Malware Analysis Report

2025-08-05 10:00

Sample ID 240403-x6v8ysad5t
Target 243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64
SHA256 243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64
Tags
persistence spyware stealer upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64

Threat Level: Known bad

The file 243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64 was found to be: Known bad.

Malicious Activity Summary

persistence spyware stealer upx

UPX dump on OEP (original entry point)

UPX dump on OEP (original entry point)

Detects executables containing possible sandbox analysis VM usernames

Checks computer location settings

Reads user/profile data of web browsers

UPX packed file

Enumerates connected drives

Adds Run key to start application

Drops file in System32 directory

Drops file in Windows directory

Drops file in Program Files directory

Enumerates physical storage devices

Unsigned PE

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-03 19:28

Signatures

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-04-03 19:28

Reported

2024-04-03 19:31

Platform

win10v2004-20240226-en

Max time kernel

150s

Max time network

155s

Command Line

"C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe"

Signatures

Detects executables containing possible sandbox analysis VM usernames

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\FxsTmp\horse [milf] glans boots .mpg.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\hardcore [free] .mpg.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\trambling [bangbus] glans shower (Curtney).avi.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Windows\SysWOW64\IME\SHARED\lingerie several models titts pregnant (Samantha).mpeg.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\american handjob lingerie full movie (Tatjana).mpg.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\russian kicking sperm hot (!) shoes .avi.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Windows\System32\DriverStore\Temp\tyrkish horse gay hot (!) sweet .rar.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Windows\SysWOW64\IME\SHARED\blowjob big cock castration (Karin).mpeg.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Windows\System32\LogFiles\Fax\Incoming\tyrkish horse bukkake hidden .mpg.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\american fetish bukkake licking femdom .avi.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\bukkake voyeur .avi.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\swedish action sperm full movie feet .mpeg.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Windows Sidebar\Shared Gadgets\beast public (Jade).zip.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\danish action horse lesbian 50+ .rar.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Program Files (x86)\Google\Update\Download\bukkake [bangbus] .mpeg.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\italian animal bukkake big glans (Kathrin,Sylvia).avi.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Program Files\Microsoft Office\Updates\Download\hardcore licking hotel .mpeg.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\black fetish xxx uncut traffic .mpg.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\danish animal trambling public traffic (Anniston,Tatjana).avi.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\italian nude fucking big shoes .avi.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\trambling voyeur cock boots .mpeg.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\japanese animal sperm [milf] hole lady (Curtney).zip.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\russian nude xxx [milf] titts .rar.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\swedish action fucking licking (Liz).rar.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Program Files\dotnet\shared\blowjob full movie glans high heels (Curtney).zip.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\american beastiality gay hidden fishy .mpeg.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Program Files (x86)\Google\Temp\beast full movie 50+ .zip.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\fucking lesbian hole .zip.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Program Files\Common Files\microsoft shared\indian kicking trambling hot (!) gorgeoushorny .avi.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\black nude blowjob public cock .mpeg.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\mssrv.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_10.0.19041.1_none_91025638be651781\danish handjob hardcore [bangbus] (Liz).mpg.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_a4f93129c473df49\action beast voyeur .rar.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_5d54c0aac5c3c12c\danish action beast hot (!) sweet .avi.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_19d22204a1f3fcaf\french beast girls stockings .zip.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-security-ntlmshared_31bf3856ad364e35_10.0.19041.1_none_734900fc110387b6\asian hardcore [bangbus] .mpg.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_fe0807c37141be7a\porn lesbian licking traffic .zip.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.746_none_b53f8b98f2b3a373\swedish horse gay full movie cock upskirt .mpeg.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_bfae5918c0443f83\sperm girls .mpeg.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_887b2378b7b5651d\cum hardcore full movie (Tatjana).mpg.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedrealitysvc_31bf3856ad364e35_10.0.19041.746_none_822bf1ada1526fa8\horse full movie hole (Sonja,Jade).avi.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.746_none_aaeae146be52e178\japanese porn bukkake big redhair .rar.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_de-de_e4e52f411b7b0526\sperm hot (!) glans .mpeg.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1288_none_6115038ba57fcb33\norwegian bukkake masturbation 50+ .rar.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1_none_3cfd44d351b1a8ab\indian gang bang sperm girls titts .mpeg.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..ces-ime-eashared-lm_31bf3856ad364e35_10.0.19041.1_none_4756d423b091d10b\spanish fucking sleeping hole pregnant .zip.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_es-es_c9ce604ef4cbf323\norwegian horse hot (!) cock .zip.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_2426cc56d654beaa\animal hardcore catfight balls .avi.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Windows\assembly\tmp\swedish handjob sperm lesbian cock blondie (Liz).avi.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Windows\Downloaded Program Files\swedish animal xxx hidden glans bondage .avi.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_es-es_e5c3ad79c4e34ebb\tyrkish cumshot sperm [milf] .mpeg.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1288_none_56c05939711f0938\swedish animal lingerie uncut shower .avi.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Windows\SystemResources\Windows.UI.ShellCommon\SharePickerUI\american handjob gay uncut cock leather .rar.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Windows\WinSxS\msil_microsoft.powershel..filedownloadmanager_31bf3856ad364e35_10.0.19041.1_none_cb69bad627df9263\fucking masturbation girly (Britney,Karin).mpg.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.546_none_cd016aa683e5a345\spanish fucking public Ôï .zip.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Windows\PLA\Templates\american action gay girls .mpg.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_b1ffa0e7b4ed03e2\hardcore uncut glans (Ashley,Jade).mpg.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\japanese porn xxx full movie feet .mpg.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..mon-sharedresources_31bf3856ad364e35_10.0.19041.1_none_5417ea1f38dbb76b\blowjob hot (!) boots .avi.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.84_none_c494b3b28da10665\indian nude hardcore big glans sm .zip.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Windows\WinSxS\amd64_netfx-aspnet-nonwow64-shared_b03f5f7f11d50a3a_4.0.19041.1_none_d66d07dacac85e2d\fetish horse hidden titts hotel (Sylvia).avi.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_fad1fa0072ef4a3a\british trambling voyeur latex .zip.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\brasilian cum gay girls .mpeg.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1_none_a23e6a858fad9595\hardcore licking mistress .mpg.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_it-it_72a319bf8ee74a9b\horse horse [bangbus] (Sylvia).mpg.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_b597a55b603b537d\russian cumshot fucking several models wifey .mpg.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\sperm big blondie .zip.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_d58d4747b1d5988c\swedish cumshot hardcore girls hole circumcision .avi.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\Downloads\indian horse fucking [free] latex .mpg.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..s-ime-eashared-ihds_31bf3856ad364e35_10.0.19041.1_none_e8996b7d3512363f\japanese action hardcore voyeur .rar.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_2610450c30b37cc4\brasilian animal trambling [bangbus] (Curtney).rar.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d38ece58f77171b4\porn sperm big mature .avi.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_1bbb9ab9fc52bac9\norwegian gay lesbian titts mistress (Curtney).rar.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_10.0.19041.1_none_a3d9a07cf2290837\fucking full movie hole shoes (Melissa).mpg.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_10.0.19041.746_none_e2c6a972a81b8d2c\german sperm masturbation feet circumcision .mpeg.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_93c5f32b7859ec4f\handjob fucking licking .zip.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c3d467c525734eb3\fetish sperm [milf] (Sarah).mpg.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..ervices-tsfairshare_31bf3856ad364e35_10.0.19041.746_none_0b33a1c93a22de1c\malaysia gay public 40+ .rar.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_en-us_8dd6053a0a5910eb\american cumshot hardcore masturbation (Melissa).zip.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.906_none_f962ab5f47e1e896\xxx hot (!) feet .zip.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-m..ineshared.resources_31bf3856ad364e35_10.0.19041.1_en-us_a4327320c19e2fa7\spanish gay full movie swallow .mpeg.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.1266_none_7916f7558927ae23\trambling [milf] hole (Jenna,Karin).zip.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_e79b400a6df5fd2c\asian gay masturbation glans .rar.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_10.0.19041.1_none_ae957c4c35a7bf73\chinese blowjob sleeping bondage .rar.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_3a3c49005c947bac\indian cumshot hardcore big hotel .mpg.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1202_none_e2f5ebbcec2d8fca\horse hot (!) feet gorgeoushorny .mpg.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.906_none_ef0e010d1381269b\canadian trambling big gorgeoushorny (Gina,Tatjana).zip.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1_none_0b596e2a33be7d4c\swedish beastiality trambling masturbation gorgeoushorny (Christine,Karin).avi.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_10.0.19041.1_none_ee94ce5eb8e7e4c0\asian lesbian hot (!) (Janette).rar.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.746_none_de598551b74a3964\cum hardcore hidden (Karin).mpeg.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Windows\WinSxS\amd64_netfx4-_dataperfcou.._shared12_neutral_h_b03f5f7f11d50a3a_4.0.15805.0_none_24ed4511dcc3019e\canadian bukkake big feet (Sandy,Jade).avi.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1_none_97e9c0335b4cd39a\italian horse sperm hot (!) (Curtney).rar.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\american horse gay voyeur glans hotel .mpg.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Windows\InputMethod\SHARED\blowjob uncut glans .zip.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 224 wrote to memory of 1148 N/A C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe
PID 224 wrote to memory of 1148 N/A C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe
PID 224 wrote to memory of 1148 N/A C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe
PID 224 wrote to memory of 3972 N/A C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe
PID 224 wrote to memory of 3972 N/A C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe
PID 224 wrote to memory of 3972 N/A C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe
PID 1148 wrote to memory of 1724 N/A C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe
PID 1148 wrote to memory of 1724 N/A C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe
PID 1148 wrote to memory of 1724 N/A C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe

Processes

C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe

"C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe"

C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe

"C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe"

C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe

"C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe"

C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe

"C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 226.108.222.173.in-addr.arpa udp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 100.58.20.217.in-addr.arpa udp
US 8.8.8.8:53 84.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 29.151.140.114.in-addr.arpa udp
US 8.8.8.8:53 60.52.37.99.in-addr.arpa udp
US 8.8.8.8:53 4.73.98.57.in-addr.arpa udp
US 8.8.8.8:53 195.238.167.7.in-addr.arpa udp
US 8.8.8.8:53 123.160.85.70.in-addr.arpa udp
US 8.8.8.8:53 150.154.33.92.in-addr.arpa udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 210.108.222.173.in-addr.arpa udp
US 8.8.8.8:53 196.18.158.38.in-addr.arpa udp
US 8.8.8.8:53 1.168.168.210.in-addr.arpa udp
US 8.8.8.8:53 224.221.161.77.in-addr.arpa udp
US 8.8.8.8:53 10.110.25.249.in-addr.arpa udp
US 8.8.8.8:53 221.12.213.168.in-addr.arpa udp
US 8.8.8.8:53 1.52.50.216.in-addr.arpa udp
US 8.8.8.8:53 173.196.183.5.in-addr.arpa udp
US 8.8.8.8:53 33.6.116.174.in-addr.arpa udp
US 8.8.8.8:53 51.15.216.103.in-addr.arpa udp
US 8.8.8.8:53 59.153.206.48.in-addr.arpa udp
US 8.8.8.8:53 91.37.176.40.in-addr.arpa udp
US 8.8.8.8:53 154.98.183.86.in-addr.arpa udp
US 8.8.8.8:53 95.64.103.51.in-addr.arpa udp
US 8.8.8.8:53 2.28.76.242.in-addr.arpa udp
US 8.8.8.8:53 216.101.131.89.in-addr.arpa udp
US 8.8.8.8:53 247.183.255.57.in-addr.arpa udp
US 8.8.8.8:53 103.22.76.112.in-addr.arpa udp
US 8.8.8.8:53 46.133.116.136.in-addr.arpa udp
US 8.8.8.8:53 232.114.78.32.in-addr.arpa udp
US 8.8.8.8:53 137.153.84.205.in-addr.arpa udp
US 8.8.8.8:53 85.232.31.216.in-addr.arpa udp
US 8.8.8.8:53 221.43.35.37.in-addr.arpa udp
US 8.8.8.8:53 108.168.31.127.in-addr.arpa udp
US 8.8.8.8:53 229.42.29.170.in-addr.arpa udp
US 8.8.8.8:53 5.96.144.115.in-addr.arpa udp
US 8.8.8.8:53 98.218.134.208.in-addr.arpa udp
US 8.8.8.8:53 16.84.173.16.in-addr.arpa udp
US 8.8.8.8:53 169.35.62.233.in-addr.arpa udp
US 8.8.8.8:53 81.74.49.14.in-addr.arpa udp
US 8.8.8.8:53 77.235.114.76.in-addr.arpa udp
US 8.8.8.8:53 25.73.42.20.in-addr.arpa udp
US 8.8.8.8:53 21.229.80.202.in-addr.arpa udp
US 8.8.8.8:53 97.247.65.45.in-addr.arpa udp

Files

memory/224-0-0x0000000000400000-0x000000000041C000-memory.dmp

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\american beastiality gay hidden fishy .mpeg.exe

MD5 63be618c1304964c87b6c3951ae473d0
SHA1 b71ef70e37c43de8b314622eea6e9e3c0de50700
SHA256 d3e6b40b16a815291e2b95c2777835b28805500037ae927b608f1aab2e4e60ca
SHA512 9f0bd26ebec716bef3fad730113ff719ecadead395a57eed29a5be85c62555edb75420632e8642cb78462e1ff48d33ce6f0087e902d78624390116c588df1ea6

memory/224-143-0x0000000000400000-0x000000000041C000-memory.dmp

memory/1148-168-0x0000000000400000-0x000000000041C000-memory.dmp

memory/3972-184-0x0000000000400000-0x000000000041C000-memory.dmp

memory/1724-185-0x0000000000400000-0x000000000041C000-memory.dmp

memory/224-186-0x0000000000400000-0x000000000041C000-memory.dmp

memory/224-187-0x0000000000400000-0x000000000041C000-memory.dmp

memory/224-191-0x0000000000400000-0x000000000041C000-memory.dmp

memory/224-204-0x0000000000400000-0x000000000041C000-memory.dmp

memory/224-209-0x0000000000400000-0x000000000041C000-memory.dmp

memory/224-215-0x0000000000400000-0x000000000041C000-memory.dmp

memory/224-229-0x0000000000400000-0x000000000041C000-memory.dmp

memory/224-233-0x0000000000400000-0x000000000041C000-memory.dmp

memory/224-237-0x0000000000400000-0x000000000041C000-memory.dmp

memory/224-241-0x0000000000400000-0x000000000041C000-memory.dmp

memory/224-246-0x0000000000400000-0x000000000041C000-memory.dmp

memory/224-250-0x0000000000400000-0x000000000041C000-memory.dmp

memory/224-254-0x0000000000400000-0x000000000041C000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-03 19:28

Reported

2024-04-03 19:31

Platform

win7-20240221-en

Max time kernel

150s

Max time network

152s

Command Line

"C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe"

Signatures

Detects executables containing possible sandbox analysis VM usernames

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\config\systemprofile\russian cum beast [bangbus] cock .rar.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\tyrkish porn blowjob hot (!) (Samantha).zip.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Windows\System32\LogFiles\Fax\Incoming\black kicking fucking hot (!) titts .zip.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\japanese porn hardcore full movie 40+ .rar.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Windows\SysWOW64\IME\shared\danish nude bukkake hot (!) YEâPSè& .zip.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\american nude hardcore masturbation feet sweet .mpg.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\tyrkish fetish lesbian masturbation leather .mpg.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Windows\System32\DriverStore\Temp\american handjob beast masturbation femdom .mpg.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\bukkake sleeping (Karin).zip.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Windows\SysWOW64\IME\shared\tyrkish cum beast girls hole hairy (Sylvia).avi.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Windows Sidebar\Shared Gadgets\indian animal bukkake [milf] upskirt .mpg.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\bukkake public 40+ (Jenna,Liz).mpg.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\russian gang bang beast hidden stockings .mpeg.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\beast [bangbus] feet 50+ .zip.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Program Files\DVD Maker\Shared\lesbian sleeping .mpeg.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\italian cumshot blowjob lesbian mistress .rar.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\xxx uncut feet (Jenna,Melissa).avi.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\tyrkish kicking fucking several models pregnant .zip.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\beast [bangbus] cock .rar.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Program Files\Windows Journal\Templates\japanese action hardcore girls swallow .zip.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Program Files (x86)\Google\Temp\italian cum trambling big (Samantha).zip.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Program Files (x86)\Google\Update\Download\swedish cumshot trambling licking sm .zip.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\trambling lesbian pregnant (Ashley,Jade).rar.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\russian action beast hidden .zip.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\brasilian cumshot blowjob girls hole hairy .mpeg.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_ddab3bcb3a4ffb45\norwegian lingerie masturbation hole mistress .mpeg.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\brasilian animal xxx several models (Sylvia).mpg.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_2e7f079c3208e549\fucking lesbian (Sarah).zip.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_79642285ffd2a388\kicking lingerie lesbian black hairunshaved .mpeg.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_963e6ae24c653bfe\black handjob beast big (Samantha).mpg.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_4d274741486b900c\indian nude lingerie masturbation feet .rar.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\japanese fetish blowjob uncut 40+ .zip.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\xxx full movie YEâPSè& .zip.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Windows\Downloaded Program Files\bukkake hidden 40+ .mpeg.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f25d066604c2ad34\spanish beast hidden glans penetration .avi.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0af98f1835676d1b\tyrkish nude trambling voyeur granny (Jenna,Sylvia).avi.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Windows\winsxs\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_5e4ff1f4cf2dee9b\german horse several models femdom .zip.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_bacc7ceffc55dca2\african xxx hidden (Liz).avi.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Windows\winsxs\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_a945e2c500c90142\lesbian catfight pregnant .mpeg.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_515dc677700303ec\trambling hidden titts leather (Samantha).rar.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\gay [free] .mpg.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\indian cum lingerie full movie .rar.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Windows\assembly\temp\japanese animal hardcore big cock .avi.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_en-us_00f45b041e1e8fd3\cumshot lingerie uncut feet (Kathrin,Melissa).mpeg.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0993a1b8823a4e79\nude hardcore [free] YEâPSè& .rar.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Windows\winsxs\x86_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_dd18b2a07d49aa11\american porn gay [bangbus] hole ejaculation (Liz).mpeg.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\swedish kicking xxx licking cock .mpg.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_65b23d3c3a97bfaf\beast public (Liz).avi.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_60c2504d62fd4f0e\gay catfight titts redhair .rar.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_94ab98ac6d213009\swedish beastiality beast lesbian ìï .zip.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\horse [bangbus] hole redhair (Curtney).rar.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8bfc34b93f0fdd42\spanish xxx hidden black hairunshaved .avi.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Windows\security\templates\gay lesbian gorgeoushorny .avi.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_94828572f7ddbf0f\malaysia bukkake girls titts .zip.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e30b5ec05031d17d\french blowjob [bangbus] hole fishy .rar.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ac16749b75335680\danish porn trambling hidden 40+ .zip.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_b7f38afb92de484f\african beast public .rar.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_6.1.7600.16385_none_49dd84a06c7c8863\african fucking licking (Melissa).avi.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_6208b91f46896156\horse lesbian big sweet .zip.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\fucking sleeping glans mistress .zip.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\russian kicking sperm voyeur traffic .mpeg.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_f27c4f066f5c6701\italian beastiality blowjob big cock granny .avi.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_9498b282333b64ec\fucking masturbation feet traffic .avi.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_3c93ac15fd731acf\norwegian xxx hot (!) mistress .rar.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_657d9a203abeb154\british trambling [free] hole .zip.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_de-de_5803850b2f40840e\malaysia trambling catfight (Samantha).mpg.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_6.1.7600.16385_none_6377027f0030a06a\french bukkake big (Curtney).avi.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_it-it_18a6fde3093acac7\nude xxx [bangbus] feet (Gina,Liz).zip.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Windows\winsxs\InstallTemp\asian trambling masturbation gorgeoushorny .rar.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_f3c374fc18118ca2\indian nude sperm hot (!) .rar.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\lesbian hidden pregnant .avi.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\Downloads\tyrkish handjob lingerie masturbation 50+ .avi.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\italian kicking trambling catfight hole gorgeoushorny .rar.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\blowjob lesbian feet traffic .zip.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8d9f242de8497d58\danish horse horse masturbation hotel (Kathrin,Curtney).zip.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_095efe9c8261401e\japanese animal xxx big glans .rar.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_3b85bcbe4734e96a\german trambling licking hole ìï (Curtney).rar.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\bukkake full movie titts sm .mpg.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8c6fc5a7aa8c435d\porn gay [bangbus] feet ejaculation .zip.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_34400a5790d1d336\spanish lesbian licking young (Jenna,Melissa).mpeg.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_6b16fa9f975e1109\brasilian gang bang gay uncut young .zip.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\Downloads\xxx full movie titts girly (Janette).rar.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_d81c96999f75bd77\cum trambling [milf] .rar.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_00225053e03f4c04\black cum lingerie masturbation glans fishy .avi.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_6.1.7600.16385_none_a727eb798dcfb185\porn lesbian public (Janette).avi.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_05ea1d9b8e2bf020\lesbian [free] .mpeg.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_965db382b6fef5cb\danish action blowjob public feet granny (Tatjana).zip.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b4aea777fe683838\gang bang lingerie public bedroom .mpeg.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_97a45841ff925aa0\norwegian blowjob lesbian castration (Kathrin,Tatjana).zip.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2320 wrote to memory of 3024 N/A C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe
PID 2320 wrote to memory of 3024 N/A C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe
PID 2320 wrote to memory of 3024 N/A C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe
PID 2320 wrote to memory of 3024 N/A C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe
PID 3024 wrote to memory of 2444 N/A C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe
PID 3024 wrote to memory of 2444 N/A C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe
PID 3024 wrote to memory of 2444 N/A C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe
PID 3024 wrote to memory of 2444 N/A C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe
PID 2320 wrote to memory of 2508 N/A C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe
PID 2320 wrote to memory of 2508 N/A C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe
PID 2320 wrote to memory of 2508 N/A C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe
PID 2320 wrote to memory of 2508 N/A C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe

Processes

C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe

"C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe"

C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe

"C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe"

C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe

"C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe"

C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe

"C:\Users\Admin\AppData\Local\Temp\243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 211.3.140.117.in-addr.arpa udp
US 8.8.8.8:53 21.39.239.176.in-addr.arpa udp
US 8.8.8.8:53 167.207.229.166.in-addr.arpa udp
US 8.8.8.8:53 206.213.125.9.in-addr.arpa udp
US 8.8.8.8:53 107.6.50.217.in-addr.arpa udp
US 8.8.8.8:53 2.96.55.208.in-addr.arpa udp
US 8.8.8.8:53 7.170.239.63.in-addr.arpa udp
US 8.8.8.8:53 14.77.48.228.in-addr.arpa udp
US 8.8.8.8:53 110.70.47.114.in-addr.arpa udp
US 8.8.8.8:53 188.217.232.63.in-addr.arpa udp
US 8.8.8.8:53 77.136.68.146.in-addr.arpa udp
US 8.8.8.8:53 189.67.250.150.in-addr.arpa udp
US 8.8.8.8:53 158.78.25.201.in-addr.arpa udp
US 8.8.8.8:53 255.121.136.229.in-addr.arpa udp
US 8.8.8.8:53 1.217.22.194.in-addr.arpa udp
US 8.8.8.8:53 46.129.201.185.in-addr.arpa udp
US 8.8.8.8:53 138.199.238.48.in-addr.arpa udp
US 8.8.8.8:53 159.159.26.122.in-addr.arpa udp
US 8.8.8.8:53 136.37.216.41.in-addr.arpa udp
US 8.8.8.8:53 66.248.42.94.in-addr.arpa udp
US 8.8.8.8:53 50.27.23.154.in-addr.arpa udp

Files

memory/2320-0-0x0000000000400000-0x000000000041C000-memory.dmp

C:\Program Files\Windows Sidebar\Shared Gadgets\indian animal bukkake [milf] upskirt .mpg.exe

MD5 553f80d628e5674524040d702e2550ce
SHA1 7c2e02f2a9c1aeaca3338190c851d1ad5ee7a6ab
SHA256 1a7e68a7d754ab8a56f231e8f5dc840f6fee98e4b8a87e92d147ec4dada256ea
SHA512 3dce8ac05fbee88267d7fe23ab83bcf3abe7f295a90de8eb802f3954a9d509b02a95712a85c07818d1ca32731c4a5c0da18981b71fa4686db2e2695eb2e50a19

memory/2320-8-0x0000000000530000-0x000000000054C000-memory.dmp

memory/3024-9-0x0000000000400000-0x000000000041C000-memory.dmp

memory/3024-53-0x00000000044A0000-0x00000000044BC000-memory.dmp

memory/2320-54-0x00000000047F0000-0x000000000480C000-memory.dmp

memory/2508-55-0x0000000000400000-0x000000000041C000-memory.dmp

memory/2444-56-0x0000000000400000-0x000000000041C000-memory.dmp

memory/2320-90-0x0000000000400000-0x000000000041C000-memory.dmp

memory/3024-91-0x0000000000400000-0x000000000041C000-memory.dmp

memory/2320-94-0x0000000000400000-0x000000000041C000-memory.dmp

memory/2320-95-0x0000000000400000-0x000000000041C000-memory.dmp

memory/3024-100-0x00000000044A0000-0x00000000044BC000-memory.dmp

memory/2320-101-0x00000000047F0000-0x000000000480C000-memory.dmp

memory/2320-102-0x0000000000400000-0x000000000041C000-memory.dmp

memory/2320-116-0x0000000000400000-0x000000000041C000-memory.dmp

memory/2320-120-0x0000000000400000-0x000000000041C000-memory.dmp

memory/2320-124-0x0000000000400000-0x000000000041C000-memory.dmp

memory/2320-128-0x0000000000400000-0x000000000041C000-memory.dmp

memory/2320-132-0x0000000000400000-0x000000000041C000-memory.dmp

memory/2320-138-0x0000000000400000-0x000000000041C000-memory.dmp

memory/2320-142-0x0000000000400000-0x000000000041C000-memory.dmp

memory/2320-146-0x0000000000400000-0x000000000041C000-memory.dmp

memory/2320-156-0x0000000000400000-0x000000000041C000-memory.dmp

memory/2320-160-0x0000000000400000-0x000000000041C000-memory.dmp

memory/2320-164-0x0000000000400000-0x000000000041C000-memory.dmp