Analysis Overview
SHA256
abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8
Threat Level: Known bad
The file abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8 was found to be: Known bad.
Malicious Activity Summary
Detects executables containing possible sandbox analysis VM usernames
Detects executables containing possible sandbox analysis VM usernames
Reads user/profile data of web browsers
Checks computer location settings
Adds Run key to start application
Enumerates connected drives
Drops file in System32 directory
Drops file in Windows directory
Drops file in Program Files directory
Unsigned PE
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-14 02:31
Signatures
Detects executables containing possible sandbox analysis VM usernames
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-14 02:31
Reported
2024-06-14 02:34
Platform
win7-20240611-en
Max time kernel
150s
Max time network
155s
Command Line
Signatures
Detects executables containing possible sandbox analysis VM usernames
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\japanese horse big .rar.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\trambling catfight swallow .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Windows\System32\LogFiles\Fax\Incoming\black animal [bangbus] castration .avi.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\handjob uncut .avi.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\spanish beastiality horse [free] legs young .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\spanish animal xxx [bangbus] feet (Liz).rar.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\kicking lesbian legs femdom (Tatjana,Sonja).avi.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\shared\asian gang bang beastiality hidden leather .mpg.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\spanish xxx fucking girls nipples .mpg.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\shared\danish xxx horse girls balls .avi.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\Common Files\Microsoft Shared\canadian handjob several models cock .mpg.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Program Files\DVD Maker\Shared\malaysia gang bang [bangbus] titts hairy (Sonja).avi.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Program Files\Windows Journal\Templates\japanese beastiality gay hot (!) legs .mpg.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\fetish sleeping nipples .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\norwegian cumshot horse [free] titts (Christine,Britney).avi.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\horse [bangbus] vagina ejaculation .avi.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Shared Gadgets\cumshot kicking [milf] mature .mpg.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\Download\asian trambling full movie .avi.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\african cum handjob sleeping hole girly .avi.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\microsoft shared\fetish handjob licking hole (Tatjana).rar.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\danish nude lesbian shoes (Sonja).rar.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\fucking catfight .rar.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\spanish cum horse uncut girly .rar.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\japanese beast [free] high heels .rar.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\trambling animal [bangbus] 50+ (Christine).avi.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_657d9a203abeb154\canadian kicking handjob full movie .rar.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\chinese beast hidden (Curtney).mpg.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_cd2006602e5ee22e\black fucking fucking licking nipples .avi.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_3c93ac15fd731acf\danish porn bukkake masturbation bondage (Britney).rar.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_34400a5790d1d336\cum several models granny .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_6.1.7600.16385_none_6377027f0030a06a\chinese cumshot [free] .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\action animal full movie wifey (Tatjana,Jenna).mpg.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_6208b91f46896156\german sperm girls titts fishy .mpg.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0ac4ebfc358e5ec0\gay lesbian blondie .zip.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_97a45841ff925aa0\beastiality big young .rar.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_f3c374fc18118ca2\asian horse beastiality [milf] (Curtney,Sandy).rar.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_aedaf3947d09fbe5\japanese fucking [free] .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\horse public (Kathrin,Sonja).zip.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\blowjob voyeur .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_f27c4f066f5c6701\tyrkish bukkake several models .zip.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e30b5ec05031d17d\canadian beast [milf] wifey .mpg.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Windows\winsxs\InstallTemp\xxx [milf] .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0993a1b8823a4e79\action hidden balls (Sarah).avi.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_095efe9c8261401e\nude catfight .rar.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Windows\assembly\tmp\beast lingerie hidden YEâPSè& .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05\italian cum sperm girls titts (Curtney).mpg.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_bacc7ceffc55dca2\american animal fucking voyeur young .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_6.1.7600.16385_none_2958d4a31d2ec64f\indian fucking big .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Windows\SoftwareDistribution\Download\norwegian gang bang xxx voyeur lady .mpg.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0835101f2d90c7b6\kicking blowjob [free] femdom .rar.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8c6fc5a7aa8c435d\nude hot (!) blondie (Britney).rar.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_dba3691c6002e10e\black sperm big traffic .rar.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\lingerie beastiality full movie legs pregnant (Sonja,Jenna).rar.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2fc4a33adb648f33\xxx porn [bangbus] (Sonja,Samantha).rar.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_39374e2435a71b47\asian beast voyeur .mpg.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Windows\winsxs\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_79642285ffd2a388\black hardcore beast [milf] cock fishy .avi.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\blowjob uncut vagina beautyfull .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_6f0f7833cb71e18d\black gang bang gay public legs hairy (Ashley).zip.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_a945e2c500c90142\nude porn hot (!) fishy .avi.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_05ea1d9b8e2bf020\norwegian beast cum hidden stockings .mpg.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\malaysia gay [milf] boobs circumcision (Samantha,Melissa).rar.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\american hardcore beast [milf] nipples balls .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_1412267f4b3bb985\french kicking masturbation titts leather .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Windows\winsxs\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_6b16fa9f975e1109\handjob [bangbus] latex .rar.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_d8216ed3d8746200\xxx gang bang uncut titts gorgeoushorny .rar.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-m..-temptable-provider_31bf3856ad364e35_6.1.7600.16385_none_1dd3ce8d1e7524cd\canadian trambling bukkake hidden legs .mpg.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_515dc677700303ec\handjob several models .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\norwegian lingerie nude full movie boots .zip.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_es-es_00bfb7e81e458178\japanese lesbian kicking full movie ash upskirt .rar.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_387a16fe7addf3b6\gay voyeur YEâPSè& .avi.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_4fe2107fd06efdd8\spanish beast nude full movie .zip.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\swedish cumshot horse [free] .mpg.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Windows\mssrv.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_de-de_5803850b2f40840e\spanish nude porn [free] glans .rar.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_it-it_18a6fde3093acac7\italian action lesbian sweet .zip.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0af98f1835676d1b\indian porn hidden .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_3d98a610fed70b75\bukkake uncut boobs .mpg.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_aea650787d30ed8a\trambling hardcore sleeping hole high heels .rar.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_ddab3bcb3a4ffb45\sperm lesbian boots (Sylvia).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_7f84cd98a7a56fd8\american nude [free] feet .mpg.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_65b23d3c3a97bfaf\gang bang uncut vagina .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Windows\assembly\temp\cum gay licking cock shoes .mpg.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8bc7919d3f36cee7\asian handjob horse hidden (Sonja,Sylvia).avi.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_6.1.7600.16385_none_af6f98ff87b0e3cc\animal action masturbation YEâPSè& .mpg.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\asian handjob girls .rar.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5d9f7d70ed4643fd\indian sperm trambling [milf] gorgeoushorny .avi.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\Downloads\black gang bang kicking licking redhair (Sylvia,Kathrin).mpg.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\chinese porn lesbian girls 50+ .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\handjob action voyeur .mpg.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe
"C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe"
C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe
"C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe"
C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe
"C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe"
C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe
"C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 230.228.189.26.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.81.19.221.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.82.229.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.46.95.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.125.225.48.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 222.168.143.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 167.122.25.68.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.228.142.220.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 164.50.57.26.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.138.62.101.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.50.180.110.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 143.160.250.55.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.186.113.254.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.202.254.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.217.217.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 112.86.255.165.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.34.51.210.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 211.123.200.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.129.168.32.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.242.136.182.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 185.7.208.50.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 159.165.200.238.in-addr.arpa | udp |
Files
C:\Program Files\Windows Sidebar\Shared Gadgets\cumshot kicking [milf] mature .mpg.exe
| MD5 | 771ae278e5e9c1c3954dc9956cda2b8a |
| SHA1 | 5cdda0bd26e00cb45037400c2780c25e0f74c7e7 |
| SHA256 | f8b9b7059efa05736be01ca885d9de8b22ade3fe7cd2d8e18c769f3d76d184f9 |
| SHA512 | 1c0f4ca8468b16cc9734d35c54dbcbf05df90b6725276f7e99ac00d7c1c9b4426a21ae4160c2f152799acfd9a8d3cb10cd4b368c0eda9d0a7493d6497fd26eae |
C:\debug.txt
| MD5 | 8182e9ca7e23c921f3ce367c62e19da6 |
| SHA1 | ffab977465f027bbbbda5c51366ddf5043692f34 |
| SHA256 | ffa849edfbc1a0f5edfb1b39bc48ce5307a75348a35299b02424bc4be37ddcd9 |
| SHA512 | 3036445b88f8fe44425f37cc9fe2eee5155a500c9788224d91f99750714788ea60083b47b67e0ee32877b6089bb8517e67fa10b62f3953f5f1e54a9df6f3f790 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-14 02:31
Reported
2024-06-14 02:33
Platform
win10v2004-20240611-en
Max time kernel
150s
Max time network
150s
Command Line
Signatures
Detects executables containing possible sandbox analysis VM usernames
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\System32\DriverStore\Temp\brasilian kicking uncut balls (Jade,Ashley).avi.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Windows\System32\LogFiles\Fax\Incoming\malaysia handjob voyeur hole swallow .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\french sperm hardcore uncut .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\lesbian full movie feet leather .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\brasilian nude hot (!) ash .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\italian horse big .avi.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\SHARED\blowjob several models ash blondie (Tatjana).avi.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\beastiality lingerie uncut glans hairy .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\SHARED\italian porn lingerie full movie .mpg.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\spanish handjob bukkake uncut .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\lesbian [bangbus] girly (Britney,Jenna).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\porn bukkake girls .rar.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Common Files\Microsoft Shared\sperm horse uncut cock 50+ (Britney).rar.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\Download\african horse girls cock .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\spanish nude beastiality lesbian nipples swallow .rar.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\sperm licking hairy .avi.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Program Files\Microsoft Office\Updates\Download\indian lesbian xxx [free] shoes .mpg.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Shared Gadgets\african gay horse voyeur ejaculation (Jade).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\fetish public .zip.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Program Files\dotnet\shared\indian horse nude hot (!) (Janette).mpg.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\american trambling licking cock boots .rar.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\indian xxx sleeping ash (Jade).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\animal trambling [free] glans beautyfull (Liz).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\EU8B19.tmp\indian trambling big .zip.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\german bukkake beast sleeping boots .rar.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\canadian gang bang action uncut sm .zip.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Templates\handjob lingerie several models upskirt .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\sperm masturbation vagina .avi.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\beastiality xxx several models cock ash (Liz).avi.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{012F12C5-F267-46F5-BABE-4C602515640C}\EDGEMITMP_0327D.tmp\african xxx uncut girly (Sylvia,Ashley).zip.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\black trambling kicking hidden swallow (Christine).rar.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\porn cum big boobs Ôï (Sonja).rar.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\tyrkish lesbian [bangbus] hole lady .avi.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_e79b400a6df5fd2c\bukkake cum [milf] legs .mpg.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_es-es_e5c3ad79c4e34ebb\japanese gang bang porn catfight high heels .rar.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_211cf1c632a13851\chinese horse nude [free] redhair .rar.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.1_none_abfc9db6c377b91f\american lesbian [free] (Sarah).avi.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_it-it_1a80ce63d483fe70\gay cum sleeping glans .avi.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\nude big ash lady .avi.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.906_none_ef0e010d1381269b\trambling horse hot (!) boobs .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-u..tyvm-sysprep-shared_31bf3856ad364e35_10.0.19041.1_none_3ba048793ab5eb3f\malaysia xxx lesbian girls hole .avi.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Windows\WinSxS\x86_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_10.0.19041.1_none_d980e9752d51efac\fetish lesbian sweet (Gina,Britney).zip.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.964_none_1c1a193f5bfcf136\beast nude lesbian balls .mpg.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx4-_dataoraclec.._shared12_neutral_h_b03f5f7f11d50a3a_4.0.15805.0_none_3b8d4dacc2ea6b71\indian horse xxx sleeping boobs .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Windows\WinSxS\Temp\cumshot masturbation vagina stockings .zip.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_215194e2327a46ac\porn lesbian (Sylvia,Samantha).avi.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedrealitysvc_31bf3856ad364e35_10.0.19041.746_none_822bf1ada1526fa8\nude beastiality licking (Curtney,Janette).rar.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-u..ell-sharedutilities_31bf3856ad364e35_10.0.19041.1_none_813610a8a9b59e0a\spanish hardcore bukkake uncut .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.1_none_7862ecae0548fb54\kicking hardcore full movie boots .zip.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.746_none_a06b29f6c4bab99e\canadian lesbian animal hot (!) .avi.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..s-ime-eashared-ihds_31bf3856ad364e35_10.0.19041.1_none_e8996b7d3512363f\canadian fetish [milf] .mpg.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.746_none_d404daff82e97769\spanish gang bang catfight latex .avi.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_67a96afcfa248327\japanese kicking lesbian traffic .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.746_none_b53f8b98f2b3a373\gang bang cum hot (!) ash girly .zip.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_en-us_64f5aaf4bb13ecef\indian nude fetish [milf] bedroom .avi.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx-aspnet-nonwow64-shared_b03f5f7f11d50a3a_4.0.19041.1_none_d66d07dacac85e2d\danish fetish action lesbian cock .rar.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.928_none_33e0d5558cdd7c61\asian horse masturbation stockings .zip.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_en-us_8dd6053a0a5910eb\cum lesbian voyeur bondage .avi.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1151_none_fbdc4c5f677dc2ec\beast fetish big beautyfull .zip.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-update-upshared_31bf3856ad364e35_10.0.19041.1151_none_025296d718a7b3a8\beastiality horse masturbation .mpg.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\templates\cumshot licking vagina beautyfull .mpg.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.789_en-us_58ebf9ecc407e3c0\chinese horse beast big Ôï (Sonja,Melissa).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_ab42fb092bda9182\asian cum lingerie girls Ôï .avi.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.746_none_2212358fc33cc10f\french animal xxx lesbian bondage .avi.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-security-ntlmshared_31bf3856ad364e35_10.0.19041.1_none_734900fc110387b6\asian bukkake trambling girls high heels .avi.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-s..-kf-commondownloads_31bf3856ad364e35_10.0.19041.1_none_a914e3e3f19ceda1\swedish action [bangbus] young .zip.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\cumshot catfight bedroom .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_de-de_881b257d159a5de8\russian animal trambling several models (Ashley,Jenna).rar.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d38ece58f77171b4\british porn hardcore sleeping glans sm (Janette).zip.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1202_none_d8a1416ab7cccdcf\kicking public Ôï .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_5abbd3c4a3f2014c\lesbian beastiality voyeur boobs .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Windows\SoftwareDistribution\Download\SharedFileCache\cumshot big hairy (Jenna,Samantha).mpg.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_62312bfbb33d478a\british lesbian girls .zip.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.746_none_aaeae146be52e178\cumshot gang bang public .rar.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\french horse fetish hidden redhair .mpg.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-a..gement-uevtemplates_31bf3856ad364e35_10.0.19041.1_none_0d66b54875835a49\fucking hidden feet bondage .mpg.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_4c786ae2f508e6d5\french porn [milf] (Liz,Liz).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-m..ineshared.resources_31bf3856ad364e35_10.0.19041.1_en-us_99ddc8ce8d3d6dac\indian nude uncut cock .zip.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_b1ffa0e7b4ed03e2\beast lesbian masturbation nipples .mpg.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.867_en-us_49453482f1fb5356\malaysia fucking nude public hole mature .mpg.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_855aff45853749ef\blowjob porn licking femdom (Jade,Gina).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_56cd15352969a8d0\brasilian beast gang bang [free] nipples penetration .mpg.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\sperm blowjob big pregnant .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Windows\SoftwareDistribution\Download\tyrkish nude blowjob [bangbus] glans (Jenna,Sarah).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-s..mon-sharedresources_31bf3856ad364e35_10.0.19041.1_none_5417ea1f38dbb76b\swedish fetish bukkake uncut .rar.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_es-es_64c107d8bb3ade94\porn lesbian sleeping blondie .avi.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Windows\WinSxS\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_10.0.19041.1_none_a723631dce180fe0\asian gay [milf] .mpg.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_es-es_30d7585a049f5b52\lesbian bukkake [free] .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_621728fcd3c9d5f6\fucking lesbian shoes .zip.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_10.0.19041.1_none_359f84f8e5af60e2\canadian beast [free] sm .rar.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.906_none_f962ab5f47e1e896\cumshot voyeur redhair .zip.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_10.0.19041.1_none_551afa5edf8be30e\gang bang big black hairunshaved .rar.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.1_none_4a03fd12cb3f16c2\cum catfight 50+ .mpg.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-m..ineshared.resources_31bf3856ad364e35_10.0.19041.1_en-us_a4327320c19e2fa7\african lingerie big .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_10.0.19041.1_none_de1581e9a275faf8\norwegian xxx hot (!) glans (Christine).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..ces-ime-eashared-lm_31bf3856ad364e35_10.0.19041.1_none_3d0229d17c310f10\horse [milf] .rar.exe | C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe
"C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe"
C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe
"C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe"
C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe
"C:\Users\Admin\AppData\Local\Temp\abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.143.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 93.48.198.129.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 102.149.215.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 242.17.202.169.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 85.110.95.116.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.80.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.60.198.166.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 231.144.15.244.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 242.56.123.99.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.174.7.60.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 60.196.82.117.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 141.218.109.1.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 135.163.61.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 182.74.155.197.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 208.32.159.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.90.156.125.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 235.5.38.86.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.246.244.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.213.23.165.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.102.22.166.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 51.122.211.70.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.110.186.55.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 189.39.216.31.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 143.78.226.36.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 235.180.231.158.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 123.63.126.5.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 214.174.56.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 111.177.30.225.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 182.123.236.38.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 85.174.122.33.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 122.51.147.165.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 218.115.252.73.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.24.169.133.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.31.72.164.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.135.219.208.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 96.83.243.181.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.185.248.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.37.218.12.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.250.183.188.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.128.146.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.33.157.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.134.123.56.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 102.218.65.123.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.70.119.139.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 123.165.88.207.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.166.179.223.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.114.116.153.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.153.58.253.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.122.246.119.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 47.168.67.6.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 165.207.187.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 151.138.46.193.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.168.133.234.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.111.176.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 244.180.206.75.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.100.124.228.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 144.183.149.148.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 61.149.12.239.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 187.65.200.129.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.115.13.144.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.59.125.123.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.60.203.32.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 223.71.214.170.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 139.201.110.188.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 107.146.160.158.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.245.32.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 139.6.106.232.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 12.132.218.113.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 247.240.134.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.249.31.101.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.176.38.203.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 139.155.167.226.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.96.13.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.188.76.71.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 207.202.28.212.in-addr.arpa | udp |
Files
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\spanish nude beastiality lesbian nipples swallow .rar.exe
| MD5 | e0a00c65d747df927471c2a64afb1217 |
| SHA1 | 3c303100720718e640d0017a0548fc52a6ba6cbe |
| SHA256 | 716f582e481f23dc94495430af6a1936d68ee3c33df1ab5012d2d2706d9587f7 |
| SHA512 | d9d15c617815a6d140822b90bd59f66a2c620c52a41ef621a010871f46642346b826f8796831475d00fc0f4f57979b96a409987e5c649a871467db04d1e64473 |