Malware Analysis Report

2025-08-05 09:59

Sample ID 240403-xrs52shh6t
Target 1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47
SHA256 1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47
Tags
upx persistence spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47

Threat Level: Known bad

The file 1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47 was found to be: Known bad.

Malicious Activity Summary

upx persistence spyware stealer

UPX dump on OEP (original entry point)

UPX dump on OEP (original entry point)

Detects executables containing possible sandbox analysis VM usernames

Reads user/profile data of web browsers

Checks computer location settings

UPX packed file

Adds Run key to start application

Enumerates connected drives

Drops file in System32 directory

Drops file in Program Files directory

Drops file in Windows directory

Enumerates physical storage devices

Unsigned PE

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-03 19:05

Signatures

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-03 19:05

Reported

2024-04-03 19:08

Platform

win7-20240221-en

Max time kernel

150s

Max time network

149s

Command Line

"C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe"

Signatures

Detects executables containing possible sandbox analysis VM usernames

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\config\systemprofile\handjob cumshot full movie stockings (Gina,Christine).mpg.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\black animal xxx [milf] wifey .mpg.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Windows\System32\DriverStore\Temp\asian handjob action [bangbus] .avi.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\swedish horse fetish public fishy .mpg.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\brasilian sperm hidden stockings .mpg.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\gang bang kicking licking beautyfull .rar.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Windows\SysWOW64\IME\shared\russian horse sleeping mature .mpeg.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Windows\SysWOW64\IME\shared\blowjob catfight .avi.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Windows\System32\LogFiles\Fax\Incoming\cumshot sleeping .avi.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\japanese lesbian horse catfight .zip.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\Microsoft Shared\handjob gay hot (!) bedroom (Sonja).mpeg.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Program Files\DVD Maker\Shared\french kicking several models .rar.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Program Files\Windows Journal\Templates\bukkake lesbian shoes .rar.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\gay [bangbus] hairy .rar.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\american action big latex (Karin).rar.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Program Files (x86)\Google\Temp\african trambling action [free] lady .mpg.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Program Files (x86)\Google\Update\Download\fetish gang bang lesbian boobs .rar.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\tyrkish fucking [bangbus] (Sarah).mpg.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\sperm full movie ash castration (Sarah).avi.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\american kicking beast catfight black hairunshaved .avi.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Program Files\Windows Sidebar\Shared Gadgets\asian xxx several models boobs 40+ .mpeg.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\american beast voyeur swallow .avi.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\horse catfight boobs (Curtney).zip.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\african cum lesbian several models boots .mpg.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\japanese fucking several models shower .zip.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_1412267f4b3bb985\nude cumshot hot (!) girly .zip.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Windows\winsxs\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_5e4ff1f4cf2dee9b\indian hardcore lesbian big shower (Samantha).zip.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_aedaf3947d09fbe5\french lingerie cumshot public mature .mpeg.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_3b85bcbe4734e96a\american lingerie public ìï (Samantha,Janette).mpeg.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Windows\SoftwareDistribution\Download\chinese kicking big .mpeg.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_963e6ae24c653bfe\danish gang bang hidden feet lady .rar.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_ddab3bcb3a4ffb45\swedish fucking girls .rar.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_b7f38afb92de484f\african lesbian sleeping legs mature .rar.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\beast cum public (Karin,Gina).mpeg.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\spanish trambling hardcore [milf] titts (Samantha,Sonja).mpg.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_97a45841ff925aa0\horse action hidden legs (Melissa,Jenna).rar.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ac16749b75335680\canadian handjob gay [milf] .rar.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_94828572f7ddbf0f\gay full movie pregnant (Sandy,Curtney).mpg.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\kicking fucking [free] glans (Curtney,Sandy).mpg.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\black kicking uncut feet femdom .rar.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_387a16fe7addf3b6\french horse animal catfight feet .mpeg.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_4d274741486b900c\beastiality [milf] pregnant .rar.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\fetish full movie 50+ .zip.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_6.1.7600.16385_none_5499606faffb3f9f\african porn hardcore full movie cock granny .mpeg.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\italian blowjob voyeur feet gorgeoushorny (Liz,Kathrin).mpeg.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\Downloads\action blowjob big girly .mpg.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_de-de_5803850b2f40840e\beastiality licking balls .zip.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_60a2cbbf935c42b4\black sperm girls (Jenna,Melissa).mpeg.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_99b74194b7347cab\french fucking cum masturbation .avi.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8bfc34b93f0fdd42\handjob lesbian penetration .avi.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_7f84cd98a7a56fd8\horse trambling hot (!) glans pregnant .mpg.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_6.1.7600.16385_none_6377027f0030a06a\swedish handjob hot (!) upskirt .avi.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_6208b91f46896156\action lesbian mistress .rar.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\cumshot horse full movie .mpg.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_293ea1e3e6bc5364\british gay voyeur glans blondie .avi.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ea4a469ab7713182\blowjob hidden feet traffic .avi.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_en-us_00f45b041e1e8fd3\fucking voyeur vagina (Sonja).avi.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_f3c374fc18118ca2\italian fetish horse sleeping feet (Ashley).mpeg.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\tyrkish horse [bangbus] .mpg.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Windows\Downloaded Program Files\beast hardcore [free] (Jade).mpeg.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Windows\winsxs\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_dba3691c6002e10e\italian fucking hot (!) titts (Curtney,Karin).avi.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0993a1b8823a4e79\porn blowjob [milf] feet pregnant .avi.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05\action several models .rar.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_bcc167434bb9b3ea\british lingerie beast hidden .zip.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_65b23d3c3a97bfaf\danish lingerie uncut (Jade).rar.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0af98f1835676d1b\japanese beast [milf] .zip.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\spanish porn xxx [milf] .mpeg.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_515dc677700303ec\italian blowjob [milf] 40+ (Tatjana).zip.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\russian beastiality sleeping .rar.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Windows\security\templates\american porn lingerie uncut ash .avi.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\malaysia porn kicking [free] YEâPSè& (Gina).avi.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b4aea777fe683838\african animal lingerie hidden vagina (Sonja).mpg.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\japanese kicking horse hot (!) latex .avi.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_39c9d74ef2ad6c7b\malaysia kicking public (Sonja,Gina).mpg.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_79642285ffd2a388\xxx hot (!) boots .mpeg.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_94ab98ac6d213009\indian beastiality cum full movie latex .rar.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\norwegian beast fetish hot (!) 50+ .rar.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2fc4a33adb648f33\beast beast full movie young (Sarah,Britney).avi.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_aea650787d30ed8a\canadian lingerie lesbian vagina (Tatjana).mpg.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_664dbffec8693dfe\beastiality masturbation mature .avi.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\canadian beastiality sperm hot (!) .zip.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_00225053e03f4c04\canadian fucking several models .avi.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_6.1.7600.16385_none_af6f98ff87b0e3cc\xxx masturbation .mpeg.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_095efe9c8261401e\japanese bukkake big fishy .rar.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_d81c96999f75bd77\italian horse horse [milf] titts mistress .mpeg.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e30b5ec05031d17d\indian porn blowjob several models .rar.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_9498b282333b64ec\sperm kicking [bangbus] gorgeoushorny .zip.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_6.1.7600.16385_none_2958d4a31d2ec64f\action [free] ash .rar.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5d9f7d70ed4643fd\black hardcore public fishy .rar.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2132 wrote to memory of 2788 N/A C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe
PID 2132 wrote to memory of 2788 N/A C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe
PID 2132 wrote to memory of 2788 N/A C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe
PID 2132 wrote to memory of 2788 N/A C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe
PID 2788 wrote to memory of 2728 N/A C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe
PID 2788 wrote to memory of 2728 N/A C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe
PID 2788 wrote to memory of 2728 N/A C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe
PID 2788 wrote to memory of 2728 N/A C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe

Processes

C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe

"C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe"

C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe

"C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe"

C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe

"C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 137.70.23.43.in-addr.arpa udp
US 8.8.8.8:53 207.47.13.70.in-addr.arpa udp
US 8.8.8.8:53 6.252.113.253.in-addr.arpa udp
US 8.8.8.8:53 22.29.247.67.in-addr.arpa udp
US 8.8.8.8:53 64.242.192.30.in-addr.arpa udp
US 8.8.8.8:53 203.23.18.86.in-addr.arpa udp
US 8.8.8.8:53 41.50.68.5.in-addr.arpa udp
US 8.8.8.8:53 51.201.74.9.in-addr.arpa udp
US 8.8.8.8:53 32.227.163.111.in-addr.arpa udp
US 8.8.8.8:53 147.121.101.174.in-addr.arpa udp
US 8.8.8.8:53 36.56.107.57.in-addr.arpa udp
US 8.8.8.8:53 126.18.115.212.in-addr.arpa udp
US 8.8.8.8:53 171.23.14.121.in-addr.arpa udp
US 8.8.8.8:53 80.181.66.185.in-addr.arpa udp
US 8.8.8.8:53 22.19.204.7.in-addr.arpa udp
US 8.8.8.8:53 60.107.191.184.in-addr.arpa udp
US 8.8.8.8:53 205.194.235.213.in-addr.arpa udp
US 8.8.8.8:53 33.147.246.178.in-addr.arpa udp
US 8.8.8.8:53 200.110.177.40.in-addr.arpa udp
US 8.8.8.8:53 153.196.80.27.in-addr.arpa udp
US 8.8.8.8:53 19.188.179.159.in-addr.arpa udp
US 8.8.8.8:53 38.87.201.34.in-addr.arpa udp
US 8.8.8.8:53 253.178.193.248.in-addr.arpa udp
US 8.8.8.8:53 195.197.81.168.in-addr.arpa udp
US 8.8.8.8:53 156.3.25.245.in-addr.arpa udp
US 8.8.8.8:53 233.168.223.185.in-addr.arpa udp

Files

memory/2132-0-0x0000000000400000-0x000000000041E000-memory.dmp

C:\Program Files\Windows Sidebar\Shared Gadgets\asian xxx several models boobs 40+ .mpeg.exe

MD5 7806f4ab7dc717fde2eedea1cb8ecbba
SHA1 165209eb4028c93accbe627e5c84503401edcf2f
SHA256 d451641a4fef71ddccfe10c791201dfa890a558086b1b41ffef8d1b8a6a36cab
SHA512 a65ab3599f83c3daf8d75aa76ab028ec201c238f772b7dc9f686bb80847c2b2801c24bda8450bfe4b8e6bdddce82de190075bf7e483dc701303b790cda09cd4f

memory/2132-51-0x0000000004A50000-0x0000000004A6E000-memory.dmp

memory/2788-52-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2788-87-0x00000000045C0000-0x00000000045DE000-memory.dmp

memory/2728-88-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2132-90-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2788-91-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2728-94-0x0000000000400000-0x000000000041E000-memory.dmp

C:\debug.txt

MD5 7ce5931cf33c91ee8e59d9c7cda39d08
SHA1 77d5770793ad426ecbccc3859bba8b34e9ed819e
SHA256 0f150abaaafd0c67c692ea1bfafb756a436f10c0809a18c86f87ef75bbafa77d
SHA512 1d078cb9c87bc36b6f8ffe56e4c0cf1de0e8a9e6d340a0030e162c86a163c116f5503f696c1640f71e23c0ab802adadf0c6a931ca6b4528e4a29b9dcd4e7931d

memory/2132-103-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2132-106-0x0000000004A50000-0x0000000004A6E000-memory.dmp

memory/2788-107-0x00000000045C0000-0x00000000045DE000-memory.dmp

memory/2132-108-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2132-111-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2132-114-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2132-119-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2132-122-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2132-125-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2132-128-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2132-131-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2132-134-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2132-137-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2132-140-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2132-143-0x0000000000400000-0x000000000041E000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-04-03 19:05

Reported

2024-04-03 19:08

Platform

win10v2004-20240226-en

Max time kernel

157s

Max time network

162s

Command Line

"C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe"

Signatures

Detects executables containing possible sandbox analysis VM usernames

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\LogFiles\Fax\Incoming\british trambling kicking big .mpeg.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\black trambling lesbian sleeping .avi.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\blowjob horse sleeping beautyfull .rar.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\lesbian animal sleeping pregnant .avi.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\canadian beast action hidden .mpg.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Windows\System32\DriverStore\Temp\gang bang fetish uncut hole sm (Janette).rar.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\indian beast hot (!) titts (Sylvia).avi.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Windows\SysWOW64\IME\SHARED\french beastiality [bangbus] fishy (Sonja).rar.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\french trambling uncut (Sonja).zip.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\german cum big shower (Anniston).zip.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Windows\SysWOW64\IME\SHARED\xxx big .rar.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\handjob uncut vagina .mpg.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Common Files\Microsoft Shared\italian beastiality trambling full movie pregnant .avi.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Program Files\dotnet\shared\gay sperm [milf] hole .mpg.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\lingerie sperm [free] legs pregnant (Kathrin).rar.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Program Files\Microsoft Office\Updates\Download\indian beastiality big circumcision .mpeg.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Program Files\Windows Sidebar\Shared Gadgets\lingerie hidden .rar.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\xxx porn hidden vagina balls .mpeg.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\nude horse voyeur castration (Curtney).mpg.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\spanish action cumshot masturbation ejaculation .mpg.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\norwegian kicking hot (!) cock traffic (Sonja).mpeg.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\german kicking catfight .mpg.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\lesbian girls black hairunshaved .zip.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Program Files (x86)\Google\Temp\danish nude fucking uncut .zip.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\lingerie sperm sleeping hairy .avi.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Program Files\Common Files\microsoft shared\swedish lingerie lesbian ash (Sandy,Sandy).avi.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\indian horse catfight glans .mpeg.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\black hardcore animal uncut fishy (Anniston,Britney).zip.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Program Files (x86)\Google\Update\Download\beast cum several models hole mistress .rar.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\swedish beast fetish [free] .zip.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.1_none_fa09f84703cb02c5\swedish fucking catfight YEâPSè& .mpg.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.1266_none_7916f7558927ae23\norwegian gay [free] ejaculation (Kathrin).zip.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.1_none_f42978969c79336a\italian handjob [bangbus] vagina circumcision .zip.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\lingerie action catfight vagina (Jenna).rar.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_it-it_bdb6c49fcea35732\danish lesbian full movie .mpg.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-a..gement-uevtemplates_31bf3856ad364e35_10.0.19041.1_none_0d66b54875835a49\canadian blowjob hot (!) stockings .zip.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_19d22204a1f3fcaf\italian action uncut YEâPSè& .rar.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_fd7349c396c417ae\gay [free] ejaculation .zip.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d38ece58f77171b4\french sperm public ash .zip.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.867_none_c29826784f9429f8\animal uncut .mpeg.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_es-es_e5c3ad79c4e34ebb\bukkake girls penetration .avi.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Windows\assembly\tmp\indian gay hidden upskirt .mpg.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\templates\japanese beastiality nude licking vagina granny (Ashley,Christine).rar.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..se-shared-datafiles_31bf3856ad364e35_10.0.19041.1_none_2f5f00d280dce9f6\kicking [milf] glans wifey .zip.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_es-es_bf79b5fcc06b3128\gay [free] .zip.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1202_none_d8a1416ab7cccdcf\norwegian horse voyeur pregnant .zip.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_887b2378b7b5651d\spanish nude hot (!) feet ash (Melissa,Sonja).avi.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_en-us_310bfb76047869ad\horse [free] cock granny (Kathrin).rar.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_cb389cf57d74d691\french lesbian full movie legs .rar.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.746_none_d01527cffa9c25bc\bukkake action public (Sylvia,Anniston).avi.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.746_none_2212358fc33cc10f\norwegian lingerie cum hot (!) .mpeg.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_es-es_30d7585a049f5b52\french beast trambling voyeur castration .rar.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_5b152a8d329397ec\hardcore cumshot girls vagina mature (Ashley).mpg.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_2fe79eae2833b9b1\black nude sleeping penetration (Samantha).rar.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.964_none_1c1a193f5bfcf136\malaysia lingerie [free] legs stockings .rar.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_5abbd3c4a3f2014c\brasilian horse xxx big hairy .avi.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_57eddd48e7a74274\blowjob gay hidden .mpeg.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_10.0.19041.1_none_bd731e5b85dd203e\beastiality nude girls upskirt .zip.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_7860bee9439c3ae7\fucking full movie pregnant .mpeg.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_215194e2327a46ac\horse licking stockings .zip.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1151_none_fbdc4c5f677dc2ec\beastiality hot (!) .zip.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.1_none_c6da8048542fddc7\malaysia porn horse licking young .mpg.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c3d467c525734eb3\porn [milf] 40+ .avi.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.1_none_0bc0f3d4cd7dc8fd\fetish catfight .mpeg.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.84_none_81616275259e37fe\black kicking girls glans .mpeg.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_ab42fb092bda9182\lingerie sperm several models .zip.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_5d54c0aac5c3c12c\fucking public .rar.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_14c898cc82025c76\chinese sperm xxx [bangbus] .rar.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\trambling action hidden .zip.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.789_en-us_58ebf9ecc407e3c0\spanish hardcore beast voyeur (Tatjana,Anniston).rar.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..s-ime-eashared-ihds_31bf3856ad364e35_10.0.19041.1_none_e8996b7d3512363f\nude girls titts .rar.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.906_none_ef0e010d1381269b\spanish gay [milf] glans beautyfull .zip.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.746_none_d404daff82e97769\animal cum hot (!) .mpg.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1_none_0b596e2a33be7d4c\chinese handjob lesbian uncut pregnant .mpeg.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_f07d4fae3e8e883f\sperm action [milf] (Ashley,Sandy).mpeg.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.572_none_cf90e12518baac85\japanese handjob lesbian .avi.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_e79b400a6df5fd2c\french porn sleeping .mpeg.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\bukkake big .mpeg.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\lesbian blowjob voyeur mistress (Christine,Christine).mpg.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\nude nude public circumcision .mpeg.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Windows\SystemResources\Windows.UI.ShellCommon\SharePickerUI\spanish trambling [milf] nipples shoes .mpg.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5021dd18efc0460c\beast girls .rar.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\black horse lesbian licking glans .rar.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5fdc43acc1be690d\african lingerie xxx big (Janette).zip.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.1_none_a80cea873b2a6772\asian porn hardcore big sm .mpg.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Windows\mssrv.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\animal [free] nipples .zip.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Windows\Downloaded Program Files\british gang bang big (Sonja,Jade).mpg.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_211cf1c632a13851\trambling fucking voyeur boobs young .avi.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_bfae5918c0443f83\kicking blowjob public legs .mpg.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\Downloads\norwegian handjob catfight castration .zip.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.867_en-us_49453482f1fb5356\cum sleeping (Sandy).zip.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_10.0.19041.1_none_a3d9a07cf2290837\spanish lingerie masturbation hotel .mpg.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_en-us_e5f85095c4bc5d16\american beast several models legs shower .mpeg.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3332 wrote to memory of 2024 N/A C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe
PID 3332 wrote to memory of 2024 N/A C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe
PID 3332 wrote to memory of 2024 N/A C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe
PID 3332 wrote to memory of 4528 N/A C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe
PID 3332 wrote to memory of 4528 N/A C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe
PID 3332 wrote to memory of 4528 N/A C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe
PID 2024 wrote to memory of 4348 N/A C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe
PID 2024 wrote to memory of 4348 N/A C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe
PID 2024 wrote to memory of 4348 N/A C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe

Processes

C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe

"C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe"

C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe

"C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe"

C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe

"C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe"

C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe

"C:\Users\Admin\AppData\Local\Temp\1a34253532e6b4a0d3a1072f2576fd93cc0700e2df4f23a79ed5a7588a818b47.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 139.110.86.104.in-addr.arpa udp
US 8.8.8.8:53 0.181.190.20.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 227.97.18.2.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 100.58.20.217.in-addr.arpa udp
US 8.8.8.8:53 81.171.91.138.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 227.66.18.2.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 241.66.18.2.in-addr.arpa udp
US 8.8.8.8:53 94.65.42.20.in-addr.arpa udp

Files

memory/3332-0-0x0000000000400000-0x000000000041E000-memory.dmp

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\lingerie sperm [free] legs pregnant (Kathrin).rar.exe

MD5 e9d90e7a9fac03ab037af4944db0e04d
SHA1 8585931a00de9cc1f3deee71cfd30271c3204970
SHA256 6f6798281ec6d54a85bb2a8a52b0fce4dce0f230723e1917f564ec131ccff0dc
SHA512 d452a71b6c139040e804253397a17c368098878f401fdfca483f2f72aab836aaef988e7a9534dd0e28dd7b10fe7f3f33bb35ea33edfbb9fa63d214f07678bd7c

memory/2024-10-0x0000000000400000-0x000000000041E000-memory.dmp

memory/3332-19-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2024-26-0x0000000000400000-0x000000000041E000-memory.dmp

memory/4528-27-0x0000000000400000-0x000000000041E000-memory.dmp

memory/4348-28-0x0000000000400000-0x000000000041E000-memory.dmp

memory/3332-29-0x0000000000400000-0x000000000041E000-memory.dmp

memory/3332-153-0x0000000000400000-0x000000000041E000-memory.dmp

memory/3332-170-0x0000000000400000-0x000000000041E000-memory.dmp

memory/3332-174-0x0000000000400000-0x000000000041E000-memory.dmp

memory/3332-178-0x0000000000400000-0x000000000041E000-memory.dmp

memory/3332-182-0x0000000000400000-0x000000000041E000-memory.dmp

memory/3332-188-0x0000000000400000-0x000000000041E000-memory.dmp

memory/3332-198-0x0000000000400000-0x000000000041E000-memory.dmp

memory/3332-205-0x0000000000400000-0x000000000041E000-memory.dmp

memory/3332-224-0x0000000000400000-0x000000000041E000-memory.dmp

memory/3332-228-0x0000000000400000-0x000000000041E000-memory.dmp