Malware Analysis Report

2025-08-06 00:44

Sample ID 240403-w269zsgh7v
Target 09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358
SHA256 09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358
Tags
upx persistence spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358

Threat Level: Known bad

The file 09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358 was found to be: Known bad.

Malicious Activity Summary

upx persistence spyware stealer

UPX dump on OEP (original entry point)

UPX dump on OEP (original entry point)

Detects executables containing possible sandbox analysis VM usernames

UPX packed file

Checks computer location settings

Reads user/profile data of web browsers

Adds Run key to start application

Enumerates connected drives

Drops file in System32 directory

Drops file in Program Files directory

Drops file in Windows directory

Unsigned PE

Enumerates physical storage devices

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-03 18:26

Signatures

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-03 18:26

Reported

2024-04-03 18:28

Platform

win7-20240215-en

Max time kernel

150s

Max time network

149s

Command Line

"C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe"

Signatures

Detects executables containing possible sandbox analysis VM usernames

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\IME\shared\fetish gay licking circumcision .mpeg.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Windows\System32\DriverStore\Temp\french cumshot blowjob hidden cock swallow .zip.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Windows\SysWOW64\IME\shared\swedish lesbian voyeur leather .mpg.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Windows\System32\LogFiles\Fax\Incoming\porn gang bang [bangbus] young .mpg.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\italian hardcore cum sleeping cock (Anniston).mpg.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\asian bukkake sperm catfight 50+ .zip.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\danish trambling hardcore girls (Melissa).avi.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\fetish [free] boobs (Sandy,Janette).mpeg.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\gang bang action girls .mpeg.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\tyrkish bukkake bukkake catfight titts lady .mpg.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\beastiality animal catfight vagina .mpg.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\horse gay lesbian glans beautyfull .mpg.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\horse [bangbus] ejaculation .mpeg.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\norwegian horse [bangbus] ash fishy (Jade).zip.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\horse several models circumcision .mpeg.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\african fucking lesbian masturbation .rar.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Program Files\DVD Maker\Shared\fucking handjob [free] .mpeg.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Program Files\Windows Sidebar\Shared Gadgets\british beastiality sleeping ash .zip.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Program Files (x86)\Google\Temp\american animal bukkake licking lady (Kathrin,Sonja).rar.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\tyrkish lingerie horse licking titts .zip.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\horse blowjob hidden boots .mpeg.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Program Files\Windows Journal\Templates\animal several models high heels .zip.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Program Files (x86)\Google\Update\Download\beast animal hot (!) redhair .avi.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\spanish bukkake big (Curtney,Melissa).mpeg.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\handjob licking hole 50+ .mpg.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\winsxs\x86_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_3c93ac15fd731acf\cum hardcore hidden vagina .mpeg.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0993a1b8823a4e79\bukkake gay full movie .zip.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\british lesbian sleeping swallow .avi.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\indian horse kicking girls .rar.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_94828572f7ddbf0f\german animal fetish hot (!) feet castration .zip.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Windows\mssrv.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Windows\assembly\temp\gang bang [free] .mpeg.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e30b5ec05031d17d\indian hardcore [milf] sweet .avi.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_6.1.7600.16385_none_5499606faffb3f9f\british hardcore gang bang lesbian ìï (Janette,Christine).avi.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8c6fc5a7aa8c435d\swedish fetish public circumcision .mpg.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_6f0f7833cb71e18d\norwegian kicking trambling several models hole .mpg.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\french handjob public legs redhair (Christine).avi.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8bc7919d3f36cee7\tyrkish cum several models stockings .zip.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0835101f2d90c7b6\horse animal sleeping legs hairy .mpg.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_7f84cd98a7a56fd8\sperm licking gorgeoushorny (Samantha,Ashley).zip.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\american blowjob [free] fishy .rar.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\british horse licking hole (Janette).zip.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_6.1.7600.16385_none_af6f98ff87b0e3cc\black cumshot kicking full movie (Karin).mpg.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_6.1.7600.16385_none_a727eb798dcfb185\american xxx bukkake sleeping legs .mpg.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_60a2cbbf935c42b4\beast several models circumcision (Jenna,Sarah).mpg.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_05ea1d9b8e2bf020\russian gang bang lingerie hot (!) feet (Melissa,Karin).zip.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\canadian lingerie cum [bangbus] shoes .avi.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_97a45841ff925aa0\french beast hot (!) feet redhair .rar.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Windows\SoftwareDistribution\Download\french kicking full movie hole .mpeg.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0ac4ebfc358e5ec0\british cumshot cum [free] fishy .zip.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Windows\winsxs\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_16a2bb1dbab1c595\indian kicking kicking girls bondage .avi.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_6b16fa9f975e1109\danish lingerie masturbation vagina .zip.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_095efe9c8261401e\canadian gay gang bang lesbian latex .mpg.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_ddab3bcb3a4ffb45\japanese sperm horse [free] titts circumcision .avi.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\malaysia beastiality hardcore licking feet upskirt .mpg.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\malaysia action kicking hidden (Jenna,Anniston).mpg.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_65b23d3c3a97bfaf\asian hardcore trambling [milf] stockings .avi.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f25d066604c2ad34\british fucking kicking [free] (Melissa,Anniston).mpeg.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\swedish lingerie lesbian (Liz,Liz).avi.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\bukkake masturbation titts fishy .avi.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_b7f38afb92de484f\malaysia lingerie hot (!) mistress .avi.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_387a16fe7addf3b6\african bukkake uncut .mpeg.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\danish porn full movie hotel (Melissa,Jade).rar.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Windows\winsxs\Temp\french trambling gay catfight titts .rar.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_de-de_5803850b2f40840e\handjob lingerie hot (!) 40+ .mpg.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_6.1.7600.16385_none_6377027f0030a06a\bukkake gang bang sleeping (Sandy).mpg.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_f27c4f066f5c6701\british gang bang hot (!) bondage .avi.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b4aea777fe683838\tyrkish horse lesbian traffic (Britney,Melissa).zip.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\cum hot (!) ejaculation (Sylvia).avi.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\indian beast fetish [bangbus] stockings (Karin,Sandy).avi.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_94ab98ac6d213009\russian trambling cum catfight young .avi.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_657d9a203abeb154\russian beast big sweet .mpeg.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Windows\winsxs\amd64_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_c26c5b8280c6af34\cum nude big titts .rar.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8d9f242de8497d58\black horse fucking [bangbus] (Gina,Anniston).zip.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_39c9d74ef2ad6c7b\cumshot animal [milf] nipples (Jade,Sonja).rar.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_515dc677700303ec\handjob full movie titts pregnant (Sonja,Anniston).zip.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ea4a469ab7713182\british beast porn uncut boots .avi.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_en-us_00f45b041e1e8fd3\french horse several models gorgeoushorny .zip.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2fc4a33adb648f33\italian fucking lesbian catfight hole circumcision .avi.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_3b85bcbe4734e96a\chinese animal full movie traffic (Sonja).rar.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Windows\winsxs\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_5e4ff1f4cf2dee9b\black xxx hot (!) .mpeg.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\tyrkish xxx [milf] hole .zip.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05\xxx full movie vagina .mpeg.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_d8216ed3d8746200\hardcore blowjob girls .zip.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_6208b91f46896156\russian action several models young (Britney).mpg.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Windows\winsxs\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_a945e2c500c90142\cumshot full movie (Sarah,Janette).zip.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\Downloads\asian kicking uncut nipples mistress .avi.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\Downloads\nude sleeping hole .rar.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\swedish action animal full movie .zip.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2308 wrote to memory of 2472 N/A C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe
PID 2308 wrote to memory of 2472 N/A C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe
PID 2308 wrote to memory of 2472 N/A C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe
PID 2308 wrote to memory of 2472 N/A C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe
PID 2472 wrote to memory of 1304 N/A C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe
PID 2472 wrote to memory of 1304 N/A C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe
PID 2472 wrote to memory of 1304 N/A C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe
PID 2472 wrote to memory of 1304 N/A C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe

Processes

C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe

"C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe"

C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe

"C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe"

C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe

"C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 50.115.189.187.in-addr.arpa udp
US 8.8.8.8:53 96.205.182.79.in-addr.arpa udp
US 8.8.8.8:53 178.11.251.145.in-addr.arpa udp
US 8.8.8.8:53 92.245.60.114.in-addr.arpa udp
US 8.8.8.8:53 120.187.47.145.in-addr.arpa udp
US 8.8.8.8:53 174.247.232.129.in-addr.arpa udp
US 8.8.8.8:53 49.43.162.125.in-addr.arpa udp
US 8.8.8.8:53 162.184.196.53.in-addr.arpa udp
US 8.8.8.8:53 177.223.127.177.in-addr.arpa udp
US 8.8.8.8:53 164.224.116.115.in-addr.arpa udp
US 8.8.8.8:53 82.56.16.57.in-addr.arpa udp
US 8.8.8.8:53 126.26.160.67.in-addr.arpa udp
US 8.8.8.8:53 61.15.95.204.in-addr.arpa udp
US 8.8.8.8:53 187.73.208.141.in-addr.arpa udp
US 8.8.8.8:53 69.54.243.216.in-addr.arpa udp
US 8.8.8.8:53 87.204.26.241.in-addr.arpa udp
US 8.8.8.8:53 180.63.202.181.in-addr.arpa udp
US 8.8.8.8:53 173.50.158.188.in-addr.arpa udp
US 8.8.8.8:53 11.201.217.131.in-addr.arpa udp
US 8.8.8.8:53 72.169.113.61.in-addr.arpa udp
US 8.8.8.8:53 242.217.205.34.in-addr.arpa udp
US 8.8.8.8:53 165.55.73.140.in-addr.arpa udp
US 8.8.8.8:53 100.186.208.193.in-addr.arpa udp
US 8.8.8.8:53 28.62.168.58.in-addr.arpa udp
US 8.8.8.8:53 68.157.116.223.in-addr.arpa udp
US 8.8.8.8:53 192.78.20.205.in-addr.arpa udp

Files

memory/2308-0-0x0000000000400000-0x000000000041F000-memory.dmp

C:\Program Files\Windows Sidebar\Shared Gadgets\british beastiality sleeping ash .zip.exe

MD5 af96a9e69b707cbcde202870a36d2e6f
SHA1 da89ae008e5e60799dc36bde70b94569de29dbab
SHA256 51c7057b76395834ec99edc81d3fd7ee069284b72b66b1141743e9610d7b46e0
SHA512 bd5129634722503dc30310eb1bbc237bc8824e317268f2aa1fc2c8fc5f4cddc9186bb886c7895e7e0adb93f5beaa257dbcd8c581b6d844f8128f7661402732c8

memory/2308-59-0x0000000004BC0000-0x0000000004BDF000-memory.dmp

memory/2472-60-0x0000000000400000-0x000000000041F000-memory.dmp

memory/2472-89-0x0000000004DD0000-0x0000000004DEF000-memory.dmp

memory/1304-90-0x0000000000400000-0x000000000041F000-memory.dmp

memory/2308-94-0x0000000000400000-0x000000000041F000-memory.dmp

memory/1304-104-0x0000000000400000-0x000000000041F000-memory.dmp

memory/2308-105-0x0000000000400000-0x000000000041F000-memory.dmp

memory/2308-107-0x0000000004BC0000-0x0000000004BDF000-memory.dmp

memory/2472-108-0x0000000004DD0000-0x0000000004DEF000-memory.dmp

memory/2308-110-0x0000000000400000-0x000000000041F000-memory.dmp

memory/2308-113-0x0000000000400000-0x000000000041F000-memory.dmp

memory/2308-116-0x0000000000400000-0x000000000041F000-memory.dmp

memory/2308-121-0x0000000000400000-0x000000000041F000-memory.dmp

memory/2308-124-0x0000000000400000-0x000000000041F000-memory.dmp

memory/2308-127-0x0000000000400000-0x000000000041F000-memory.dmp

memory/2308-130-0x0000000000400000-0x000000000041F000-memory.dmp

memory/2308-133-0x0000000000400000-0x000000000041F000-memory.dmp

memory/2308-136-0x0000000000400000-0x000000000041F000-memory.dmp

memory/2308-139-0x0000000000400000-0x000000000041F000-memory.dmp

memory/2308-142-0x0000000000400000-0x000000000041F000-memory.dmp

memory/2308-145-0x0000000000400000-0x000000000041F000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-04-03 18:26

Reported

2024-04-03 18:28

Platform

win10v2004-20231215-en

Max time kernel

150s

Max time network

149s

Command Line

"C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe"

Signatures

Detects executables containing possible sandbox analysis VM usernames

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\DriverStore\Temp\italian fetish lingerie public ash .avi.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\horse licking lady .mpeg.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Windows\SysWOW64\IME\SHARED\american nude lesbian [bangbus] hole .rar.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\indian kicking beast [milf] titts girly .mpeg.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\tyrkish nude hardcore full movie feet wifey .mpg.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\trambling public mistress (Gina,Sarah).mpeg.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Windows\SysWOW64\IME\SHARED\lesbian [bangbus] pregnant .rar.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\swedish cum bukkake sleeping titts .avi.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\danish handjob horse [bangbus] hole (Kathrin,Janette).zip.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\xxx hidden cock ejaculation .mpeg.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\swedish handjob bukkake licking mistress .rar.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Windows\System32\LogFiles\Fax\Incoming\brasilian cumshot hardcore big mature .mpeg.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\brasilian action horse hidden cock ash .zip.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\hardcore several models hole .mpeg.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\swedish nude blowjob full movie .mpg.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\american nude lesbian uncut titts castration .avi.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Program Files\Microsoft Office\Updates\Download\bukkake several models bondage .mpg.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\xxx [milf] titts latex (Janette).mpg.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Program Files (x86)\Google\Temp\indian cum lingerie big (Melissa).rar.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\japanese porn beast masturbation ash .mpeg.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\gay [free] cock wifey (Jade).mpeg.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Program Files\Common Files\microsoft shared\japanese nude trambling masturbation cock .mpeg.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\blowjob public swallow .mpg.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Program Files\Windows Sidebar\Shared Gadgets\trambling several models (Sylvia).mpeg.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\tyrkish action bukkake [free] feet 40+ .zip.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\danish nude lingerie voyeur titts shoes .mpg.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\american handjob lingerie hidden redhair .zip.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Program Files (x86)\Google\Update\Download\xxx full movie .rar.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Program Files\dotnet\shared\lesbian masturbation hole lady .mpg.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\chinese hardcore licking femdom (Sandy,Melissa).mpg.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\SoftwareDistribution\Download\italian gang bang blowjob public titts 40+ .mpg.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Windows\WinSxS\amd64_netfx4-installsqlstatetemplate_sql_b03f5f7f11d50a3a_4.0.15805.0_none_7636d1cd418015c8\spanish xxx hidden titts stockings .mpg.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\swedish beastiality beast hidden glans hairy .avi.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_215194e2327a46ac\american fetish lesbian catfight mature .mpg.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1288_none_ca3007304990b2ea\malaysia horse masturbation sweet .rar.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-update-upshared_31bf3856ad364e35_10.0.19041.1151_none_025296d718a7b3a8\spanish blowjob licking feet shower .zip.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_2610450c30b37cc4\gay voyeur YEâPSè& .mpeg.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\russian nude blowjob lesbian feet ash (Melissa).mpg.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_10.0.19041.1_none_a3d9a07cf2290837\action xxx public bondage (Sonja,Sylvia).rar.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedrealitysvc_31bf3856ad364e35_10.0.19041.1_none_5a23b464e1e0b15e\french blowjob sleeping .zip.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_d58d4747b1d5988c\lingerie [free] cock .zip.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedpc-sharedpccsp_31bf3856ad364e35_10.0.19041.1_none_24f622f1fc5a3f3c\italian cumshot hardcore licking (Janette).mpg.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.572_none_d9e58b774d1b6e80\british beast girls .mpg.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Windows\WinSxS\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_10.0.19041.1_none_15ba23b7f1e2b81b\horse licking shower .mpeg.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Windows\SoftwareDistribution\Download\SharedFileCache\horse hot (!) bondage .mpg.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Windows\WinSxS\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_10.0.19041.1_none_4ab14109a3e1e067\lesbian girls Ôï .zip.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\indian cumshot blowjob hidden 50+ .avi.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_211cf1c632a13851\horse uncut hole boots .rar.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1_none_3cfd44d351b1a8ab\canadian lesbian [bangbus] feet gorgeoushorny .mpeg.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1288_none_56c05939711f0938\african horse lesbian titts shoes .avi.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_67a96afcfa248327\malaysia fucking masturbation (Jade).avi.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.867_none_c29826784f9429f8\animal beast public (Liz).rar.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_es-es_bf79b5fcc06b3128\gang bang horse catfight (Sarah).rar.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\american kicking xxx girls mature .avi.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.153_none_e23c926e32d07dc1\spanish lesbian several models glans .mpeg.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.1_none_6e0e425bd0e83959\german horse several models swallow .mpg.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1202_none_e2f5ebbcec2d8fca\malaysia lingerie girls hole sm .rar.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.1_none_d12f2a9a88909fc2\gang bang xxx full movie titts (Christine,Sarah).rar.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_2fe79eae2833b9b1\tyrkish horse horse licking YEâPSè& .mpg.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_en-us_e5f85095c4bc5d16\tyrkish nude bukkake masturbation .rar.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_es-es_e5c3ad79c4e34ebb\canadian gay hot (!) feet .mpg.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Windows\WinSxS\amd64_netfx4-_dataperfcou.._shared12_neutral_h_b03f5f7f11d50a3a_4.0.15805.0_none_24ed4511dcc3019e\cumshot fucking big 40+ (Kathrin,Sarah).mpeg.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Windows\SystemResources\Windows.UI.ShellCommon\SharePickerUI\american gang bang horse full movie cock beautyfull .avi.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_cb389cf57d74d691\cum xxx [free] feet black hairunshaved .rar.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.1_none_f42978969c79336a\spanish blowjob lesbian titts YEâPSè& .mpg.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-u..tyvm-sysprep-shared_31bf3856ad364e35_10.0.19041.1_none_3ba048793ab5eb3f\handjob lesbian lesbian cock Ôï .mpeg.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\Downloads\hardcore [milf] (Tatjana).zip.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1202_none_d8a1416ab7cccdcf\asian fucking hot (!) feet YEâPSè& (Curtney).rar.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_it-it_f1a0741e853eda74\african gay [free] .avi.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_de-de_21122d7205c6f5b9\asian gay masturbation hole stockings .mpg.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Windows\assembly\tmp\indian handjob horse licking titts .zip.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_10.0.19041.1_none_096bb4dc0d5d63a0\fetish gay [milf] .mpg.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_de-de_e4e52f411b7b0526\black cum beast full movie feet femdom .avi.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Windows\WinSxS\x86_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_10.0.19041.1_none_d980e9752d51efac\hardcore [free] feet leather .rar.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Windows\WinSxS\x86_netfx4-uninstallsqlstatetemplate_sql_b03f5f7f11d50a3a_4.0.15805.0_none_231ddfc33015c6db\cum hardcore licking lady .mpeg.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Windows\mssrv.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.1_none_0bc0f3d4cd7dc8fd\handjob blowjob [bangbus] cock mature .avi.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-composable-sharepicker_31bf3856ad364e35_10.0.19041.1_none_c87e96327faffd0e\tyrkish kicking trambling public cock castration (Liz).zip.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_5af076e0a3cb0fa7\sperm hidden glans swallow (Sarah).mpg.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.84_none_c494b3b28da10665\malaysia bukkake catfight (Janette).avi.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_es-es_8da1621e0a800290\beast hot (!) castration .mpg.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Windows\WinSxS\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_10.0.19041.1_none_a723631dce180fe0\animal trambling full movie castration .mpeg.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-m..ineshared.resources_31bf3856ad364e35_10.0.19041.1_en-us_99ddc8ce8d3d6dac\tyrkish fetish blowjob hot (!) titts 50+ .rar.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Windows\WinSxS\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_10.0.19041.1_none_0341fea186758116\action fucking catfight balls .mpeg.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.84_none_cee95e04c201c860\japanese fetish trambling hidden glans (Gina,Jade).avi.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Windows\assembly\temp\danish beastiality lesbian catfight feet young (Jade).mpg.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_833abdc06c68d338\danish beastiality hardcore licking bondage (Ashley,Melissa).mpeg.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_fd7349c396c417ae\sperm full movie feet .avi.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_1bbb9ab9fc52bac9\cum bukkake uncut .zip.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_57eddd48e7a74274\russian horse gay hidden hole mature (Tatjana).mpg.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_it-it_1a80ce63d483fe70\french fucking [bangbus] granny .mpeg.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.1_none_b6514808f7d87b1a\brasilian nude gay full movie leather .mpg.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Windows\PLA\Templates\russian horse bukkake hidden .mpeg.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
File created C:\Windows\security\templates\tyrkish nude lesbian public titts hairy .zip.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3048 wrote to memory of 4364 N/A C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe
PID 3048 wrote to memory of 4364 N/A C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe
PID 3048 wrote to memory of 4364 N/A C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe
PID 3048 wrote to memory of 2484 N/A C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe
PID 3048 wrote to memory of 2484 N/A C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe
PID 3048 wrote to memory of 2484 N/A C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe
PID 4364 wrote to memory of 4964 N/A C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe
PID 4364 wrote to memory of 4964 N/A C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe
PID 4364 wrote to memory of 4964 N/A C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe

Processes

C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe

"C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe"

C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe

"C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe"

C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe

"C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe"

C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe

"C:\Users\Admin\AppData\Local\Temp\09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 69.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
NL 52.142.223.178:80 tcp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 28.90.140.87.in-addr.arpa udp
US 8.8.8.8:53 146.95.9.162.in-addr.arpa udp
US 8.8.8.8:53 181.6.53.2.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 40.89.50.31.in-addr.arpa udp
US 8.8.8.8:53 155.165.14.140.in-addr.arpa udp
US 8.8.8.8:53 28.176.165.29.in-addr.arpa udp
US 8.8.8.8:53 203.233.226.233.in-addr.arpa udp
US 8.8.8.8:53 176.151.242.144.in-addr.arpa udp
US 8.8.8.8:53 202.160.132.218.in-addr.arpa udp
US 8.8.8.8:53 61.5.210.229.in-addr.arpa udp
US 8.8.8.8:53 36.225.211.124.in-addr.arpa udp
US 8.8.8.8:53 139.110.86.104.in-addr.arpa udp
US 8.8.8.8:53 39.234.238.102.in-addr.arpa udp
US 8.8.8.8:53 181.162.159.97.in-addr.arpa udp
US 8.8.8.8:53 246.238.61.9.in-addr.arpa udp
US 8.8.8.8:53 143.16.194.19.in-addr.arpa udp
US 8.8.8.8:53 109.227.241.8.in-addr.arpa udp
US 8.8.8.8:53 168.85.132.82.in-addr.arpa udp
US 8.8.8.8:53 22.41.63.145.in-addr.arpa udp
US 8.8.8.8:53 199.170.81.30.in-addr.arpa udp
US 8.8.8.8:53 125.7.228.151.in-addr.arpa udp
US 8.8.8.8:53 3.206.75.90.in-addr.arpa udp
US 8.8.8.8:53 177.219.225.74.in-addr.arpa udp
US 8.8.8.8:53 95.71.49.204.in-addr.arpa udp
US 8.8.8.8:53 197.253.117.35.in-addr.arpa udp
US 8.8.8.8:53 199.165.110.176.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 155.172.40.253.in-addr.arpa udp
US 8.8.8.8:53 242.242.209.47.in-addr.arpa udp
US 8.8.8.8:53 126.85.124.34.in-addr.arpa udp
US 8.8.8.8:53 52.245.238.174.in-addr.arpa udp
US 8.8.8.8:53 134.131.141.79.in-addr.arpa udp
US 8.8.8.8:53 226.108.222.173.in-addr.arpa udp
US 8.8.8.8:53 31.85.176.8.in-addr.arpa udp
US 8.8.8.8:53 214.204.194.51.in-addr.arpa udp
US 8.8.8.8:53 58.166.156.143.in-addr.arpa udp
US 8.8.8.8:53 171.184.67.174.in-addr.arpa udp
US 8.8.8.8:53 210.215.251.7.in-addr.arpa udp
US 8.8.8.8:53 145.146.116.138.in-addr.arpa udp
US 8.8.8.8:53 114.56.211.78.in-addr.arpa udp
US 8.8.8.8:53 242.149.228.96.in-addr.arpa udp
US 8.8.8.8:53 121.246.72.227.in-addr.arpa udp
US 8.8.8.8:53 7.216.30.96.in-addr.arpa udp
US 8.8.8.8:53 165.92.201.46.in-addr.arpa udp
US 8.8.8.8:53 171.133.106.109.in-addr.arpa udp
US 8.8.8.8:53 224.33.168.135.in-addr.arpa udp
US 8.8.8.8:53 9.183.6.58.in-addr.arpa udp
US 8.8.8.8:53 242.159.68.15.in-addr.arpa udp

Files

memory/3048-0-0x0000000000400000-0x000000000041F000-memory.dmp

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\swedish nude blowjob full movie .mpg.exe

MD5 b357b15a502ee876d4665081685b13df
SHA1 e0f1836adbc43002a98982ceabc453dfd6c68393
SHA256 26f20363d25d6236fc8f48bc883e95edafac48cb86c8dba9a0a1922679c7b89f
SHA512 4d357c62471c7bd3e53dd6887a8d1f0a3f974ff53f41e42f24382c24351044190365bb8362bc896cb27038d072d098d873f86f47ff4e4aa117f55c8a88b362c3

memory/4364-111-0x0000000000400000-0x000000000041F000-memory.dmp

memory/4964-177-0x0000000000400000-0x000000000041F000-memory.dmp

memory/2484-174-0x0000000000400000-0x000000000041F000-memory.dmp

memory/3048-186-0x0000000000400000-0x000000000041F000-memory.dmp

memory/4364-187-0x0000000000400000-0x000000000041F000-memory.dmp

memory/2484-188-0x0000000000400000-0x000000000041F000-memory.dmp

memory/4964-189-0x0000000000400000-0x000000000041F000-memory.dmp

memory/3048-191-0x0000000000400000-0x000000000041F000-memory.dmp

memory/3048-197-0x0000000000400000-0x000000000041F000-memory.dmp

memory/3048-208-0x0000000000400000-0x000000000041F000-memory.dmp

memory/3048-212-0x0000000000400000-0x000000000041F000-memory.dmp

memory/3048-217-0x0000000000400000-0x000000000041F000-memory.dmp

memory/3048-221-0x0000000000400000-0x000000000041F000-memory.dmp

memory/3048-225-0x0000000000400000-0x000000000041F000-memory.dmp

memory/3048-229-0x0000000000400000-0x000000000041F000-memory.dmp

memory/3048-233-0x0000000000400000-0x000000000041F000-memory.dmp

memory/3048-237-0x0000000000400000-0x000000000041F000-memory.dmp

memory/3048-241-0x0000000000400000-0x000000000041F000-memory.dmp

memory/3048-245-0x0000000000400000-0x000000000041F000-memory.dmp

memory/3048-249-0x0000000000400000-0x000000000041F000-memory.dmp