Malware Analysis Report

2024-11-30 04:08

Sample ID 240408-a8t3cabh44
Target bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b
SHA256 bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b
Tags
upx persistence spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b

Threat Level: Known bad

The file bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b was found to be: Known bad.

Malicious Activity Summary

upx persistence spyware stealer

UPX dump on OEP (original entry point)

Detects executables containing possible sandbox analysis VM usernames

UPX dump on OEP (original entry point)

Reads user/profile data of web browsers

UPX packed file

Checks computer location settings

Enumerates connected drives

Adds Run key to start application

Drops file in System32 directory

Drops file in Windows directory

Drops file in Program Files directory

Unsigned PE

Enumerates physical storage devices

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-08 00:53

Signatures

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-08 00:53

Reported

2024-04-08 00:56

Platform

win7-20240221-en

Max time kernel

150s

Max time network

154s

Command Line

"C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe"

Signatures

Detects executables containing possible sandbox analysis VM usernames

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\indian kicking xxx hot (!) beautyfull (Kathrin,Sarah).avi.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Windows\System32\DriverStore\Temp\black cumshot sperm catfight 50+ .avi.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\swedish fetish lingerie sleeping cock .mpg.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Windows\SysWOW64\IME\shared\swedish porn lesbian [milf] .mpeg.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\black gang bang lingerie big glans .mpeg.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\danish action gay several models titts lady .avi.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\xxx hot (!) (Jade).zip.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Windows\System32\LogFiles\Fax\Incoming\indian horse lingerie several models titts (Britney,Melissa).rar.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\italian animal sperm big (Curtney).zip.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Windows\SysWOW64\IME\shared\danish animal lesbian public titts young (Samantha).mpeg.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\DVD Maker\Shared\italian kicking gay licking feet sweet .mpeg.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Program Files (x86)\Google\Update\Download\american gang bang beast uncut titts lady (Tatjana).mpeg.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\indian nude lingerie full movie beautyfull (Christine,Janette).zip.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\xxx public .mpeg.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Program Files\Windows Sidebar\Shared Gadgets\fucking [free] (Karin).avi.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\xxx masturbation titts .rar.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Program Files (x86)\Google\Temp\gay [bangbus] cock traffic .mpeg.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\danish kicking xxx full movie feet .rar.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\black horse lesbian [milf] Χ .mpg.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\xxx catfight .avi.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\japanese cumshot fucking public 50+ .zip.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\italian action sperm hidden 40+ .zip.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Program Files\Windows Journal\Templates\japanese kicking lesbian hidden blondie .mpeg.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\xxx voyeur fishy .avi.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\blowjob [free] lady .avi.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_3863e9ef3f804dd9\fucking hidden stockings .mpeg.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\black porn hardcore public .mpeg.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\hardcore hidden titts latex .mpeg.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\lesbian [free] .avi.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_99b74194b7347cab\african trambling full movie .zip.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_de-de_5803850b2f40840e\tyrkish kicking xxx several models leather .rar.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_39374e2435a71b47\kicking lingerie hidden (Liz).mpg.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\lingerie lesbian glans bondage (Sarah).mpg.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0af98f1835676d1b\russian handjob lingerie catfight balls .mpeg.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_79642285ffd2a388\hardcore lesbian .rar.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_515dc677700303ec\chinese blowjob masturbation YEâPSè& (Kathrin,Jade).zip.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_b7f38afb92de484f\african sperm lesbian cock leather .mpeg.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_657d9a203abeb154\tyrkish gang bang xxx several models hole .avi.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_6.1.7600.16385_none_af6f98ff87b0e3cc\blowjob girls cock .mpeg.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_7bfdfb15e7184c41\italian action lesbian masturbation glans .mpeg.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\japanese cumshot lingerie masturbation cock .avi.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_f0ca3430257ea13f\tyrkish kicking xxx [free] gorgeoushorny .zip.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\blowjob [bangbus] 50+ .rar.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ea4a469ab7713182\gay uncut YEâPSè& .rar.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Windows\winsxs\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_dba3691c6002e10e\handjob gay [bangbus] .rar.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_aedaf3947d09fbe5\tyrkish porn bukkake catfight titts .zip.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_6.1.7600.16385_none_2958d4a31d2ec64f\black nude blowjob public .rar.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\Downloads\blowjob big titts shower (Tatjana).avi.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_387a16fe7addf3b6\norwegian blowjob big granny .zip.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\fucking hidden .avi.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f25d066604c2ad34\german sperm girls boots .avi.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_6f0f7833cb71e18d\fetish beast licking hole boots (Karin).zip.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e30b5ec05031d17d\action gay big (Janette).rar.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05\porn xxx public black hairunshaved (Gina,Melissa).mpeg.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_6.1.7600.16385_none_6377027f0030a06a\swedish handjob fucking masturbation .mpeg.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_3b85bcbe4734e96a\norwegian xxx sleeping (Janette).mpg.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Windows\mssrv.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8bfc34b93f0fdd42\kicking hardcore masturbation wifey .zip.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_94ab98ac6d213009\sperm masturbation lady (Christine,Janette).zip.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Windows\assembly\temp\swedish kicking beast [bangbus] hole fishy .mpeg.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Windows\assembly\tmp\brasilian cum horse public .mpg.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_095efe9c8261401e\horse horse masturbation bondage .avi.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_f3c374fc18118ca2\danish nude hardcore voyeur cock .rar.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_664dbffec8693dfe\black handjob blowjob sleeping cock wifey .rar.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\danish porn blowjob hot (!) titts .zip.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_293ea1e3e6bc5364\handjob gay full movie glans leather .zip.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_00225053e03f4c04\black cum lingerie several models titts .mpeg.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ad7c61fb28607522\danish fetish beast licking feet swallow (Karin).mpg.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_3d98a610fed70b75\asian gay full movie 50+ .mpg.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_05ea1d9b8e2bf020\african trambling lesbian beautyfull .avi.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\Downloads\indian handjob gay [free] 50+ (Jenna,Melissa).avi.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\danish cumshot lingerie big hole circumcision .avi.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0ac4ebfc358e5ec0\beast catfight hotel .mpg.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_963e6ae24c653bfe\african lingerie voyeur titts .mpg.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_9498b282333b64ec\kicking xxx [bangbus] glans .avi.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Windows\winsxs\amd64_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_c26c5b8280c6af34\hardcore girls (Sarah).avi.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\italian cum fucking girls hole .mpg.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\blowjob [milf] hairy .rar.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8d9f242de8497d58\porn blowjob masturbation latex .zip.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_bacc7ceffc55dca2\nude sperm lesbian .zip.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_6.1.7600.16385_none_5499606faffb3f9f\british lesbian [bangbus] feet castration .avi.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_1412267f4b3bb985\american animal blowjob voyeur .rar.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\horse lesbian titts (Jenna,Curtney).mpeg.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\black handjob beast [free] titts blondie (Sylvia).avi.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_6.1.7600.16385_none_49dd84a06c7c8863\norwegian horse [free] .rar.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_94828572f7ddbf0f\lingerie [milf] hole bondage .avi.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8c6fc5a7aa8c435d\swedish fetish gay public .mpg.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_it-it_18a6fde3093acac7\gang bang xxx [free] (Samantha).zip.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_97a45841ff925aa0\beastiality hardcore hot (!) hotel (Gina,Melissa).mpeg.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 612 wrote to memory of 2460 N/A C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe
PID 612 wrote to memory of 2460 N/A C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe
PID 612 wrote to memory of 2460 N/A C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe
PID 612 wrote to memory of 2460 N/A C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe
PID 612 wrote to memory of 2556 N/A C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe
PID 612 wrote to memory of 2556 N/A C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe
PID 612 wrote to memory of 2556 N/A C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe
PID 612 wrote to memory of 2556 N/A C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe
PID 2460 wrote to memory of 2404 N/A C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe
PID 2460 wrote to memory of 2404 N/A C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe
PID 2460 wrote to memory of 2404 N/A C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe
PID 2460 wrote to memory of 2404 N/A C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe

Processes

C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe

"C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe"

C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe

"C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe"

C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe

"C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe"

C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe

"C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 243.1.68.4.in-addr.arpa udp
US 8.8.8.8:53 255.14.97.211.in-addr.arpa udp
US 8.8.8.8:53 4.214.75.62.in-addr.arpa udp
US 8.8.8.8:53 77.7.165.217.in-addr.arpa udp
US 8.8.8.8:53 217.218.123.246.in-addr.arpa udp
US 8.8.8.8:53 231.59.59.131.in-addr.arpa udp
US 8.8.8.8:53 53.122.178.126.in-addr.arpa udp
US 8.8.8.8:53 216.71.60.172.in-addr.arpa udp
US 8.8.8.8:53 49.246.93.45.in-addr.arpa udp
US 8.8.8.8:53 19.120.222.76.in-addr.arpa udp
US 8.8.8.8:53 141.246.245.253.in-addr.arpa udp
US 8.8.8.8:53 118.78.46.171.in-addr.arpa udp
US 8.8.8.8:53 89.6.14.169.in-addr.arpa udp
US 8.8.8.8:53 73.52.58.129.in-addr.arpa udp
US 8.8.8.8:53 97.128.108.239.in-addr.arpa udp
US 8.8.8.8:53 71.121.158.203.in-addr.arpa udp
US 8.8.8.8:53 223.118.211.1.in-addr.arpa udp
US 8.8.8.8:53 74.195.168.12.in-addr.arpa udp
US 8.8.8.8:53 215.14.179.136.in-addr.arpa udp
US 8.8.8.8:53 243.22.77.216.in-addr.arpa udp
US 8.8.8.8:53 2.84.156.128.in-addr.arpa udp
US 8.8.8.8:53 202.175.36.89.in-addr.arpa udp

Files

memory/612-0-0x0000000000400000-0x000000000041E000-memory.dmp

C:\Program Files\Windows Sidebar\Shared Gadgets\fucking [free] (Karin).avi.exe

MD5 955ab938b74ae0154f197379a11fd0aa
SHA1 023e5d903f87c65573769fd7bee8aa839da28385
SHA256 b84266985cbf035792fa51cb9942e0ef895d47d1ec51156e32941d37a303e444
SHA512 f1e648362ffa79f2896304737550ef54a2f78604fdac6f1024f530bb13e7e89b05e017791394a434f7db41ed19111ef5353c1985b0c79792696c78ad666434a7

memory/2460-14-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2556-54-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2404-55-0x0000000000400000-0x000000000041E000-memory.dmp

memory/612-89-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2460-90-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2556-91-0x0000000000400000-0x000000000041E000-memory.dmp

memory/612-93-0x0000000000400000-0x000000000041E000-memory.dmp

memory/612-94-0x0000000000400000-0x000000000041E000-memory.dmp

memory/612-99-0x0000000000400000-0x000000000041E000-memory.dmp

memory/612-113-0x0000000000400000-0x000000000041E000-memory.dmp

memory/612-117-0x0000000000400000-0x000000000041E000-memory.dmp

memory/612-121-0x0000000000400000-0x000000000041E000-memory.dmp

memory/612-125-0x0000000000400000-0x000000000041E000-memory.dmp

memory/612-129-0x0000000000400000-0x000000000041E000-memory.dmp

memory/612-135-0x0000000000400000-0x000000000041E000-memory.dmp

memory/612-139-0x0000000000400000-0x000000000041E000-memory.dmp

memory/612-143-0x0000000000400000-0x000000000041E000-memory.dmp

memory/612-147-0x0000000000400000-0x000000000041E000-memory.dmp

memory/612-151-0x0000000000400000-0x000000000041E000-memory.dmp

memory/612-155-0x0000000000400000-0x000000000041E000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-04-08 00:53

Reported

2024-04-08 00:56

Platform

win10v2004-20240226-en

Max time kernel

150s

Max time network

155s

Command Line

"C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe"

Signatures

Detects executables containing possible sandbox analysis VM usernames

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\IME\SHARED\lesbian uncut mature (Ashley,Sylvia).avi.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\lingerie sleeping cock 40+ .zip.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\lesbian girls .mpeg.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Windows\System32\DriverStore\Temp\lesbian hidden wifey .mpg.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\danish beastiality beast public feet traffic .rar.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\bukkake licking latex .zip.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\swedish action lesbian licking .zip.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\american action lesbian uncut (Tatjana).rar.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\sperm catfight penetration (Christine,Curtney).mpeg.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Windows\SysWOW64\IME\SHARED\beast public titts hotel (Tatjana).rar.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Windows\System32\LogFiles\Fax\Incoming\japanese cumshot sperm hidden feet .avi.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\trambling uncut boots .mpeg.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\brasilian kicking lingerie [bangbus] beautyfull .avi.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\italian fetish lesbian big feet hairy (Curtney).mpg.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Program Files\Common Files\microsoft shared\gay hidden granny (Christine,Curtney).avi.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\brasilian porn beast [milf] traffic .mpg.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\sperm hot (!) titts bondage (Curtney).zip.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\asian blowjob [free] hole gorgeoushorny .mpeg.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Program Files (x86)\Google\Temp\fucking voyeur .avi.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Program Files\dotnet\shared\swedish cum blowjob hot (!) .zip.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\sperm voyeur bedroom .rar.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\swedish cumshot bukkake girls cock mistress .zip.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\gay sleeping girly (Sandy,Melissa).mpeg.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\indian cumshot horse several models YEâPSè& .zip.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\lesbian hot (!) pregnant .mpeg.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Program Files (x86)\Google\Update\Download\black fetish horse voyeur 50+ (Sandy,Janette).mpeg.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\american nude sperm [milf] 50+ .rar.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\tyrkish cum lingerie hot (!) .mpeg.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Program Files\Microsoft Office\Updates\Download\beast full movie mistress .mpg.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Program Files\Windows Sidebar\Shared Gadgets\italian horse trambling masturbation blondie .rar.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Install\{1FAC69E2-6A78-4418-8957-20DE7094BB95}\EDGEMITMP_86547.tmp\swedish porn gay [bangbus] titts shower .mpg.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\ServiceProfiles\NetworkService\Downloads\gay voyeur hole YEâPSè& .rar.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Windows\WinSxS\amd64_netfx-shared_registry_whidbey_31bf3856ad364e35_10.0.19041.1_none_1c68775f06732f08\german xxx uncut .mpg.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.546_none_cd016aa683e5a345\british lingerie [free] (Melissa).zip.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\Downloads\brasilian horse lingerie masturbation .zip.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\templates\brasilian cum gay uncut .mpg.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_10.0.19041.1_none_8c0b126c198fcf70\tyrkish nude blowjob full movie ejaculation .mpeg.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_6242879b1c08046f\swedish action lingerie masturbation pregnant .mpeg.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1202_none_e2f5ebbcec2d8fca\african xxx several models hole sm .avi.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\italian cum bukkake uncut titts (Sonja,Samantha).mpg.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\indian porn lingerie catfight balls .avi.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Windows\CbsTemp\swedish horse lesbian licking 50+ .mpg.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1288_none_ca3007304990b2ea\lesbian full movie .zip.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Windows\SystemResources\Windows.ShellCommon.SharedResources\hardcore [free] (Janette).mpg.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..se-shared-datafiles_31bf3856ad364e35_10.0.19041.1_none_2f5f00d280dce9f6\russian gang bang lesbian masturbation granny .zip.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Windows\WinSxS\amd64_netfx4-installsqlstatetemplate_sql_b03f5f7f11d50a3a_4.0.15805.0_none_7636d1cd418015c8\horse horse full movie latex (Ashley,Curtney).avi.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.906_none_f962ab5f47e1e896\action trambling public .avi.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\american horse lesbian hidden .mpg.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_887b2378b7b5651d\british trambling [bangbus] cock .mpeg.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_a4f93129c473df49\trambling voyeur glans hotel (Samantha).mpeg.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\american fetish fucking hot (!) blondie .rar.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Windows\SoftwareDistribution\Download\SharedFileCache\russian kicking trambling hot (!) cock .mpg.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_215194e2327a46ac\chinese lingerie girls hole lady .mpeg.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_de-de_3d077a9cd5de5151\german beast [milf] .mpeg.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_10.0.19041.1_none_096bb4dc0d5d63a0\horse [milf] glans .mpeg.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..ervices-tsfairshare_31bf3856ad364e35_10.0.19041.1_none_e32b64807ab11fd2\beastiality gay hidden hairy .mpg.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Windows\WinSxS\Temp\malaysia sperm hot (!) glans (Anniston,Samantha).rar.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.572_none_d9e58b774d1b6e80\xxx several models hole hotel (Karin).mpeg.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Windows\InputMethod\SHARED\blowjob hidden Ôï .mpeg.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_5abbd3c4a3f2014c\animal sperm voyeur (Samantha).mpg.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.84_none_c494b3b28da10665\british lingerie hidden circumcision (Sonja,Karin).rar.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Windows\WinSxS\amd64_netfx4-_dataperfcou.._shared12_neutral_h_b03f5f7f11d50a3a_4.0.15805.0_none_24ed4511dcc3019e\russian animal lesbian public cock hairy (Liz).rar.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_bca64d70c79f104b\french beast [milf] .avi.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.746_none_d01527cffa9c25bc\french trambling [bangbus] traffic (Britney,Melissa).zip.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_b1ffa0e7b4ed03e2\norwegian lesbian girls .rar.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Windows\WinSxS\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_10.0.19041.1_none_a723631dce180fe0\horse sperm hidden .mpeg.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-composable-sharepicker_31bf3856ad364e35_10.0.19041.1_none_c87e96327faffd0e\cum bukkake public gorgeoushorny .zip.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..mon-sharedresources_31bf3856ad364e35_10.0.19041.1_none_5417ea1f38dbb76b\gay [milf] .mpeg.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_en-us_310bfb76047869ad\canadian lesbian girls .zip.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_833abdc06c68d338\asian horse sleeping feet ash (Samantha).mpeg.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.1_none_abfc9db6c377b91f\horse public glans black hairunshaved (Sylvia).mpg.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_10.0.19041.1_none_a3d9a07cf2290837\kicking gay masturbation titts leather .mpeg.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_62312bfbb33d478a\action beast [bangbus] cock beautyfull .rar.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1_none_97e9c0335b4cd39a\danish action beast [free] glans .mpeg.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-u..ell-sharedutilities_31bf3856ad364e35_10.0.19041.1_none_813610a8a9b59e0a\porn blowjob [bangbus] (Sarah).mpeg.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Windows\assembly\temp\hardcore public (Karin).zip.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..ervices-tsfairshare_31bf3856ad364e35_10.0.19041.746_none_0b33a1c93a22de1c\american kicking gay [milf] cock fishy (Curtney).rar.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Windows\WinSxS\amd64_netfx-aspnet-sharedcomponents_b03f5f7f11d50a3a_4.0.19041.1_none_47ca94859da20b28\german sperm masturbation glans .mpeg.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.1_none_d12f2a9a88909fc2\danish cum blowjob [bangbus] (Curtney).avi.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_7860bee9439c3ae7\blowjob voyeur feet castration .rar.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ces-ime-eashared-lm_31bf3856ad364e35_10.0.19041.1_none_3d0229d17c310f10\russian animal gay public hole upskirt .rar.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.906_none_ef0e010d1381269b\kicking sperm masturbation YEâPSè& .zip.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_it-it_72a319bf8ee74a9b\bukkake licking swallow .rar.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_de-de_bc04d4fbcc35e12a\japanese action xxx public glans ejaculation .mpeg.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Windows\WinSxS\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_10.0.19041.1_none_0341fea186758116\malaysia trambling [bangbus] glans swallow .avi.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_de-de_21122d7205c6f5b9\german horse uncut bondage (Gina,Tatjana).zip.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_2610450c30b37cc4\sperm public (Janette).zip.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\blowjob licking shower .avi.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\beast girls castration .avi.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\indian handjob trambling uncut (Tatjana).zip.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\sperm sleeping titts .avi.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Windows\SystemResources\Windows.UI.ShellCommon\SharePickerUI\american action sperm hot (!) glans wifey .rar.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_10.0.19041.1_none_de1581e9a275faf8\blowjob licking glans bedroom .rar.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedrealitysvc_31bf3856ad364e35_10.0.19041.1_none_5a23b464e1e0b15e\brasilian kicking bukkake girls young .avi.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_de-de_16bd831fd16633be\malaysia blowjob full movie feet mature (Liz).zip.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4620 wrote to memory of 5040 N/A C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe
PID 4620 wrote to memory of 5040 N/A C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe
PID 4620 wrote to memory of 5040 N/A C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe
PID 4620 wrote to memory of 712 N/A C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe
PID 4620 wrote to memory of 712 N/A C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe
PID 4620 wrote to memory of 712 N/A C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe
PID 5040 wrote to memory of 2220 N/A C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe
PID 5040 wrote to memory of 2220 N/A C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe
PID 5040 wrote to memory of 2220 N/A C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe

Processes

C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe

"C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe"

C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe

"C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe"

C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe

"C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe"

C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe

"C:\Users\Admin\AppData\Local\Temp\bbb0ac494add76e7df626f1105fc7fc685f159a7788149956fac9e35119d923b.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4264 --field-trial-handle=3488,i,1267426273081718772,6254127258555406296,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 240.197.17.2.in-addr.arpa udp
NL 52.142.223.178:80 tcp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 56.132.111.93.in-addr.arpa udp
US 8.8.8.8:53 167.124.57.33.in-addr.arpa udp
US 8.8.8.8:53 65.114.164.60.in-addr.arpa udp
US 8.8.8.8:53 104.246.145.217.in-addr.arpa udp
US 8.8.8.8:53 9.87.238.55.in-addr.arpa udp
US 8.8.8.8:53 165.7.182.148.in-addr.arpa udp
US 8.8.8.8:53 197.136.82.85.in-addr.arpa udp
US 8.8.8.8:53 227.114.240.159.in-addr.arpa udp
US 8.8.8.8:53 168.101.229.157.in-addr.arpa udp
US 8.8.8.8:53 146.60.153.246.in-addr.arpa udp
US 8.8.8.8:53 165.4.8.203.in-addr.arpa udp
US 8.8.8.8:53 85.221.102.173.in-addr.arpa udp
US 8.8.8.8:53 46.28.85.106.in-addr.arpa udp
US 8.8.8.8:53 222.44.127.146.in-addr.arpa udp
US 8.8.8.8:53 63.92.178.139.in-addr.arpa udp
US 8.8.8.8:53 174.78.133.97.in-addr.arpa udp
US 8.8.8.8:53 145.27.110.237.in-addr.arpa udp
US 8.8.8.8:53 82.137.216.215.in-addr.arpa udp
US 8.8.8.8:53 86.48.136.6.in-addr.arpa udp
US 8.8.8.8:53 225.25.117.236.in-addr.arpa udp
US 8.8.8.8:53 106.195.100.255.in-addr.arpa udp
US 8.8.8.8:53 208.150.6.231.in-addr.arpa udp
US 8.8.8.8:53 53.175.154.159.in-addr.arpa udp
US 8.8.8.8:53 241.39.10.180.in-addr.arpa udp
US 8.8.8.8:53 51.201.120.118.in-addr.arpa udp
US 8.8.8.8:53 253.113.235.19.in-addr.arpa udp
US 8.8.8.8:53 236.39.169.122.in-addr.arpa udp
US 8.8.8.8:53 68.31.192.80.in-addr.arpa udp
US 8.8.8.8:53 192.132.156.110.in-addr.arpa udp
US 8.8.8.8:53 166.166.47.19.in-addr.arpa udp
US 8.8.8.8:53 56.233.186.70.in-addr.arpa udp
US 8.8.8.8:53 110.220.123.206.in-addr.arpa udp
US 8.8.8.8:53 102.64.10.117.in-addr.arpa udp
US 8.8.8.8:53 127.187.58.168.in-addr.arpa udp
US 8.8.8.8:53 151.132.82.209.in-addr.arpa udp
US 8.8.8.8:53 165.82.237.143.in-addr.arpa udp
US 8.8.8.8:53 111.211.164.46.in-addr.arpa udp
US 8.8.8.8:53 243.33.179.4.in-addr.arpa udp
US 8.8.8.8:53 131.1.116.55.in-addr.arpa udp
US 8.8.8.8:53 178.74.131.75.in-addr.arpa udp
US 8.8.8.8:53 96.195.253.79.in-addr.arpa udp
US 8.8.8.8:53 42.26.210.26.in-addr.arpa udp
US 8.8.8.8:53 117.76.144.237.in-addr.arpa udp
US 8.8.8.8:53 46.234.16.52.in-addr.arpa udp
US 8.8.8.8:53 48.8.225.151.in-addr.arpa udp
US 8.8.8.8:53 189.177.31.186.in-addr.arpa udp
US 8.8.8.8:53 19.255.174.40.in-addr.arpa udp
US 8.8.8.8:53 255.74.253.118.in-addr.arpa udp
US 8.8.8.8:53 188.73.105.46.in-addr.arpa udp
US 8.8.8.8:53 4.35.80.195.in-addr.arpa udp
US 8.8.8.8:53 8.176.48.92.in-addr.arpa udp
US 8.8.8.8:53 184.254.182.22.in-addr.arpa udp
US 8.8.8.8:53 72.80.176.162.in-addr.arpa udp
US 8.8.8.8:53 129.94.216.1.in-addr.arpa udp
US 8.8.8.8:53 9.135.78.151.in-addr.arpa udp
US 8.8.8.8:53 107.155.210.69.in-addr.arpa udp
US 8.8.8.8:53 190.110.28.19.in-addr.arpa udp
US 8.8.8.8:53 72.43.140.140.in-addr.arpa udp
US 8.8.8.8:53 66.96.232.204.in-addr.arpa udp

Files

memory/4620-0-0x0000000000400000-0x000000000041E000-memory.dmp

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\tyrkish cum lingerie hot (!) .mpeg.exe

MD5 2a4d81881185996f0e8569be2f3d764d
SHA1 26259d7f7cf8f9ca511fcceaf72de35d307efd74
SHA256 c01f279fbd3557d39f70c91678401c4caa318bc592f2953d5dc30921a70dc18b
SHA512 993bc67846f1db5a8db9ecba123fa9e52eeec8e4137451d7405f4fc7ac5e20fad1fcb09b5e8c495146a3e26968bd1e76c4c53c9ff1be97c710b138687b03cafb

memory/5040-10-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2220-27-0x0000000000400000-0x000000000041E000-memory.dmp

memory/4620-149-0x0000000000400000-0x000000000041E000-memory.dmp

memory/5040-169-0x0000000000400000-0x000000000041E000-memory.dmp

memory/712-176-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2220-177-0x0000000000400000-0x000000000041E000-memory.dmp

memory/4620-190-0x0000000000400000-0x000000000041E000-memory.dmp

memory/4620-191-0x0000000000400000-0x000000000041E000-memory.dmp

memory/4620-195-0x0000000000400000-0x000000000041E000-memory.dmp

memory/4620-199-0x0000000000400000-0x000000000041E000-memory.dmp

memory/4620-204-0x0000000000400000-0x000000000041E000-memory.dmp

memory/4620-208-0x0000000000400000-0x000000000041E000-memory.dmp

memory/4620-214-0x0000000000400000-0x000000000041E000-memory.dmp

memory/4620-224-0x0000000000400000-0x000000000041E000-memory.dmp

memory/4620-228-0x0000000000400000-0x000000000041E000-memory.dmp

memory/4620-232-0x0000000000400000-0x000000000041E000-memory.dmp

memory/4620-236-0x0000000000400000-0x000000000041E000-memory.dmp

memory/4620-241-0x0000000000400000-0x000000000041E000-memory.dmp

memory/4620-245-0x0000000000400000-0x000000000041E000-memory.dmp

memory/4620-249-0x0000000000400000-0x000000000041E000-memory.dmp