Analysis Overview
SHA256
be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1
Threat Level: Known bad
The file be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1 was found to be: Known bad.
Malicious Activity Summary
UPX dump on OEP (original entry point)
UPX dump on OEP (original entry point)
Detects executables containing possible sandbox analysis VM usernames
Reads user/profile data of web browsers
UPX packed file
Checks computer location settings
Adds Run key to start application
Enumerates connected drives
Drops file in System32 directory
Drops file in Windows directory
Drops file in Program Files directory
Unsigned PE
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-08 00:57
Signatures
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-08 00:57
Reported
2024-04-08 01:00
Platform
win10v2004-20240226-en
Max time kernel
150s
Max time network
149s
Command Line
Signatures
Detects executables containing possible sandbox analysis VM usernames
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\System32\DriverStore\Temp\asian trambling masturbation fishy .avi.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\british horse sleeping high heels .avi.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\SHARED\lesbian [free] legs .zip.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\american animal full movie hole hairy .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\nude several models nipples .avi.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\swedish gay beast girls .avi.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\sperm lesbian (Kathrin,Kathrin).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\beastiality hidden hairy (Karin,Tatjana).avi.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\SHARED\beastiality uncut glans bondage .mpg.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\lesbian handjob public bedroom (Liz,Jade).avi.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\norwegian beastiality uncut .zip.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Windows\System32\LogFiles\Fax\Incoming\brasilian action public (Sarah,Samantha).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\Microsoft Office\root\Templates\xxx licking cock femdom .rar.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\lesbian gang bang masturbation .rar.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\bukkake beastiality hidden boobs 50+ (Samantha).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\horse gang bang sleeping cock ash .rar.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\british sperm cum full movie ash ejaculation .avi.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\german gay licking vagina (Sarah).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Program Files\dotnet\shared\indian nude [milf] sm .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Program Files\Microsoft Office\Updates\Download\horse public cock .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\gang bang hot (!) boots (Christine).rar.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\chinese horse horse [milf] feet .zip.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Microsoft Shared\german kicking action masturbation upskirt .zip.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Program Files (x86)\Google\Temp\norwegian fetish action full movie girly (Liz).avi.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\french animal bukkake voyeur Ôï .avi.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\black bukkake girls .zip.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\gay [bangbus] titts castration .rar.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Shared Gadgets\black lesbian kicking big redhair .mpg.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\Download\lesbian handjob full movie shoes .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\chinese gang bang licking .avi.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\lesbian catfight young .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-t..ervices-tsfairshare_31bf3856ad364e35_10.0.19041.1_none_e32b64807ab11fd2\indian beastiality [free] black hairunshaved .avi.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_3058d81cfd5218f2\animal hidden ejaculation .rar.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_2426cc56d654beaa\chinese gay hardcore [milf] circumcision .rar.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c3d467c525734eb3\american hardcore uncut blondie .mpg.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.789_en-us_58ebf9ecc407e3c0\animal cumshot girls girly .avi.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_f3b35d713ce0fc7f\handjob licking titts beautyfull .avi.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Windows\WinSxS\x86_microsoft-windows-m..-temptable-provider_31bf3856ad364e35_10.0.19041.1_none_77cfea69a421a4a1\russian beastiality horse masturbation bondage .mpg.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\handjob sleeping castration .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.746_none_2212358fc33cc10f\canadian trambling beastiality girls shoes .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_10.0.19041.1_none_8c0b126c198fcf70\gay lesbian femdom (Gina,Ashley).rar.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Windows\mssrv.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.867_none_c29826784f9429f8\horse cumshot sleeping glans .mpg.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_14c898cc82025c76\fetish nude catfight ejaculation .rar.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_es-es_64c107d8bb3ade94\canadian gay hidden girly (Sonja,Liz).avi.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Windows\WinSxS\msil_microsoft.powershel..filedownloadmanager_31bf3856ad364e35_10.0.19041.1_none_cb69bad627df9263\russian cumshot sleeping cock latex (Anniston,Samantha).mpg.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Windows\SoftwareDistribution\Download\porn hot (!) pregnant (Britney,Gina).zip.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Windows\SoftwareDistribution\Download\SharedFileCache\cumshot beastiality licking .avi.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.1_none_fa09f84703cb02c5\animal fetish voyeur pregnant (Ashley,Liz).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_es-es_e5c3ad79c4e34ebb\american lesbian gay [bangbus] .rar.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.746_none_aaeae146be52e178\beast [bangbus] .rar.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-a..gement-uevtemplates_31bf3856ad364e35_10.0.19041.1_none_0d66b54875835a49\canadian handjob [milf] mature .mpg.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_855aff45853749ef\malaysia nude public glans traffic .mpg.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_e79b400a6df5fd2c\russian beastiality xxx hidden (Curtney,Sarah).rar.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.1_none_b6514808f7d87b1a\kicking beastiality [milf] (Samantha).avi.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\canadian action masturbation young .mpg.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_fe0807c37141be7a\french blowjob animal [milf] latex .avi.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.1_none_b201c2e68d8dbc0d\beast sleeping .mpg.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5021dd18efc0460c\african cum sperm catfight nipples (Gina).rar.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1_none_a23e6a858fad9595\lesbian cum uncut hairy .mpg.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_57eddd48e7a74274\italian animal girls ash .rar.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_b597a55b603b537d\beast full movie high heels (Jenna).zip.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_10.0.19041.1_none_ee94ce5eb8e7e4c0\chinese gay gay lesbian black hairunshaved (Jenna,Sandy).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_es-es_c9ce604ef4cbf323\asian lingerie lesbian boobs .mpg.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Windows\WinSxS\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_10.0.19041.1_none_c049dbdb4e15bdd2\british lesbian gang bang girls glans .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_ee7ea14f7d8a3ee3\bukkake fucking licking mature .avi.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1_none_97e9c0335b4cd39a\russian lesbian hardcore [milf] young .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1202_none_e2f5ebbcec2d8fca\chinese lesbian blowjob catfight femdom .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_adfc5e0bfca53431\danish beast [bangbus] .mpg.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx-aspnet-sharedcomponents_b03f5f7f11d50a3a_4.0.19041.1_none_47ca94859da20b28\brasilian porn masturbation (Sarah).zip.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\indian bukkake blowjob full movie mature (Britney).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.844_none_67b5915b5651dd8a\german handjob hot (!) .avi.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1_none_0b596e2a33be7d4c\black action horse public .zip.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-sx-shared_31bf3856ad364e35_10.0.19041.1_none_f8e978b0ed48a6bb\canadian lesbian sperm masturbation boobs Ôï .rar.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\chinese handjob bukkake several models cock .mpg.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1288_none_56c05939711f0938\beastiality [milf] pregnant .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_6242879b1c08046f\german beastiality gay girls leather .mpg.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-t..ervices-tsfairshare_31bf3856ad364e35_10.0.19041.746_none_0b33a1c93a22de1c\blowjob masturbation lady (Kathrin).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.746_none_de598551b74a3964\blowjob girls .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_en-us_310bfb76047869ad\russian gang bang girls .avi.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_es-es_30d7585a049f5b52\french horse voyeur .avi.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_it-it_72a319bf8ee74a9b\italian sperm porn big cock .rar.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_67a96afcfa248327\tyrkish xxx sleeping hotel .mpg.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_ca03036af4a5017e\animal full movie (Melissa,Liz).zip.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_19d22204a1f3fcaf\lesbian horse [milf] .avi.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_10.0.19041.746_none_292c449ed2edefa3\japanese lesbian girls redhair .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Windows\WinSxS\Temp\indian gang bang xxx masturbation glans (Kathrin,Sarah).zip.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.1_none_7862ecae0548fb54\italian animal sleeping .rar.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_en-us_e5f85095c4bc5d16\bukkake lesbian public latex .zip.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sharedrealitysvc_31bf3856ad364e35_10.0.19041.746_none_822bf1ada1526fa8\russian kicking animal masturbation traffic .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_3a3c49005c947bac\fucking gay [free] femdom .avi.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.572_none_cf90e12518baac85\canadian cumshot voyeur legs Ôï .zip.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.1266_none_7916f7558927ae23\horse fucking lesbian Ôï .rar.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx-aspnet-nonwow64-shared_b03f5f7f11d50a3a_4.0.19041.1_none_d66d07dacac85e2d\malaysia hardcore big boobs ash (Curtney).rar.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe
"C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe"
C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe
"C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe"
C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe
"C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe"
C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe
"C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.118.77.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 93.144.196.55.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 141.35.187.17.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.79.211.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 179.202.240.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 166.119.113.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.138.73.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 93.140.215.202.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 37.231.17.114.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 139.12.143.105.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.70.145.100.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.81.95.99.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.225.176.102.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 63.78.237.227.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 165.89.103.33.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.253.33.168.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.148.89.56.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 250.212.86.155.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.118.118.182.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.159.3.132.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.183.156.183.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 132.121.237.218.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.158.154.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 189.189.155.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.251.165.186.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 186.114.148.159.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.20.68.97.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.226.18.79.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.234.203.48.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 12.61.165.41.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.173.4.246.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.69.31.170.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.230.253.224.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.126.105.180.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.2.23.131.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.189.106.195.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 118.60.81.65.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 127.58.118.207.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 63.63.134.133.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 120.38.240.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.80.238.107.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.123.63.63.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.174.165.201.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.29.11.80.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 215.247.207.70.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.32.56.102.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.226.225.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 214.80.108.75.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.198.231.100.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.200.229.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 211.217.161.133.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.102.243.60.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.218.128.251.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 255.121.22.31.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 114.131.34.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 220.140.205.79.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.106.136.15.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.148.214.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.238.114.124.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.9.225.147.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.19.165.39.in-addr.arpa | udp |
Files
memory/1820-0-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\horse gang bang sleeping cock ash .rar.exe
| MD5 | 0eaa6749ef43614a273498701f43af42 |
| SHA1 | 7eed5287961f3bf6664069aaabcbc03e6250fe1e |
| SHA256 | b30519eb818104dcb587b070cc0d677afaa33060cf42e6023dadb2a7731b1dce |
| SHA512 | e471d014068f42651527fef90b964a9ebb0b2465f9f3e240eef8823d527cb7bdfce5434e7ae5d7a06e7715250b89cfd1f70117d8a3983239a1d645fa5f462937 |
memory/4904-92-0x0000000000400000-0x000000000041F000-memory.dmp
memory/3844-167-0x0000000000400000-0x000000000041F000-memory.dmp
memory/4992-166-0x0000000000400000-0x000000000041F000-memory.dmp
memory/1820-195-0x0000000000400000-0x000000000041F000-memory.dmp
memory/4904-198-0x0000000000400000-0x000000000041F000-memory.dmp
memory/4992-200-0x0000000000400000-0x000000000041F000-memory.dmp
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-08 00:57
Reported
2024-04-08 01:00
Platform
win7-20240221-en
Max time kernel
150s
Max time network
148s
Command Line
Signatures
Detects executables containing possible sandbox analysis VM usernames
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\lingerie licking .mpg.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\shared\british bukkake fetish sleeping hairy .rar.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Windows\System32\LogFiles\Fax\Incoming\lesbian cum [milf] girly .mpg.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\indian beast hardcore uncut .avi.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Windows\SysWOW64\IME\shared\italian fetish handjob masturbation ejaculation .zip.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\brasilian fucking hot (!) beautyfull (Curtney,Sandy).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\cumshot voyeur .mpg.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Windows\SysWOW64\FxsTmp\action xxx lesbian (Sylvia).rar.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\russian blowjob beast [free] Ôë (Karin).avi.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\cumshot animal voyeur blondie .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Google\Temp\lesbian gang bang masturbation .rar.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\black lesbian kicking big redhair .mpg.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\gay beastiality several models .rar.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\italian animal [milf] YEâPSè& .zip.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\french animal bukkake voyeur ìï .avi.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\american gay full movie .avi.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\gang bang hot (!) boots (Christine).rar.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Program Files\Windows Journal\Templates\xxx licking cock femdom .rar.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Shared Gadgets\black bukkake girls .zip.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\microsoft shared\gay [bangbus] titts castration .rar.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Program Files\DVD Maker\Shared\indian nude [milf] sm .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\Download\horse public cock .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\horse lesbian beautyfull .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\norwegian blowjob lesbian balls .mpg.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\horse gang bang sleeping cock ash .rar.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f25d066604c2ad34\danish kicking [bangbus] (Jenna,Sonja).zip.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_05ea1d9b8e2bf020\tyrkish animal nude several models (Janette).avi.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_aedaf3947d09fbe5\russian hardcore fucking masturbation upskirt .avi.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_387a16fe7addf3b6\beastiality sperm sleeping cock ìï (Liz).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\british fetish full movie .avi.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\american lingerie beastiality public .rar.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05\german xxx sperm hot (!) (Sonja,Melissa).avi.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\russian lingerie sleeping glans (Sonja,Sarah).avi.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Windows\Downloaded Program Files\spanish porn [free] .rar.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\chinese handjob full movie .rar.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_65b23d3c3a97bfaf\chinese lingerie masturbation nipples .avi.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Windows\winsxs\Temp\cumshot lingerie [milf] mature .avi.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\sperm sleeping .avi.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\norwegian lingerie action hidden .mpg.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_293ea1e3e6bc5364\horse catfight titts (Tatjana).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Windows\SoftwareDistribution\Download\german sperm horse full movie (Janette,Samantha).mpg.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_6f0f7833cb71e18d\chinese lesbian uncut stockings .zip.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_c26c5b8280c6af34\asian lingerie fucking voyeur femdom .rar.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_963e6ae24c653bfe\sperm beast voyeur blondie (Gina).mpg.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_94ab98ac6d213009\brasilian animal kicking girls .zip.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\spanish sperm lesbian voyeur boobs mature .rar.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\swedish xxx lesbian shower (Anniston,Curtney).rar.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_6.1.7600.16385_none_6377027f0030a06a\cumshot full movie girly .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_7bfdfb15e7184c41\russian horse fucking masturbation feet fishy .zip.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0835101f2d90c7b6\handjob nude masturbation .mpg.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8bc7919d3f36cee7\trambling sleeping ash .rar.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_16a2bb1dbab1c595\sperm girls (Sonja).avi.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_6.1.7600.16385_none_5499606faffb3f9f\porn uncut boobs blondie (Britney).avi.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_b7f38afb92de484f\chinese nude public legs mature .rar.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_39c9d74ef2ad6c7b\canadian horse hidden vagina .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_39374e2435a71b47\brasilian bukkake handjob big glans (Sonja,Sarah).avi.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Windows\winsxs\InstallTemp\action [free] YEâPSè& .zip.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Windows\winsxs\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_79642285ffd2a388\hardcore hardcore girls .avi.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8c6fc5a7aa8c435d\hardcore hardcore hot (!) (Tatjana).mpg.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2fc4a33adb648f33\norwegian trambling hardcore sleeping nipples sweet .rar.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e30b5ec05031d17d\horse sperm [milf] wifey (Jade,Tatjana).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_f0ca3430257ea13f\handjob hidden titts swallow .zip.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\fucking [bangbus] circumcision .zip.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\brasilian kicking hidden nipples femdom .zip.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_2e7f079c3208e549\african xxx full movie boots .mpg.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b4aea777fe683838\british nude bukkake uncut hole penetration .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_6.1.7600.16385_none_49dd84a06c7c8863\british cumshot horse uncut legs hairy .zip.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_6.1.7600.16385_none_af6f98ff87b0e3cc\asian kicking lesbian .rar.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_dba3691c6002e10e\fucking fetish [free] .avi.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Windows\winsxs\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_6b16fa9f975e1109\danish fucking bukkake [bangbus] redhair .zip.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Windows\assembly\tmp\spanish fetish xxx uncut 40+ .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\swedish fucking horse catfight ash latex .rar.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_657d9a203abeb154\malaysia nude full movie .mpg.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_ddab3bcb3a4ffb45\italian trambling horse uncut ejaculation .mpg.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\cum blowjob girls bondage .mpeg.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_f3c374fc18118ca2\cum uncut blondie .avi.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_7f84cd98a7a56fd8\canadian cumshot voyeur titts mature .zip.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Windows\assembly\temp\horse kicking big upskirt (Samantha,Sarah).rar.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Windows\winsxs\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_a945e2c500c90142\brasilian gang bang [milf] hotel .zip.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_3d98a610fed70b75\canadian beast cum voyeur (Melissa,Liz).mpg.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_dd18b2a07d49aa11\brasilian gang bang blowjob sleeping blondie .mpg.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_6.1.7600.16385_none_a727eb798dcfb185\french kicking beast public glans .avi.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-m..-temptable-provider_31bf3856ad364e35_6.1.7600.16385_none_1dd3ce8d1e7524cd\american cum sleeping leather .avi.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\malaysia horse several models ash (Curtney,Sandy).rar.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_d81c96999f75bd77\french gang bang big legs .zip.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_de-de_5803850b2f40840e\swedish action masturbation boobs balls .mpg.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Windows\winsxs\x86_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_3c93ac15fd731acf\danish handjob hardcore [milf] mistress (Anniston,Sandy).mpeg.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_6.1.7600.16385_none_2958d4a31d2ec64f\blowjob hot (!) leather .mpg.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
| File created | C:\Windows\winsxs\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_f27c4f066f5c6701\danish horse bukkake [bangbus] cock shoes .zip.exe | C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe
"C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe"
C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe
"C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe"
C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe
"C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 244.212.29.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.139.85.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.37.210.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.43.120.201.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.120.175.249.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.128.119.164.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 128.127.223.189.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.221.253.149.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.212.92.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 245.32.45.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.167.26.231.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.141.115.255.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.120.186.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 213.232.63.58.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.87.215.27.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.89.8.153.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 12.11.144.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.234.162.242.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.101.255.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.33.240.153.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.250.20.201.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.45.96.149.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.240.203.113.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.8.254.193.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.193.99.36.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.73.222.68.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 188.140.16.38.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.179.113.109.in-addr.arpa | udp |
Files
memory/1968-0-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\horse gang bang sleeping cock ash .rar.exe
| MD5 | 0eaa6749ef43614a273498701f43af42 |
| SHA1 | 7eed5287961f3bf6664069aaabcbc03e6250fe1e |
| SHA256 | b30519eb818104dcb587b070cc0d677afaa33060cf42e6023dadb2a7731b1dce |
| SHA512 | e471d014068f42651527fef90b964a9ebb0b2465f9f3e240eef8823d527cb7bdfce5434e7ae5d7a06e7715250b89cfd1f70117d8a3983239a1d645fa5f462937 |
memory/1968-63-0x0000000004E20000-0x0000000004E3F000-memory.dmp
memory/2604-64-0x0000000000400000-0x000000000041F000-memory.dmp
memory/2604-87-0x0000000000500000-0x000000000051F000-memory.dmp
memory/880-88-0x0000000000400000-0x000000000041F000-memory.dmp
C:\debug.txt
| MD5 | 1c459b3bbaf3f9154e2d7808a69b76a5 |
| SHA1 | c1a377f8e7a3114a23afac4fb9d62d2ed0a322b8 |
| SHA256 | 389c2987526a671f91bb95936780cff082a962ca216f922d29bec9ab6d8df3d9 |
| SHA512 | cbfebdf666835eb891b2d284db6593b4e798d25d23973a86b45ed7f628f0884a7f74a6d3f54ec103d4167408b1bd42c12e2e582b4a1ecadc77de753d4c264c6b |
memory/1968-103-0x0000000000400000-0x000000000041F000-memory.dmp
memory/1968-105-0x0000000004E20000-0x0000000004E3F000-memory.dmp
memory/2604-106-0x0000000000400000-0x000000000041F000-memory.dmp
memory/2604-107-0x0000000000500000-0x000000000051F000-memory.dmp
memory/880-109-0x0000000000400000-0x000000000041F000-memory.dmp