Malware Analysis Report

2025-08-05 09:59

Sample ID 240403-xr79zahh61
Target 1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09
SHA256 1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09
Tags
upx persistence spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09

Threat Level: Known bad

The file 1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09 was found to be: Known bad.

Malicious Activity Summary

upx persistence spyware stealer

UPX dump on OEP (original entry point)

Detects executables containing possible sandbox analysis VM usernames

UPX dump on OEP (original entry point)

UPX packed file

Reads user/profile data of web browsers

Checks computer location settings

Enumerates connected drives

Adds Run key to start application

Drops file in System32 directory

Drops file in Program Files directory

Drops file in Windows directory

Enumerates physical storage devices

Unsigned PE

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-03 19:06

Signatures

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-03 19:06

Reported

2024-04-03 19:08

Platform

win7-20240221-en

Max time kernel

150s

Max time network

149s

Command Line

"C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe"

Signatures

Detects executables containing possible sandbox analysis VM usernames

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\norwegian cum hot (!) swallow .avi.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\fetish porn girls feet latex (Anniston,Tatjana).avi.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\malaysia trambling lingerie full movie (Gina).mpeg.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\norwegian bukkake horse voyeur 40+ .avi.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Windows\SysWOW64\IME\shared\bukkake beast catfight nipples (Ashley).mpg.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\horse voyeur high heels .rar.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Windows\System32\DriverStore\Temp\malaysia cumshot masturbation traffic .mpg.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Windows\SysWOW64\IME\shared\beastiality several models nipples young (Britney,Sonja).mpg.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Windows\System32\LogFiles\Fax\Incoming\tyrkish cumshot hidden ash .mpg.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\lesbian [milf] YEâPSè& .mpeg.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\Microsoft Shared\tyrkish hardcore lesbian lesbian titts 50+ .avi.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Program Files\Windows Journal\Templates\gay [free] upskirt .rar.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\trambling big .mpg.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\action licking traffic .zip.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Program Files\DVD Maker\Shared\cumshot horse catfight .zip.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Program Files (x86)\Google\Update\Download\canadian bukkake bukkake lesbian hole YEâPSè& .zip.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\asian fetish big boots .mpg.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\french kicking [free] sm (Sandy).zip.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Program Files\Windows Sidebar\Shared Gadgets\french kicking hidden mature .avi.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\african cumshot voyeur .mpg.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\indian action beastiality public .mpeg.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\chinese gang bang hot (!) lady .mpg.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\malaysia horse [bangbus] young .rar.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Program Files (x86)\Google\Temp\sperm gang bang [bangbus] nipples .mpg.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\indian porn licking legs boots .zip.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05\italian fetish lesbian catfight castration (Melissa).avi.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0835101f2d90c7b6\beast porn [bangbus] blondie (Janette).avi.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_4fe2107fd06efdd8\fucking uncut swallow (Jenna).rar.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_1412267f4b3bb985\horse sperm full movie .avi.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Windows\winsxs\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_5e4ff1f4cf2dee9b\action public 50+ .avi.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_4d274741486b900c\chinese blowjob xxx catfight .avi.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Windows\assembly\temp\indian fucking trambling [free] feet fishy .mpeg.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Windows\SoftwareDistribution\Download\horse public .avi.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\african gang bang public hole .mpg.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\Downloads\bukkake uncut (Janette,Anniston).mpg.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\Downloads\british nude several models castration .rar.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_657d9a203abeb154\horse full movie nipples 50+ .rar.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_05ea1d9b8e2bf020\cumshot licking hairy .avi.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\fetish [free] cock gorgeoushorny .avi.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\cum fucking licking .zip.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8c6fc5a7aa8c435d\gang bang gay [bangbus] feet YEâPSè& .zip.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_6f0f7833cb71e18d\gang bang lingerie catfight ìï (Kathrin,Sonja).mpg.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_es-es_00bfb7e81e458178\british gay gay hidden (Britney,Kathrin).zip.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_97a45841ff925aa0\sperm xxx hidden titts fishy (Sonja,Curtney).zip.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Windows\winsxs\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_dba3691c6002e10e\hardcore girls .avi.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_f3c374fc18118ca2\handjob big feet castration (Gina,Sonja).mpg.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\kicking licking .rar.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ad7c61fb28607522\horse [free] vagina .mpg.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_963e6ae24c653bfe\canadian beastiality [bangbus] sm .mpeg.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\sperm horse catfight blondie .rar.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_3b85bcbe4734e96a\danish horse hardcore hidden legs (Sandy).mpg.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_6.1.7600.16385_none_2958d4a31d2ec64f\swedish horse gay [bangbus] .mpeg.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_293ea1e3e6bc5364\indian trambling animal voyeur cock castration .zip.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_65b23d3c3a97bfaf\nude [milf] vagina ejaculation (Sylvia,Gina).mpeg.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_2e7f079c3208e549\italian animal cumshot masturbation shoes (Karin).rar.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\lingerie animal hidden leather (Tatjana).mpg.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_99b74194b7347cab\bukkake [milf] .mpeg.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a3772de7111797da\italian kicking licking redhair .avi.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0ac4ebfc358e5ec0\british gang bang nude [milf] (Britney).mpg.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Windows\winsxs\InstallTemp\american kicking several models ash .mpeg.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_f27c4f066f5c6701\gay [bangbus] YEâPSè& (Melissa,Jenna).mpg.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_34400a5790d1d336\japanese horse lesbian black hairunshaved .zip.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_f0ca3430257ea13f\asian gay beast hidden 40+ .mpg.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_6.1.7600.16385_none_a727eb798dcfb185\russian cumshot porn public ìï .rar.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\hardcore girls wifey .rar.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_94828572f7ddbf0f\malaysia cum handjob [bangbus] femdom .rar.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f25d066604c2ad34\handjob nude hot (!) beautyfull .avi.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Windows\PLA\Templates\nude masturbation bedroom .mpg.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\malaysia xxx sperm uncut hotel .mpeg.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_79642285ffd2a388\lesbian horse hot (!) beautyfull .avi.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_60a2cbbf935c42b4\german action nude [milf] YEâPSè& .rar.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Windows\assembly\tmp\british bukkake lesbian titts .mpg.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ea4a469ab7713182\norwegian cum hot (!) legs .mpg.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_b7f38afb92de484f\fucking [bangbus] legs (Jade).mpeg.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\british blowjob [free] bondage .mpg.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_bcc167434bb9b3ea\japanese xxx action several models .mpg.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2fc4a33adb648f33\german bukkake cumshot hidden .avi.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_60c2504d62fd4f0e\japanese action voyeur .rar.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\french xxx porn licking cock Ôë .zip.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_bacc7ceffc55dca2\russian nude xxx girls beautyfull .zip.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_387a16fe7addf3b6\french horse lingerie girls redhair (Sonja,Sylvia).zip.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\african lingerie lingerie full movie .rar.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_de-de_5803850b2f40840e\american blowjob sleeping hairy (Anniston).zip.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Windows\winsxs\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_39374e2435a71b47\german animal uncut boobs ash .zip.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_cd2006602e5ee22e\trambling nude girls (Liz,Liz).zip.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\norwegian sperm animal public high heels .avi.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_6.1.7600.16385_none_af6f98ff87b0e3cc\animal hardcore [free] .mpeg.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Windows\winsxs\amd64_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_c26c5b8280c6af34\handjob uncut pregnant .zip.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\danish gang bang girls .avi.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2228 wrote to memory of 2752 N/A C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe
PID 2228 wrote to memory of 2752 N/A C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe
PID 2228 wrote to memory of 2752 N/A C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe
PID 2228 wrote to memory of 2752 N/A C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe
PID 2752 wrote to memory of 1300 N/A C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe
PID 2752 wrote to memory of 1300 N/A C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe
PID 2752 wrote to memory of 1300 N/A C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe
PID 2752 wrote to memory of 1300 N/A C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe

Processes

C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe

"C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe"

C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe

"C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe"

C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe

"C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 108.76.246.204.in-addr.arpa udp
US 8.8.8.8:53 2.132.132.148.in-addr.arpa udp
US 8.8.8.8:53 28.66.95.41.in-addr.arpa udp
US 8.8.8.8:53 28.248.147.218.in-addr.arpa udp
US 8.8.8.8:53 159.187.90.172.in-addr.arpa udp
US 8.8.8.8:53 6.237.238.167.in-addr.arpa udp
US 8.8.8.8:53 112.199.5.208.in-addr.arpa udp
US 8.8.8.8:53 171.202.156.190.in-addr.arpa udp
US 8.8.8.8:53 157.248.203.24.in-addr.arpa udp
US 8.8.8.8:53 40.172.215.23.in-addr.arpa udp
US 8.8.8.8:53 102.51.30.67.in-addr.arpa udp
US 8.8.8.8:53 242.51.208.74.in-addr.arpa udp
US 8.8.8.8:53 151.67.15.176.in-addr.arpa udp
US 8.8.8.8:53 137.101.88.166.in-addr.arpa udp
US 8.8.8.8:53 182.249.36.234.in-addr.arpa udp
US 8.8.8.8:53 189.161.215.110.in-addr.arpa udp
US 8.8.8.8:53 48.19.139.50.in-addr.arpa udp
US 8.8.8.8:53 32.99.155.155.in-addr.arpa udp
US 8.8.8.8:53 106.89.4.71.in-addr.arpa udp
US 8.8.8.8:53 236.80.186.28.in-addr.arpa udp
US 8.8.8.8:53 106.163.211.10.in-addr.arpa udp
US 8.8.8.8:53 143.90.153.157.in-addr.arpa udp
US 8.8.8.8:53 38.163.75.225.in-addr.arpa udp
US 8.8.8.8:53 252.231.127.178.in-addr.arpa udp
US 8.8.8.8:53 136.61.175.204.in-addr.arpa udp
US 8.8.8.8:53 70.92.151.224.in-addr.arpa udp
US 8.8.8.8:53 165.119.132.115.in-addr.arpa udp

Files

memory/2228-0-0x0000000000400000-0x000000000041E000-memory.dmp

C:\Program Files\Windows Sidebar\Shared Gadgets\french kicking hidden mature .avi.exe

MD5 d6edfcf7e4bfa498161bd32b16027e65
SHA1 c48e98774389ae1453e5bece4b39dc24aabdeec5
SHA256 5ae0089b15b8a4cde6fe0493323dff4f2afff798ad575d8231768c3910a5368f
SHA512 51b29ccd2fc705b6625a515656d3d18c56f1259474a0e4c92b89eb757a11696b6220a0f90a14e01c5c355098020642409a6f635170f7b32631288b12e759e061

memory/2228-51-0x0000000005960000-0x000000000597E000-memory.dmp

memory/2752-54-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2752-86-0x0000000004DD0000-0x0000000004DEE000-memory.dmp

memory/1300-87-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2228-89-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2752-92-0x0000000000400000-0x000000000041E000-memory.dmp

C:\debug.txt

MD5 3b08522a3c3206c4a4311b1e1776dc8b
SHA1 6115352ae8d47c0e665f16ff9d1423e7a71d9a91
SHA256 22accc3aa9270023e691cd400c10e6269546600f9cb3b1332ed2f8e252581570
SHA512 4ec4c168d352532ba4708f20a03539dc655d76a418d51e4416af8d988b2d01641fd78823f67d919c2fb89228d0e25b6e802975288e08967388354cdc926c655f

memory/1300-101-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2228-103-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2228-102-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2228-104-0x0000000005960000-0x000000000597E000-memory.dmp

memory/2752-107-0x0000000004DD0000-0x0000000004DEE000-memory.dmp

memory/2228-108-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2228-111-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2228-114-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2228-119-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2228-122-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2228-125-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2228-128-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2228-131-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2228-134-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2228-137-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2228-140-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2228-143-0x0000000000400000-0x000000000041E000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-04-03 19:06

Reported

2024-04-03 19:08

Platform

win10v2004-20240226-en

Max time kernel

150s

Max time network

155s

Command Line

"C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe"

Signatures

Detects executables containing possible sandbox analysis VM usernames

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\black nude blowjob girls .avi.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\russian handjob lesbian several models hole hotel .rar.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Windows\System32\DriverStore\Temp\brasilian kicking blowjob [free] penetration .mpeg.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\russian action beast voyeur (Samantha).mpg.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\brasilian gang bang blowjob big shower .mpeg.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\indian kicking sperm uncut boots .avi.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Windows\SysWOW64\IME\SHARED\horse uncut castration .zip.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\lingerie public hole high heels .zip.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Windows\SysWOW64\IME\SHARED\american cum bukkake big (Melissa).mpg.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Windows\System32\LogFiles\Fax\Incoming\beast several models titts shower .avi.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\indian animal lesbian girls (Jade).rar.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\brasilian beastiality gay uncut .mpg.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Common Files\Microsoft Shared\hardcore licking high heels .avi.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Program Files (x86)\Google\Update\Download\italian action lesbian [milf] cock .rar.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\italian cumshot trambling uncut upskirt .zip.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Program Files\Windows Sidebar\Shared Gadgets\russian animal gay hot (!) beautyfull .mpg.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Program Files (x86)\Google\Temp\fucking licking (Melissa).mpg.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\italian beastiality horse hidden hole traffic .avi.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\blowjob big glans ash (Janette).avi.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Program Files\Microsoft Office\Updates\Download\italian handjob lesbian hidden balls .zip.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\black kicking bukkake uncut (Samantha).mpeg.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\fetish blowjob catfight titts .avi.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\black beastiality hardcore big glans .rar.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\beast lesbian (Jade).mpeg.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\black cum beast masturbation feet (Jenna,Sarah).mpg.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Program Files\dotnet\shared\lesbian [free] cock (Christine,Sarah).rar.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\brasilian nude lesbian hidden hole .avi.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\russian handjob sperm public titts shoes .avi.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\swedish beastiality gay uncut hole balls (Samantha).mpeg.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Program Files\Common Files\microsoft shared\japanese porn bukkake lesbian .zip.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\horse hot (!) high heels .avi.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_7860bee9439c3ae7\gay girls titts (Christine,Sylvia).rar.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..mon-sharedresources_31bf3856ad364e35_10.0.19041.1_none_5417ea1f38dbb76b\spanish lesbian licking (Jade).avi.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Windows\WinSxS\amd64_netfx4-_dataperfcou.._shared12_neutral_h_b03f5f7f11d50a3a_4.0.15805.0_none_24ed4511dcc3019e\chinese lingerie catfight pregnant .zip.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\horse [free] ¤ç .zip.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_e79b400a6df5fd2c\cum blowjob licking mistress (Gina,Karin).zip.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_it-it_1a80ce63d483fe70\cumshot lesbian hot (!) sm .mpeg.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_56cd15352969a8d0\porn beast voyeur glans beautyfull .mpg.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_10.0.19041.1_none_a3d9a07cf2290837\horse several models ejaculation .mpg.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_14c898cc82025c76\handjob lesbian [free] .mpeg.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.1_none_6e0e425bd0e83959\beast [bangbus] glans .zip.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_fad1fa0072ef4a3a\indian action sperm uncut mature .mpg.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\templates\danish cum lingerie girls glans mistress (Janette).zip.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_de-de_881b257d159a5de8\kicking trambling hot (!) cock .avi.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.844_none_67b5915b5651dd8a\fetish xxx girls circumcision (Sonja,Tatjana).rar.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Windows\WinSxS\x86_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_10.0.19041.1_none_d980e9752d51efac\gay sleeping titts .rar.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Windows\InputMethod\SHARED\black animal blowjob public cock sm .mpg.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.906_none_ef0e010d1381269b\horse horse several models feet sweet (Jade).mpeg.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.746_none_d404daff82e97769\chinese lesbian licking hotel (Sandy,Curtney).rar.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Windows\WinSxS\amd64_netfx-aspnet-nonwow64-shared_b03f5f7f11d50a3a_4.0.19041.1_none_d66d07dacac85e2d\lingerie full movie mature .avi.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\black fetish xxx [bangbus] hotel .mpg.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_d58d4747b1d5988c\japanese kicking trambling licking .rar.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Windows\SystemResources\Windows.ShellCommon.SharedResources\swedish kicking hardcore licking titts .avi.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.867_en-us_49453482f1fb5356\black gang bang fucking masturbation titts hairy .mpg.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_6242879b1c08046f\african lingerie hidden granny .mpeg.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.1_none_d12f2a9a88909fc2\norwegian lingerie uncut hole .zip.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_en-us_64f5aaf4bb13ecef\canadian sperm big blondie .zip.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_10.0.19041.1_none_4ac6500cab2b2113\nude gay hidden upskirt .mpg.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_4c786ae2f508e6d5\fetish sperm several models .zip.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_2fe79eae2833b9b1\brasilian animal hardcore lesbian feet .mpg.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_10.0.19041.1_none_ae957c4c35a7bf73\asian blowjob public feet (Kathrin,Karin).avi.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Windows\WinSxS\x86_netfx4-installsqlstatetemplate_sql_b03f5f7f11d50a3a_4.0.15805.0_none_bde408a455fc3ece\german beast sleeping sm .mpg.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.746_none_96167fa49059f7a3\horse several models ejaculation .avi.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-update-upshared_31bf3856ad364e35_10.0.19041.84_none_85259eff919b7c9e\russian horse hardcore [milf] cock .mpg.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Windows\WinSxS\amd64_netfx-shared_registry_whidbey_31bf3856ad364e35_10.0.19041.1_none_1c68775f06732f08\malaysia lingerie public (Janette).avi.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.746_none_de598551b74a3964\swedish animal trambling [bangbus] glans (Sonja,Tatjana).rar.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-u..ell-sharedutilities_31bf3856ad364e35_10.0.19041.546_none_a93e4a2569276206\canadian blowjob voyeur feet fishy .zip.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_b1ffa0e7b4ed03e2\cum gay several models titts granny (Karin).avi.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Windows\security\templates\japanese handjob xxx [bangbus] cock traffic .rar.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_19d22204a1f3fcaf\cum beast full movie .avi.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.153_none_e23c926e32d07dc1\cum blowjob public mistress .mpeg.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_f8d34ba1b1eb00de\swedish animal lesbian sleeping girly (Sonja,Samantha).rar.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_es-es_30d7585a049f5b52\malaysia trambling uncut castration .zip.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1_none_0b596e2a33be7d4c\cumshot bukkake sleeping hole ejaculation .rar.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.1_none_f42978969c79336a\canadian bukkake hot (!) .avi.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_it-it_56adcc94becfef03\tyrkish horse gay uncut castration .zip.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.746_none_d01527cffa9c25bc\danish beastiality sperm full movie castration (Ashley,Liz).mpg.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_de-de_e4e52f411b7b0526\indian kicking fucking [bangbus] feet young .mpg.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1202_none_e2f5ebbcec2d8fca\hardcore big shoes .rar.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Windows\WinSxS\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_10.0.19041.1_none_15ba23b7f1e2b81b\brasilian horse trambling masturbation cock .avi.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.546_none_cd016aa683e5a345\italian cumshot beast hidden granny .zip.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1151_none_fbdc4c5f677dc2ec\tyrkish action xxx girls femdom .mpg.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedrealitysvc_31bf3856ad364e35_10.0.19041.1_none_5a23b464e1e0b15e\tyrkish handjob gay licking (Curtney).rar.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_10.0.19041.1_none_ee94ce5eb8e7e4c0\italian porn bukkake [milf] (Sylvia).zip.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_es-es_8da1621e0a800290\african hardcore masturbation upskirt .mpg.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.1_none_b6514808f7d87b1a\swedish handjob sperm public hairy .mpeg.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1_none_a23e6a858fad9595\action xxx [bangbus] .rar.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_en-us_310bfb76047869ad\tyrkish handjob bukkake hot (!) glans beautyfull (Melissa).zip.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_ee7ea14f7d8a3ee3\russian cumshot trambling hidden (Tatjana).rar.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedrealitysvc_31bf3856ad364e35_10.0.19041.746_none_822bf1ada1526fa8\beastiality fucking big hotel .avi.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_fe0807c37141be7a\swedish animal trambling [bangbus] titts young .zip.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.1_none_abfc9db6c377b91f\black cumshot beast several models titts ash (Janette).rar.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_fd7349c396c417ae\british bukkake uncut .avi.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.1_none_b201c2e68d8dbc0d\handjob lingerie voyeur (Curtney).avi.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1272 wrote to memory of 1944 N/A C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe
PID 1272 wrote to memory of 1944 N/A C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe
PID 1272 wrote to memory of 1944 N/A C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe
PID 1272 wrote to memory of 4804 N/A C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe
PID 1272 wrote to memory of 4804 N/A C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe
PID 1272 wrote to memory of 4804 N/A C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe
PID 1944 wrote to memory of 4144 N/A C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe
PID 1944 wrote to memory of 4144 N/A C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe
PID 1944 wrote to memory of 4144 N/A C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe

Processes

C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe

"C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe"

C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe

"C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe"

C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe

"C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe"

C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe

"C:\Users\Admin\AppData\Local\Temp\1a8b2667ecef2f5c8a171705ad1573a2b4db7581ed181331f152c925491eba09.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 241.66.18.2.in-addr.arpa udp
US 8.8.8.8:53 74.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 218.122.19.2.in-addr.arpa udp
US 8.8.8.8:53 33.130.120.42.in-addr.arpa udp
US 8.8.8.8:53 77.184.110.91.in-addr.arpa udp
US 8.8.8.8:53 55.255.103.195.in-addr.arpa udp
US 8.8.8.8:53 250.44.18.164.in-addr.arpa udp
US 8.8.8.8:53 74.169.226.32.in-addr.arpa udp
US 8.8.8.8:53 149.222.242.154.in-addr.arpa udp
US 8.8.8.8:53 80.161.52.32.in-addr.arpa udp
US 8.8.8.8:53 5.50.254.218.in-addr.arpa udp
US 8.8.8.8:53 5.15.69.46.in-addr.arpa udp
US 8.8.8.8:53 252.76.81.227.in-addr.arpa udp
US 8.8.8.8:53 77.63.144.197.in-addr.arpa udp
US 8.8.8.8:53 152.32.112.35.in-addr.arpa udp
US 8.8.8.8:53 199.136.17.147.in-addr.arpa udp
US 8.8.8.8:53 36.233.145.8.in-addr.arpa udp
US 8.8.8.8:53 55.55.14.65.in-addr.arpa udp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 219.132.109.139.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 228.162.225.209.in-addr.arpa udp
US 8.8.8.8:53 206.14.36.96.in-addr.arpa udp
US 8.8.8.8:53 179.138.155.251.in-addr.arpa udp
US 8.8.8.8:53 225.54.242.220.in-addr.arpa udp
US 8.8.8.8:53 40.140.8.184.in-addr.arpa udp
US 8.8.8.8:53 105.144.228.53.in-addr.arpa udp
US 8.8.8.8:53 112.151.211.230.in-addr.arpa udp
US 8.8.8.8:53 229.41.123.27.in-addr.arpa udp
US 8.8.8.8:53 188.119.136.170.in-addr.arpa udp
US 8.8.8.8:53 195.233.64.168.in-addr.arpa udp
US 8.8.8.8:53 172.227.220.98.in-addr.arpa udp
US 8.8.8.8:53 238.40.254.21.in-addr.arpa udp
US 8.8.8.8:53 224.143.70.89.in-addr.arpa udp
US 8.8.8.8:53 64.105.8.127.in-addr.arpa udp
US 8.8.8.8:53 75.187.239.110.in-addr.arpa udp
US 8.8.8.8:53 235.224.86.42.in-addr.arpa udp
US 8.8.8.8:53 15.91.128.89.in-addr.arpa udp
US 8.8.8.8:53 5.208.181.177.in-addr.arpa udp
US 8.8.8.8:53 245.228.61.96.in-addr.arpa udp
US 8.8.8.8:53 1.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 159.117.134.205.in-addr.arpa udp

Files

memory/1272-0-0x0000000000400000-0x000000000041E000-memory.dmp

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\black cum beast masturbation feet (Jenna,Sarah).mpg.exe

MD5 12f34df4f2cd5c45b99c5bf9d85df451
SHA1 b4f743b74a2c24bb0f53d22d07fc8804122b6b52
SHA256 40e428408947d8386bc729b82010e40c3685c69dc864e840df1e54a1bea54874
SHA512 6868989e860dd4af39f113073f2102e7e903772290843d109f5fc36f0d3f12f12d605823a7d039598edb766431ea38ff3bfea4cca28c8c2a26b98a4f61706968

memory/1272-144-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1944-164-0x0000000000400000-0x000000000041E000-memory.dmp

memory/4804-183-0x0000000000400000-0x000000000041E000-memory.dmp

memory/4144-184-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1272-185-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1272-186-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1272-190-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1272-203-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1272-208-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1272-212-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1272-218-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1272-228-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1272-232-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1272-236-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1272-240-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1272-244-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1272-249-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1272-253-0x0000000000400000-0x000000000041E000-memory.dmp