Analysis Overview
SHA256
1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40
Threat Level: Known bad
The file 1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40 was found to be: Known bad.
Malicious Activity Summary
UPX dump on OEP (original entry point)
UPX dump on OEP (original entry point)
Detects executables containing possible sandbox analysis VM usernames
UPX packed file
Reads user/profile data of web browsers
Checks computer location settings
Adds Run key to start application
Enumerates connected drives
Drops file in System32 directory
Drops file in Windows directory
Drops file in Program Files directory
Unsigned PE
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-03 19:09
Signatures
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-03 19:09
Reported
2024-04-03 19:12
Platform
win10v2004-20240226-en
Max time kernel
150s
Max time network
154s
Command Line
Signatures
Detects executables containing possible sandbox analysis VM usernames
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\config\systemprofile\tyrkish kicking gay public blondie .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\horse public .rar.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Windows\System32\LogFiles\Fax\Incoming\beast hidden titts .avi.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\black gang bang hardcore licking .avi.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\danish action blowjob voyeur (Melissa).avi.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\russian horse hardcore big .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\SHARED\horse sleeping hole .avi.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\tyrkish porn hardcore full movie titts girly .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\gay [free] sweet (Sandy,Karin).avi.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\blowjob [free] glans .rar.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\SHARED\xxx [milf] hole .rar.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\japanese horse trambling [milf] cock .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\american horse trambling [bangbus] hairy .rar.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\tyrkish fetish lingerie big titts .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\Download\gay licking feet swallow (Karin).mpg.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\indian beastiality beast [milf] cock .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\hardcore voyeur latex .avi.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\xxx several models castration .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\swedish cumshot trambling several models feet mature .avi.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\tyrkish kicking sperm hot (!) ΋ .rar.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Microsoft Shared\black horse lesbian catfight .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\indian fetish lesbian [milf] sm (Ashley,Sarah).zip.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Program Files\Microsoft Office\Updates\Download\fucking catfight feet wifey .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Shared Gadgets\brasilian animal gay lesbian feet .avi.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\EU5927.tmp\japanese handjob hardcore uncut feet .avi.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Program Files\dotnet\shared\tyrkish gang bang lingerie uncut girly .zip.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Templates\gay licking cock .avi.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\brasilian nude gay girls castration .avi.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\horse hidden hole hairy .avi.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\canadian lesbian big hairy .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\american action trambling uncut .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.1_none_abfc9db6c377b91f\chinese beast voyeur balls (Sonja,Curtney).rar.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\russian action bukkake full movie cock .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_5abbd3c4a3f2014c\british fucking licking hole .rar.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_10.0.19041.1_none_01240756137c3159\blowjob [free] (Sylvia).rar.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_10.0.19041.1_none_965fbcbe4df0916b\beast lesbian mature .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\lingerie public bondage .avi.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_10.0.19041.1_none_8c0b126c198fcf70\german hardcore hidden feet 40+ .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_10.0.19041.746_none_e2c6a972a81b8d2c\russian gang bang bukkake hidden titts .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-m..ineshared.resources_31bf3856ad364e35_10.0.19041.1_en-us_a4327320c19e2fa7\japanese handjob gay hot (!) fishy .avi.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_es-es_e5c3ad79c4e34ebb\action sperm [free] hole lady (Curtney).mpg.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-w..acejoin-gptemplates_31bf3856ad364e35_10.0.19041.1_none_609f27436445f4da\fucking public hotel .rar.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\templates\danish handjob horse sleeping glans .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_621728fcd3c9d5f6\spanish sperm sleeping .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.1_none_fa09f84703cb02c5\nude fucking uncut gorgeoushorny .avi.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_e79b400a6df5fd2c\norwegian lesbian licking girly (Sandy,Samantha).rar.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_833abdc06c68d338\horse fucking [bangbus] cock leather (Melissa).avi.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.572_none_d9e58b774d1b6e80\german horse sleeping (Liz).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_10.0.19041.1_none_de1581e9a275faf8\spanish bukkake [free] feet (Kathrin,Liz).mpg.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_3a3c49005c947bac\chinese sperm voyeur beautyfull .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_6c85d64de79e0985\tyrkish horse beast voyeur .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Windows\SystemResources\Windows.ShellCommon.SharedResources\black action horse [bangbus] hotel .avi.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\brasilian gang bang fucking big titts pregnant (Curtney).zip.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5fdc43acc1be690d\lesbian full movie boots (Sonja,Karin).zip.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.1_none_7862ecae0548fb54\american cum xxx [milf] glans 50+ .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.1_none_4a03fd12cb3f16c2\canadian lesbian hidden glans (Britney,Jade).rar.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\xxx [milf] shower .avi.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\gay lesbian cock 50+ (Jade).zip.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.746_none_d404daff82e97769\french gay sleeping pregnant .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\action blowjob [bangbus] .avi.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_en-us_64f5aaf4bb13ecef\sperm hot (!) feet .rar.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx4-_dataperfcou.._shared12_neutral_h_b03f5f7f11d50a3a_4.0.15805.0_none_24ed4511dcc3019e\asian sperm voyeur hole black hairunshaved .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Windows\assembly\tmp\brasilian handjob lesbian hidden fishy .rar.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\tyrkish horse sperm hot (!) (Karin).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c3d467c525734eb3\chinese sperm several models mistress .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_10.0.19041.746_none_292c449ed2edefa3\malaysia sperm [free] castration .rar.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.546_none_cd016aa683e5a345\kicking hardcore several models YEâPSè& .zip.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_it-it_56adcc94becfef03\malaysia blowjob sleeping cock .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Windows\WinSxS\x86_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_10.0.19041.1_none_34e3bab50607a64b\spanish trambling masturbation feet Ôï (Sarah).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Windows\WinSxS\x86_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_10.0.19041.1_none_d980e9752d51efac\british sperm full movie glans girly .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_211cf1c632a13851\kicking blowjob lesbian .avi.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1288_none_ca3007304990b2ea\xxx [free] cock stockings (Tatjana).rar.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_de-de_3d077a9cd5de5151\swedish action beast voyeur .rar.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_6c6bd34f082a97f1\french xxx full movie .avi.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Windows\WinSxS\msil_microsoft.powershel..filedownloadmanager_31bf3856ad364e35_10.0.19041.1_none_cb69bad627df9263\blowjob uncut .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Windows\SoftwareDistribution\Download\SharedFileCache\italian nude gay licking titts sweet (Samantha).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_bfae5918c0443f83\french blowjob [milf] hole upskirt .zip.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.572_none_cf90e12518baac85\spanish hardcore public hairy .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-t..ervices-tsfairshare_31bf3856ad364e35_10.0.19041.746_none_0b33a1c93a22de1c\german lesbian big sm (Britney,Sarah).zip.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_es-es_c9ce604ef4cbf323\african lesbian lesbian shower .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Windows\mssrv.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_5d54c0aac5c3c12c\blowjob several models traffic .zip.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_de-de_16bd831fd16633be\lesbian lesbian .avi.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_3058d81cfd5218f2\asian horse girls .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_8d8f6812a0c99533\danish porn xxx [bangbus] sweet (Sandy,Liz).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\Downloads\american horse sperm [bangbus] glans bedroom (Jade).rar.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_ab42fb092bda9182\spanish sperm [free] sm .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.906_none_ef0e010d1381269b\canadian blowjob girls beautyfull (Sonja,Melissa).mpg.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_10.0.19041.1_none_096bb4dc0d5d63a0\gay uncut sweet (Britney,Karin).zip.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_f07d4fae3e8e883f\german lingerie catfight .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1151_none_fbdc4c5f677dc2ec\brasilian horse horse hidden wifey .zip.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-update-upshared_31bf3856ad364e35_10.0.19041.1151_none_025296d718a7b3a8\british horse public femdom .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-sx-shared_31bf3856ad364e35_10.0.19041.1_none_f8e978b0ed48a6bb\french horse lesbian .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\black porn xxx big hole boots (Jade).rar.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_7860bee9439c3ae7\brasilian handjob trambling [free] feet Ôï .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe
"C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe"
C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe
"C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe"
C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe
"C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe"
C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe
"C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 227.66.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 20.231.121.79:80 | tcp | |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 213.122.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.108.222.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.102.69.181.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.183.198.137.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 250.114.27.156.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 143.28.157.50.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 242.49.130.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.86.6.171.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 215.9.185.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.51.46.12.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.10.105.9.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 190.225.53.112.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 242.55.33.165.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.200.1.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.255.216.105.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 211.29.55.212.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 96.231.144.17.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 125.195.118.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.34.149.251.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.150.44.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.132.117.227.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.12.190.170.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.233.172.42.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 253.71.43.187.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 223.168.11.47.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.167.199.250.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 223.212.35.32.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 177.227.37.196.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.67.46.255.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 199.43.220.224.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 139.255.170.244.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 244.252.13.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 215.163.33.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.53.140.170.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 235.17.178.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 166.189.219.109.in-addr.arpa | udp |
Files
memory/4928-0-0x0000000000400000-0x0000000000421000-memory.dmp
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\brasilian nude gay girls castration .avi.exe
| MD5 | 433c2bfdfb237b295604645ab2ce9359 |
| SHA1 | b70f92f93dc0986fab5e69029d7b9277c2c45bcd |
| SHA256 | 694ef6e60931acdfe7c332bf5f269cd9e3738d37a4f410cf940ba82cfe2f3ff6 |
| SHA512 | c5ae12ca137cb8aad7a17afda875c34960b5eeacbd40e4191673fd2bdd0e8d3093cb0bd034836a9a7ae9dbbc8b08bba86e6f1f8d352e136782a858f23bec84fc |
memory/4204-10-0x0000000000400000-0x0000000000421000-memory.dmp
memory/4048-12-0x0000000000400000-0x0000000000421000-memory.dmp
memory/1608-13-0x0000000000400000-0x0000000000421000-memory.dmp
memory/4928-193-0x0000000000400000-0x0000000000421000-memory.dmp
memory/4204-195-0x0000000000400000-0x0000000000421000-memory.dmp
memory/4048-199-0x0000000000400000-0x0000000000421000-memory.dmp
memory/1608-201-0x0000000000400000-0x0000000000421000-memory.dmp
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-03 19:09
Reported
2024-04-03 19:12
Platform
win7-20240221-en
Max time kernel
150s
Max time network
150s
Command Line
Signatures
Detects executables containing possible sandbox analysis VM usernames
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\indian cum lesbian licking feet beautyfull .avi.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\gay [free] beautyfull .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\indian action beast hidden Ôë .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\italian gang bang lesbian big gorgeoushorny .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\sperm uncut wifey .zip.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\shared\sperm masturbation black hairunshaved (Kathrin,Tatjana).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Windows\System32\LogFiles\Fax\Incoming\russian porn xxx lesbian hole .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\hardcore lesbian hole 50+ .zip.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\brasilian gang bang xxx full movie girly .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\shared\indian kicking lingerie [milf] titts .avi.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Common Files\microsoft shared\black horse horse licking girly (Gina,Liz).rar.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\danish cum xxx [free] .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\swedish cumshot beast lesbian .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\indian beastiality hardcore full movie high heels .rar.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Program Files\Windows Journal\Templates\italian cumshot blowjob lesbian stockings .rar.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Shared Gadgets\tyrkish kicking bukkake catfight titts .rar.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\danish fetish bukkake licking glans .avi.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\indian porn blowjob voyeur hole sm .rar.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\Download\trambling big (Liz).avi.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\tyrkish porn bukkake full movie wifey .zip.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\gay [milf] feet young (Curtney).zip.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Program Files\DVD Maker\Shared\black gang bang beast several models redhair .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\tyrkish nude hardcore full movie (Tatjana).zip.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\sperm catfight feet leather (Tatjana).zip.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\russian handjob hardcore [free] hotel .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_39c9d74ef2ad6c7b\british blowjob sleeping mistress .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_1412267f4b3bb985\fucking licking beautyfull .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\black porn sperm [free] cock fishy .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\tyrkish cum sperm [free] ejaculation .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Windows\SoftwareDistribution\Download\swedish nude xxx [free] (Sarah).mpg.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_657d9a203abeb154\swedish handjob sperm several models traffic .rar.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8c6fc5a7aa8c435d\norwegian xxx public .zip.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\russian horse lingerie [milf] feet traffic .zip.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_94828572f7ddbf0f\canadian beast [free] blondie (Sonja,Janette).zip.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Windows\mssrv.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\lesbian catfight (Curtney).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\horse voyeur titts mature (Sylvia).avi.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_d81c96999f75bd77\japanese gang bang lesbian full movie .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_it-it_18a6fde3093acac7\chinese lingerie hidden pregnant (Jenna,Curtney).avi.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0af98f1835676d1b\bukkake [milf] cock .avi.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\lesbian voyeur young .rar.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\Downloads\indian cumshot fucking licking granny (Christine,Karin).mpg.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5d9f7d70ed4643fd\african bukkake big femdom .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_3d98a610fed70b75\xxx [milf] swallow .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_387a16fe7addf3b6\animal trambling big feet (Sandy,Sylvia).mpg.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\indian handjob xxx [bangbus] .zip.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_f27c4f066f5c6701\action hardcore several models ejaculation (Gina,Samantha).avi.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f25d066604c2ad34\african sperm big feet high heels .zip.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_60a2cbbf935c42b4\italian gang bang bukkake masturbation (Sarah).avi.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5d6ada54ed6d35a2\russian handjob fucking public (Jade).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0ac4ebfc358e5ec0\japanese cum trambling catfight circumcision (Sandy,Tatjana).rar.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_97a45841ff925aa0\cumshot horse [bangbus] hole girly .rar.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_ddab3bcb3a4ffb45\gang bang lesbian lesbian titts .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a3772de7111797da\action beast uncut .avi.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Windows\security\templates\gay lesbian hairy .zip.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\brasilian cum blowjob [milf] sweet (Sonja,Sylvia).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_6.1.7600.16385_none_a727eb798dcfb185\brasilian kicking beast masturbation cock fishy .avi.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ea4a469ab7713182\italian horse gay big (Curtney).mpg.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_de-de_5803850b2f40840e\norwegian bukkake public glans .rar.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8bc7919d3f36cee7\beastiality beast licking femdom .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_965db382b6fef5cb\african horse [free] hole .rar.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_bacc7ceffc55dca2\spanish sperm big pregnant .rar.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_3c93ac15fd731acf\gay voyeur .avi.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_515dc677700303ec\fetish gay big cock .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\tyrkish fetish bukkake masturbation cock .avi.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e30b5ec05031d17d\kicking lingerie full movie shoes .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_60c2504d62fd4f0e\brasilian fetish gay voyeur (Samantha).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ac16749b75335680\italian cum hardcore big feet (Sonja,Karin).avi.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_7f84cd98a7a56fd8\fetish trambling voyeur titts femdom .zip.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2fc4a33adb648f33\malaysia gay licking upskirt .avi.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_39374e2435a71b47\british trambling licking titts .zip.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_5e4ff1f4cf2dee9b\japanese beastiality horse masturbation hole sm (Melissa).zip.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\japanese fetish blowjob full movie .avi.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\russian cum lesbian several models feet mature .rar.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8d9f242de8497d58\german fucking hot (!) (Samantha).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_cd2006602e5ee22e\danish cumshot gay full movie cock .zip.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_34400a5790d1d336\malaysia lingerie [milf] glans castration (Liz).mpg.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_6.1.7600.16385_none_6377027f0030a06a\lingerie hidden titts .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\danish fetish xxx masturbation cock upskirt (Sylvia).rar.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_6f0f7833cb71e18d\kicking horse licking (Janette).zip.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Windows\winsxs\Temp\american gang bang fucking full movie titts shoes .zip.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Windows\winsxs\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_79642285ffd2a388\cum lesbian lesbian glans blondie (Melissa).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_3863e9ef3f804dd9\german lesbian sleeping cock wifey (Janette).rar.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_6.1.7600.16385_none_2958d4a31d2ec64f\nude trambling licking (Karin).zip.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\beast masturbation lady .mpg.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\lesbian sleeping balls .zip.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\russian animal hardcore [milf] (Melissa).mpg.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Windows\Downloaded Program Files\swedish animal lingerie voyeur feet 40+ .rar.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_a945e2c500c90142\asian lingerie big feet circumcision .zip.exe | C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe
"C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe"
C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe
"C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe"
C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe
"C:\Users\Admin\AppData\Local\Temp\1bea9a2d133def3bd420103c619e8c81eb6d0063218ba76617eaa2d87bbbda40.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 154.45.141.125.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 115.190.159.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 182.81.103.134.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.167.22.149.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.127.230.206.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 165.151.53.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.35.215.100.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.171.140.22.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 211.166.173.36.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.74.96.210.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.249.227.186.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 112.79.70.134.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.193.133.250.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 199.39.8.137.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.144.33.135.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.29.231.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.131.37.202.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 123.124.141.101.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.197.149.125.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.24.248.166.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.248.96.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.204.165.206.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.255.2.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.92.191.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.163.79.41.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 187.48.251.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.159.123.16.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.180.132.156.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.140.64.136.in-addr.arpa | udp |
Files
memory/2796-0-0x0000000000400000-0x0000000000421000-memory.dmp
C:\Program Files\Windows Sidebar\Shared Gadgets\tyrkish kicking bukkake catfight titts .rar.exe
| MD5 | e3c2c4a4755bddd8af4485395e024dee |
| SHA1 | d993e99ef1402c51fc22bba45c11e8747645b91f |
| SHA256 | 18184e1924e6d24e02da6e528aa73e6ad41eabe593a4e82418273ffeb63ef09c |
| SHA512 | b57e3a448b38df0f0940d1dea5a7f0cb92e2ad6305068b0d5cb0320120b2dc1e08635b12359fc241332a1f98f8e357487c920695f3e804df122af6d3777d9374 |
memory/2796-54-0x0000000005D60000-0x0000000005D81000-memory.dmp
memory/2720-55-0x0000000000400000-0x0000000000421000-memory.dmp
memory/2720-89-0x00000000045B0000-0x00000000045D1000-memory.dmp
memory/764-90-0x0000000000400000-0x0000000000421000-memory.dmp
C:\debug.txt
| MD5 | 71a61490e99e891bbe7449dfde3007ae |
| SHA1 | a08a423cad352c5c873b099798dd44f491cc51c8 |
| SHA256 | 717a6c7e9710ab90b7d8d349c08e7c847d8205cf45bc7002ad13176d26e443d7 |
| SHA512 | 27438107ed6b063fc8945c78f63c8785dd96aecd533a1c62263513f2bd6f22dbece4c869a67b4ea85dd1e0c7630c0f13264a5720441cf8b67cdd981bae3df650 |
memory/2796-106-0x0000000000400000-0x0000000000421000-memory.dmp
memory/2720-109-0x00000000045B0000-0x00000000045D1000-memory.dmp
memory/2796-108-0x0000000005D60000-0x0000000005D81000-memory.dmp
memory/764-111-0x0000000000400000-0x0000000000421000-memory.dmp