53 21.48.188.17.in-addr.arpa udp
US 8.8.8.8:53 9.114.165.35.in-addr.arpa udp
US 8.8.8.8:53 2.45.151.38.in-addr.arpa udp
US 8.8.8.8:53 241.66.18.2.in-addr.arpa udp
US 8.8.8.8:53 64.74.253.151.in-addr.arpa udp
US 8.8.8.8:53 94.139.45.144.in-addr.arpa udp
US 8.8.8.8:53 159.196.101.210.in-addr.arpa udp
US 8.8.8.8:53 138.201.194.80.in-addr.arpa udp
US 8.8.8.8:53 97.122.9.223.in-addr.arpa udp
US 8.8.8.8:53 40.96.49.28.in-addr.arpa udp
US 8.8.8.8:53 91.200.223.136.in-addr.arpa udp
US 8.8.8.8:53 219.175.21.135.in-addr.arpa udp
US 8.8.8.8:53 111.95.15.79.in-addr.arpa udp
US 8.8.8.8:53 124.19.141.56.in-addr.arpa udp
US 8.8.8.8:53 116.42.82.96.in-addr.arpa udp
US 8.8.8.8:53 240.136.137.240.in-addr.arpa udp
US 8.8.8.8:53 10.11.209.78.in-addr.arpa udp
US 8.8.8.8:53 60.89.244.244.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 33.237.27.209.in-addr.arpa udp
US 8.8.8.8:53 190.128.191.116.in-addr.arpa udp
US 8.8.8.8:53 225.221.84.212.in-addr.arpa udp
US 8.8.8.8:53 53.78.17.91.in-addr.arpa udp
US 8.8.8.8:53 13.210.205.110.in-addr.arpa udp
US 8.8.8.8:53 220.143.253.96.in-addr.arpa udp
US 8.8.8.8:53 96.213.194.207.in-addr.arpa udp
US 8.8.8.8:53 121.16.162.207.in-addr.arpa udp
US 8.8.8.8:53 89.57.248.190.in-addr.arpa udp
US 8.8.8.8:53 69.29.200.74.in-addr.arpa udp
US 8.8.8.8:53 139.143.84.106.in-addr.arpa udp
US 8.8.8.8:53 194.180.62.86.in-addr.arpa udp
US 8.8.8.8:53 179.72.154.22.in-addr.arpa udp
US 8.8.8.8:53 106.204.48.102.in-addr.arpa udp
US 8.8.8.8:53 135.128.35.183.in-addr.arpa udp
US 8.8.8.8:53 157.8.129.119.in-addr.arpa udp
US 8.8.8.8:53 93.38.249.16.in-addr.arpa udp
US 8.8.8.8:53 213.62.16.26.in-addr.arpa udp
US 8.8.8.8:53 225.69.234.206.in-addr.arpa udp
US 8.8.8.8:53 141.187.161.123.in-addr.arpa udp
US 8.8.8.8:53 182.161.85.251.in-addr.arpa udp
US 8.8.8.8:53 152.152.109.111.in-addr.arpa udp
US 8.8.8.8:53 44.216.104.69.in-addr.arpa udp
US 8.8.8.8:53 155.174.227.108.in-addr.arpa udp
US 8.8.8.8:53 39.126.235.170.in-addr.arpa udp
US 8.8.8.8:53 39.95.235.139.in-addr.arpa udp
US 8.8.8.8:53 111.187.156.74.in-addr.arpa udp
US 8.8.8.8:53 170.42.163.199.in-addr.arpa udp
US 8.8.8.8:53 246.37.20.36.in-addr.arpa udp
US 8.8.8.8:53 108.252.88.57.in-addr.arpa udp
US 8.8.8.8:53 197.161.228.41.in-addr.arpa udp
US 8.8.8.8:53 13.135.58.28.in-addr.arpa udp
US 8.8.8.8:53 122.56.168.121.in-addr.arpa udp
US 8.8.8.8:53 252.110.230.166.in-addr.arpa udp
US 8.8.8.8:53 127.206.145.101.in-addr.arpa udp
US 8.8.8.8:53 98.204.19.66.in-addr.arpa udp
US 8.8.8.8:53 17.206.83.57.in-addr.arpa udp
US 8.8.8.8:53 87.16.118.215.in-addr.arpa udp
US 8.8.8.8:53 60.158.207.116.in-addr.arpa udp
US 8.8.8.8:53 231.59.198.1.in-addr.arpa udp
US 8.8.8.8:53 1.104.59.79.in-addr.arpa udp
US 8.8.8.8:53 86.107.37.60.in-addr.arpa udp
US 8.8.8.8:53 194.185.64.44.in-addr.arpa udp
US 8.8.8.8:53 92.165.41.79.in-addr.arpa udp
US 8.8.8.8:53 86.25.252.99.in-addr.arpa udp
US 8.8.8.8:53 75.220.147.170.in-addr.arpa udp
US 8.8.8.8:53 190.92.26.243.in-addr.arpa udp
US 8.8.8.8:53 180.56.208.177.in-addr.arpa udp
US 8.8.8.8:53 2.126.170.95.in-addr.arpa udp
US 8.8.8.8:53 196.173.122.108.in-addr.arpa udp

Files

memory/4352-0-0x0000000000400000-0x000000000041B000-memory.dmp

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\canadian bukkake handjob uncut blondie .rar.exe

MD5 73b11566ccf1ef5e3351dab403fe4cc3
SHA1 9ab0b7a43ef2fd45a77ff6dfaaa62c5abcdbee7c
SHA256 c6d720d699af9edb9f4be1a799d9d06104b5cfedac88c18f7f154ef76f6979f2
SHA512 9f463d8a5684e921dc86e5dc1e61708c9890c629ed11baeae81d26172f11ae66a49fde95b8269df240620934fc0ec82cd68f86796912c71da7f112d388d83c74

memory/4584-45-0x0000000000400000-0x000000000041B000-memory.dmp

memory/4352-184-0x0000000000400000-0x000000000041B000-memory.dmp

memory/4880-186-0x0000000000400000-0x000000000041B000-memory.dmp

memory/4352-188-0x0000000000400000-0x000000000041B000-memory.dmp

memory/4352-193-0x0000000000400000-0x000000000041B000-memory.dmp

memory/4352-202-0x0000000000400000-0x000000000041B000-memory.dmp

memory/4352-205-0x0000000000400000-0x000000000041B000-memory.dmp

memory/4352-209-0x0000000000400000-0x000000000041B000-memory.dmp

memory/4352-212-0x0000000000400000-0x000000000041B000-memory.dmp

memory/4352-215-0x0000000000400000-0x000000000041B000-memory.dmp

memory/4352-218-0x0000000000400000-0x000000000041B000-memory.dmp

memory/4352-221-0x0000000000400000-0x000000000041B000-memory.dmp

memory/4352-224-0x0000000000400000-0x000000000041B000-memory.dmp

memory/4352-227-0x0000000000400000-0x000000000041B000-memory.dmp

memory/4352-230-0x0000000000400000-0x000000000041B000-memory.dmp

memory/4352-233-0x0000000000400000-0x000000000041B000-memory.dmp