Malware Analysis Report

2024-11-30 04:06

Sample ID 240408-bbb1yabg9z
Target be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1
SHA256 be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1
Tags
persistence spyware stealer upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1

Threat Level: Known bad

The file be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1 was found to be: Known bad.

Malicious Activity Summary

persistence spyware stealer upx

UPX dump on OEP (original entry point)

UPX dump on OEP (original entry point)

Detects executables containing possible sandbox analysis VM usernames

Reads user/profile data of web browsers

UPX packed file

Checks computer location settings

Adds Run key to start application

Enumerates connected drives

Drops file in System32 directory

Drops file in Windows directory

Drops file in Program Files directory

Unsigned PE

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-08 00:57

Signatures

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-04-08 00:57

Reported

2024-04-08 01:00

Platform

win10v2004-20240226-en

Max time kernel

150s

Max time network

149s

Command Line

"C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe"

Signatures

Detects executables containing possible sandbox analysis VM usernames

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\DriverStore\Temp\asian trambling masturbation fishy .avi.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\british horse sleeping high heels .avi.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Windows\SysWOW64\IME\SHARED\lesbian [free] legs .zip.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\american animal full movie hole hairy .mpeg.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\nude several models nipples .avi.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\swedish gay beast girls .avi.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\sperm lesbian (Kathrin,Kathrin).mpeg.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\beastiality hidden hairy (Karin,Tatjana).avi.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Windows\SysWOW64\IME\SHARED\beastiality uncut glans bondage .mpg.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\lesbian handjob public bedroom (Liz,Jade).avi.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\norwegian beastiality uncut .zip.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Windows\System32\LogFiles\Fax\Incoming\brasilian action public (Sarah,Samantha).mpeg.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Templates\xxx licking cock femdom .rar.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\lesbian gang bang masturbation .rar.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\bukkake beastiality hidden boobs 50+ (Samantha).mpeg.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\horse gang bang sleeping cock ash .rar.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\british sperm cum full movie ash ejaculation .avi.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\german gay licking vagina (Sarah).mpeg.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Program Files\dotnet\shared\indian nude [milf] sm .mpeg.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Program Files\Microsoft Office\Updates\Download\horse public cock .mpeg.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\gang bang hot (!) boots (Christine).rar.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\chinese horse horse [milf] feet .zip.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\german kicking action masturbation upskirt .zip.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Program Files (x86)\Google\Temp\norwegian fetish action full movie girly (Liz).avi.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Program Files\Common Files\microsoft shared\french animal bukkake voyeur Ôï .avi.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\black bukkake girls .zip.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\gay [bangbus] titts castration .rar.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Program Files\Windows Sidebar\Shared Gadgets\black lesbian kicking big redhair .mpg.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Program Files (x86)\Google\Update\Download\lesbian handjob full movie shoes .mpeg.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\chinese gang bang licking .avi.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\lesbian catfight young .mpeg.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..ervices-tsfairshare_31bf3856ad364e35_10.0.19041.1_none_e32b64807ab11fd2\indian beastiality [free] black hairunshaved .avi.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_3058d81cfd5218f2\animal hidden ejaculation .rar.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_2426cc56d654beaa\chinese gay hardcore [milf] circumcision .rar.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c3d467c525734eb3\american hardcore uncut blondie .mpg.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.789_en-us_58ebf9ecc407e3c0\animal cumshot girls girly .avi.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_f3b35d713ce0fc7f\handjob licking titts beautyfull .avi.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Windows\WinSxS\x86_microsoft-windows-m..-temptable-provider_31bf3856ad364e35_10.0.19041.1_none_77cfea69a421a4a1\russian beastiality horse masturbation bondage .mpg.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\handjob sleeping castration .mpeg.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.746_none_2212358fc33cc10f\canadian trambling beastiality girls shoes .mpeg.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_10.0.19041.1_none_8c0b126c198fcf70\gay lesbian femdom (Gina,Ashley).rar.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Windows\mssrv.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.867_none_c29826784f9429f8\horse cumshot sleeping glans .mpg.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_14c898cc82025c76\fetish nude catfight ejaculation .rar.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_es-es_64c107d8bb3ade94\canadian gay hidden girly (Sonja,Liz).avi.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Windows\WinSxS\msil_microsoft.powershel..filedownloadmanager_31bf3856ad364e35_10.0.19041.1_none_cb69bad627df9263\russian cumshot sleeping cock latex (Anniston,Samantha).mpg.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Windows\SoftwareDistribution\Download\porn hot (!) pregnant (Britney,Gina).zip.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Windows\SoftwareDistribution\Download\SharedFileCache\cumshot beastiality licking .avi.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.1_none_fa09f84703cb02c5\animal fetish voyeur pregnant (Ashley,Liz).mpeg.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_es-es_e5c3ad79c4e34ebb\american lesbian gay [bangbus] .rar.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.746_none_aaeae146be52e178\beast [bangbus] .rar.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-a..gement-uevtemplates_31bf3856ad364e35_10.0.19041.1_none_0d66b54875835a49\canadian handjob [milf] mature .mpg.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_855aff45853749ef\malaysia nude public glans traffic .mpg.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_e79b400a6df5fd2c\russian beastiality xxx hidden (Curtney,Sarah).rar.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.1_none_b6514808f7d87b1a\kicking beastiality [milf] (Samantha).avi.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\canadian action masturbation young .mpg.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_fe0807c37141be7a\french blowjob animal [milf] latex .avi.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.1_none_b201c2e68d8dbc0d\beast sleeping .mpg.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5021dd18efc0460c\african cum sperm catfight nipples (Gina).rar.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1_none_a23e6a858fad9595\lesbian cum uncut hairy .mpg.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_57eddd48e7a74274\italian animal girls ash .rar.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_b597a55b603b537d\beast full movie high heels (Jenna).zip.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_10.0.19041.1_none_ee94ce5eb8e7e4c0\chinese gay gay lesbian black hairunshaved (Jenna,Sandy).mpeg.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_es-es_c9ce604ef4cbf323\asian lingerie lesbian boobs .mpg.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Windows\WinSxS\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_10.0.19041.1_none_c049dbdb4e15bdd2\british lesbian gang bang girls glans .mpeg.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_ee7ea14f7d8a3ee3\bukkake fucking licking mature .avi.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1_none_97e9c0335b4cd39a\russian lesbian hardcore [milf] young .mpeg.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1202_none_e2f5ebbcec2d8fca\chinese lesbian blowjob catfight femdom .mpeg.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_adfc5e0bfca53431\danish beast [bangbus] .mpg.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Windows\WinSxS\amd64_netfx-aspnet-sharedcomponents_b03f5f7f11d50a3a_4.0.19041.1_none_47ca94859da20b28\brasilian porn masturbation (Sarah).zip.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Windows\WinSxS\InstallTemp\indian bukkake blowjob full movie mature (Britney).mpeg.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.844_none_67b5915b5651dd8a\german handjob hot (!) .avi.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1_none_0b596e2a33be7d4c\black action horse public .zip.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-sx-shared_31bf3856ad364e35_10.0.19041.1_none_f8e978b0ed48a6bb\canadian lesbian sperm masturbation boobs Ôï .rar.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\chinese handjob bukkake several models cock .mpg.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1288_none_56c05939711f0938\beastiality [milf] pregnant .mpeg.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_6242879b1c08046f\german beastiality gay girls leather .mpg.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..ervices-tsfairshare_31bf3856ad364e35_10.0.19041.746_none_0b33a1c93a22de1c\blowjob masturbation lady (Kathrin).mpeg.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.746_none_de598551b74a3964\blowjob girls .mpeg.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_en-us_310bfb76047869ad\russian gang bang girls .avi.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_es-es_30d7585a049f5b52\french horse voyeur .avi.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_it-it_72a319bf8ee74a9b\italian sperm porn big cock .rar.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_67a96afcfa248327\tyrkish xxx sleeping hotel .mpg.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_ca03036af4a5017e\animal full movie (Melissa,Liz).zip.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_19d22204a1f3fcaf\lesbian horse [milf] .avi.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_10.0.19041.746_none_292c449ed2edefa3\japanese lesbian girls redhair .mpeg.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Windows\WinSxS\Temp\indian gang bang xxx masturbation glans (Kathrin,Sarah).zip.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.1_none_7862ecae0548fb54\italian animal sleeping .rar.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_en-us_e5f85095c4bc5d16\bukkake lesbian public latex .zip.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedrealitysvc_31bf3856ad364e35_10.0.19041.746_none_822bf1ada1526fa8\russian kicking animal masturbation traffic .mpeg.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_3a3c49005c947bac\fucking gay [free] femdom .avi.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.572_none_cf90e12518baac85\canadian cumshot voyeur legs Ôï .zip.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.1266_none_7916f7558927ae23\horse fucking lesbian Ôï .rar.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Windows\WinSxS\amd64_netfx-aspnet-nonwow64-shared_b03f5f7f11d50a3a_4.0.19041.1_none_d66d07dacac85e2d\malaysia hardcore big boobs ash (Curtney).rar.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1820 wrote to memory of 4904 N/A C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe
PID 1820 wrote to memory of 4904 N/A C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe
PID 1820 wrote to memory of 4904 N/A C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe
PID 4904 wrote to memory of 4992 N/A C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe
PID 4904 wrote to memory of 4992 N/A C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe
PID 4904 wrote to memory of 4992 N/A C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe
PID 1820 wrote to memory of 3844 N/A C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe
PID 1820 wrote to memory of 3844 N/A C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe
PID 1820 wrote to memory of 3844 N/A C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe

Processes

C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe

"C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe"

C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe

"C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe"

C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe

"C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe"

C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe

"C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 76.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 130.118.77.104.in-addr.arpa udp
US 8.8.8.8:53 93.144.196.55.in-addr.arpa udp
US 8.8.8.8:53 141.35.187.17.in-addr.arpa udp
US 8.8.8.8:53 35.79.211.69.in-addr.arpa udp
US 8.8.8.8:53 179.202.240.192.in-addr.arpa udp
US 8.8.8.8:53 166.119.113.87.in-addr.arpa udp
US 8.8.8.8:53 31.138.73.204.in-addr.arpa udp
US 8.8.8.8:53 93.140.215.202.in-addr.arpa udp
US 8.8.8.8:53 37.231.17.114.in-addr.arpa udp
US 8.8.8.8:53 139.12.143.105.in-addr.arpa udp
US 8.8.8.8:53 154.70.145.100.in-addr.arpa udp
US 8.8.8.8:53 238.81.95.99.in-addr.arpa udp
US 8.8.8.8:53 83.225.176.102.in-addr.arpa udp
US 8.8.8.8:53 63.78.237.227.in-addr.arpa udp
US 8.8.8.8:53 165.89.103.33.in-addr.arpa udp
US 8.8.8.8:53 77.253.33.168.in-addr.arpa udp
US 8.8.8.8:53 27.148.89.56.in-addr.arpa udp
US 8.8.8.8:53 250.212.86.155.in-addr.arpa udp
US 8.8.8.8:53 11.118.118.182.in-addr.arpa udp
US 8.8.8.8:53 82.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 183.159.3.132.in-addr.arpa udp
US 8.8.8.8:53 27.183.156.183.in-addr.arpa udp
US 8.8.8.8:53 132.121.237.218.in-addr.arpa udp
US 8.8.8.8:53 32.158.154.103.in-addr.arpa udp
US 8.8.8.8:53 189.189.155.192.in-addr.arpa udp
US 8.8.8.8:53 138.251.165.186.in-addr.arpa udp
US 8.8.8.8:53 186.114.148.159.in-addr.arpa udp
US 8.8.8.8:53 22.20.68.97.in-addr.arpa udp
US 8.8.8.8:53 43.226.18.79.in-addr.arpa udp
US 8.8.8.8:53 25.234.203.48.in-addr.arpa udp
US 8.8.8.8:53 12.61.165.41.in-addr.arpa udp
US 8.8.8.8:53 150.173.4.246.in-addr.arpa udp
US 8.8.8.8:53 22.69.31.170.in-addr.arpa udp
US 8.8.8.8:53 14.230.253.224.in-addr.arpa udp
US 8.8.8.8:53 228.126.105.180.in-addr.arpa udp
US 8.8.8.8:53 90.2.23.131.in-addr.arpa udp
US 8.8.8.8:53 42.189.106.195.in-addr.arpa udp
US 8.8.8.8:53 118.60.81.65.in-addr.arpa udp
US 8.8.8.8:53 91.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 127.58.118.207.in-addr.arpa udp
US 8.8.8.8:53 63.63.134.133.in-addr.arpa udp
US 8.8.8.8:53 120.38.240.3.in-addr.arpa udp
US 8.8.8.8:53 196.80.238.107.in-addr.arpa udp
US 8.8.8.8:53 70.123.63.63.in-addr.arpa udp
US 8.8.8.8:53 59.174.165.201.in-addr.arpa udp
US 8.8.8.8:53 136.29.11.80.in-addr.arpa udp
US 8.8.8.8:53 215.247.207.70.in-addr.arpa udp
US 8.8.8.8:53 119.32.56.102.in-addr.arpa udp
US 8.8.8.8:53 86.23.226.225.in-addr.arpa udp
US 8.8.8.8:53 214.80.108.75.in-addr.arpa udp
US 8.8.8.8:53 227.198.231.100.in-addr.arpa udp
US 8.8.8.8:53 1.200.229.151.in-addr.arpa udp
US 8.8.8.8:53 211.217.161.133.in-addr.arpa udp
US 8.8.8.8:53 137.102.243.60.in-addr.arpa udp
US 8.8.8.8:53 194.218.128.251.in-addr.arpa udp
US 8.8.8.8:53 255.121.22.31.in-addr.arpa udp
US 8.8.8.8:53 114.131.34.150.in-addr.arpa udp
US 8.8.8.8:53 220.140.205.79.in-addr.arpa udp
US 8.8.8.8:53 138.106.136.15.in-addr.arpa udp
US 8.8.8.8:53 50.148.214.204.in-addr.arpa udp
US 8.8.8.8:53 4.238.114.124.in-addr.arpa udp
US 8.8.8.8:53 240.9.225.147.in-addr.arpa udp
US 8.8.8.8:53 6.19.165.39.in-addr.arpa udp

Files

memory/1820-0-0x0000000000400000-0x000000000041F000-memory.dmp

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\horse gang bang sleeping cock ash .rar.exe

MD5 0eaa6749ef43614a273498701f43af42
SHA1 7eed5287961f3bf6664069aaabcbc03e6250fe1e
SHA256 b30519eb818104dcb587b070cc0d677afaa33060cf42e6023dadb2a7731b1dce
SHA512 e471d014068f42651527fef90b964a9ebb0b2465f9f3e240eef8823d527cb7bdfce5434e7ae5d7a06e7715250b89cfd1f70117d8a3983239a1d645fa5f462937

memory/4904-92-0x0000000000400000-0x000000000041F000-memory.dmp

memory/3844-167-0x0000000000400000-0x000000000041F000-memory.dmp

memory/4992-166-0x0000000000400000-0x000000000041F000-memory.dmp

memory/1820-195-0x0000000000400000-0x000000000041F000-memory.dmp

memory/4904-198-0x0000000000400000-0x000000000041F000-memory.dmp

memory/4992-200-0x0000000000400000-0x000000000041F000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-08 00:57

Reported

2024-04-08 01:00

Platform

win7-20240221-en

Max time kernel

150s

Max time network

148s

Command Line

"C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe"

Signatures

Detects executables containing possible sandbox analysis VM usernames

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\lingerie licking .mpg.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Windows\SysWOW64\IME\shared\british bukkake fetish sleeping hairy .rar.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Windows\System32\LogFiles\Fax\Incoming\lesbian cum [milf] girly .mpg.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\indian beast hardcore uncut .avi.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Windows\SysWOW64\IME\shared\italian fetish handjob masturbation ejaculation .zip.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\brasilian fucking hot (!) beautyfull (Curtney,Sandy).mpeg.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Windows\System32\DriverStore\Temp\cumshot voyeur .mpg.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\action xxx lesbian (Sylvia).rar.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\russian blowjob beast [free] Ôë (Karin).avi.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\cumshot animal voyeur blondie .mpeg.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Google\Temp\lesbian gang bang masturbation .rar.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\black lesbian kicking big redhair .mpg.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\gay beastiality several models .rar.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\italian animal [milf] YEâPSè& .zip.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\french animal bukkake voyeur ìï .avi.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\american gay full movie .avi.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\gang bang hot (!) boots (Christine).rar.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Program Files\Windows Journal\Templates\xxx licking cock femdom .rar.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Program Files\Windows Sidebar\Shared Gadgets\black bukkake girls .zip.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\gay [bangbus] titts castration .rar.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Program Files\DVD Maker\Shared\indian nude [milf] sm .mpeg.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Program Files (x86)\Google\Update\Download\horse public cock .mpeg.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\horse lesbian beautyfull .mpeg.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\norwegian blowjob lesbian balls .mpg.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\horse gang bang sleeping cock ash .rar.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f25d066604c2ad34\danish kicking [bangbus] (Jenna,Sonja).zip.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_05ea1d9b8e2bf020\tyrkish animal nude several models (Janette).avi.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_aedaf3947d09fbe5\russian hardcore fucking masturbation upskirt .avi.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_387a16fe7addf3b6\beastiality sperm sleeping cock ìï (Liz).mpeg.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\british fetish full movie .avi.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\american lingerie beastiality public .rar.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05\german xxx sperm hot (!) (Sonja,Melissa).avi.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\russian lingerie sleeping glans (Sonja,Sarah).avi.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Windows\Downloaded Program Files\spanish porn [free] .rar.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\chinese handjob full movie .rar.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_65b23d3c3a97bfaf\chinese lingerie masturbation nipples .avi.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Windows\winsxs\Temp\cumshot lingerie [milf] mature .avi.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\sperm sleeping .avi.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\norwegian lingerie action hidden .mpg.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_293ea1e3e6bc5364\horse catfight titts (Tatjana).mpeg.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Windows\SoftwareDistribution\Download\german sperm horse full movie (Janette,Samantha).mpg.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_6f0f7833cb71e18d\chinese lesbian uncut stockings .zip.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Windows\winsxs\amd64_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_c26c5b8280c6af34\asian lingerie fucking voyeur femdom .rar.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_963e6ae24c653bfe\sperm beast voyeur blondie (Gina).mpg.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_94ab98ac6d213009\brasilian animal kicking girls .zip.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\spanish sperm lesbian voyeur boobs mature .rar.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\swedish xxx lesbian shower (Anniston,Curtney).rar.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_6.1.7600.16385_none_6377027f0030a06a\cumshot full movie girly .mpeg.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_7bfdfb15e7184c41\russian horse fucking masturbation feet fishy .zip.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0835101f2d90c7b6\handjob nude masturbation .mpg.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8bc7919d3f36cee7\trambling sleeping ash .rar.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Windows\winsxs\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_16a2bb1dbab1c595\sperm girls (Sonja).avi.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_6.1.7600.16385_none_5499606faffb3f9f\porn uncut boobs blondie (Britney).avi.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_b7f38afb92de484f\chinese nude public legs mature .rar.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_39c9d74ef2ad6c7b\canadian horse hidden vagina .mpeg.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Windows\winsxs\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_39374e2435a71b47\brasilian bukkake handjob big glans (Sonja,Sarah).avi.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Windows\winsxs\InstallTemp\action [free] YEâPSè& .zip.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_79642285ffd2a388\hardcore hardcore girls .avi.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8c6fc5a7aa8c435d\hardcore hardcore hot (!) (Tatjana).mpg.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2fc4a33adb648f33\norwegian trambling hardcore sleeping nipples sweet .rar.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e30b5ec05031d17d\horse sperm [milf] wifey (Jade,Tatjana).mpeg.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_f0ca3430257ea13f\handjob hidden titts swallow .zip.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\fucking [bangbus] circumcision .zip.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\brasilian kicking hidden nipples femdom .zip.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_2e7f079c3208e549\african xxx full movie boots .mpg.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b4aea777fe683838\british nude bukkake uncut hole penetration .mpeg.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_6.1.7600.16385_none_49dd84a06c7c8863\british cumshot horse uncut legs hairy .zip.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_6.1.7600.16385_none_af6f98ff87b0e3cc\asian kicking lesbian .rar.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Windows\winsxs\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_dba3691c6002e10e\fucking fetish [free] .avi.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_6b16fa9f975e1109\danish fucking bukkake [bangbus] redhair .zip.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Windows\assembly\tmp\spanish fetish xxx uncut 40+ .mpeg.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\swedish fucking horse catfight ash latex .rar.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_657d9a203abeb154\malaysia nude full movie .mpg.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_ddab3bcb3a4ffb45\italian trambling horse uncut ejaculation .mpg.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\cum blowjob girls bondage .mpeg.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_f3c374fc18118ca2\cum uncut blondie .avi.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_7f84cd98a7a56fd8\canadian cumshot voyeur titts mature .zip.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Windows\assembly\temp\horse kicking big upskirt (Samantha,Sarah).rar.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Windows\winsxs\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_a945e2c500c90142\brasilian gang bang [milf] hotel .zip.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_3d98a610fed70b75\canadian beast cum voyeur (Melissa,Liz).mpg.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Windows\winsxs\x86_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_dd18b2a07d49aa11\brasilian gang bang blowjob sleeping blondie .mpg.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_6.1.7600.16385_none_a727eb798dcfb185\french kicking beast public glans .avi.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-m..-temptable-provider_31bf3856ad364e35_6.1.7600.16385_none_1dd3ce8d1e7524cd\american cum sleeping leather .avi.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\malaysia horse several models ash (Curtney,Sandy).rar.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_d81c96999f75bd77\french gang bang big legs .zip.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_de-de_5803850b2f40840e\swedish action masturbation boobs balls .mpg.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_3c93ac15fd731acf\danish handjob hardcore [milf] mistress (Anniston,Sandy).mpeg.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_6.1.7600.16385_none_2958d4a31d2ec64f\blowjob hot (!) leather .mpg.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_f27c4f066f5c6701\danish horse bukkake [bangbus] cock shoes .zip.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1968 wrote to memory of 2604 N/A C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe
PID 1968 wrote to memory of 2604 N/A C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe
PID 1968 wrote to memory of 2604 N/A C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe
PID 1968 wrote to memory of 2604 N/A C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe
PID 2604 wrote to memory of 880 N/A C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe
PID 2604 wrote to memory of 880 N/A C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe
PID 2604 wrote to memory of 880 N/A C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe
PID 2604 wrote to memory of 880 N/A C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe

Processes

C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe

"C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe"

C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe

"C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe"

C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe

"C:\Users\Admin\AppData\Local\Temp\be0dfd8a9f2d87b840568ca22f43da1e4e1e329f89d19d46743005e2cc89cab1.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 244.212.29.192.in-addr.arpa udp
US 8.8.8.8:53 129.139.85.10.in-addr.arpa udp
US 8.8.8.8:53 36.37.210.3.in-addr.arpa udp
US 8.8.8.8:53 49.43.120.201.in-addr.arpa udp
US 8.8.8.8:53 25.120.175.249.in-addr.arpa udp
US 8.8.8.8:53 183.128.119.164.in-addr.arpa udp
US 8.8.8.8:53 128.127.223.189.in-addr.arpa udp
US 8.8.8.8:53 43.221.253.149.in-addr.arpa udp
US 8.8.8.8:53 228.212.92.34.in-addr.arpa udp
US 8.8.8.8:53 245.32.45.64.in-addr.arpa udp
US 8.8.8.8:53 192.167.26.231.in-addr.arpa udp
US 8.8.8.8:53 100.141.115.255.in-addr.arpa udp
US 8.8.8.8:53 131.120.186.45.in-addr.arpa udp
US 8.8.8.8:53 213.232.63.58.in-addr.arpa udp
US 8.8.8.8:53 113.87.215.27.in-addr.arpa udp
US 8.8.8.8:53 192.89.8.153.in-addr.arpa udp
US 8.8.8.8:53 12.11.144.185.in-addr.arpa udp
US 8.8.8.8:53 50.234.162.242.in-addr.arpa udp
US 8.8.8.8:53 9.101.255.8.in-addr.arpa udp
US 8.8.8.8:53 36.33.240.153.in-addr.arpa udp
US 8.8.8.8:53 6.250.20.201.in-addr.arpa udp
US 8.8.8.8:53 216.45.96.149.in-addr.arpa udp
US 8.8.8.8:53 80.240.203.113.in-addr.arpa udp
US 8.8.8.8:53 105.8.254.193.in-addr.arpa udp
US 8.8.8.8:53 42.193.99.36.in-addr.arpa udp
US 8.8.8.8:53 137.73.222.68.in-addr.arpa udp
US 8.8.8.8:53 188.140.16.38.in-addr.arpa udp
US 8.8.8.8:53 73.179.113.109.in-addr.arpa udp

Files

memory/1968-0-0x0000000000400000-0x000000000041F000-memory.dmp

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\horse gang bang sleeping cock ash .rar.exe

MD5 0eaa6749ef43614a273498701f43af42
SHA1 7eed5287961f3bf6664069aaabcbc03e6250fe1e
SHA256 b30519eb818104dcb587b070cc0d677afaa33060cf42e6023dadb2a7731b1dce
SHA512 e471d014068f42651527fef90b964a9ebb0b2465f9f3e240eef8823d527cb7bdfce5434e7ae5d7a06e7715250b89cfd1f70117d8a3983239a1d645fa5f462937

memory/1968-63-0x0000000004E20000-0x0000000004E3F000-memory.dmp

memory/2604-64-0x0000000000400000-0x000000000041F000-memory.dmp

memory/2604-87-0x0000000000500000-0x000000000051F000-memory.dmp

memory/880-88-0x0000000000400000-0x000000000041F000-memory.dmp

C:\debug.txt

MD5 1c459b3bbaf3f9154e2d7808a69b76a5
SHA1 c1a377f8e7a3114a23afac4fb9d62d2ed0a322b8
SHA256 389c2987526a671f91bb95936780cff082a962ca216f922d29bec9ab6d8df3d9
SHA512 cbfebdf666835eb891b2d284db6593b4e798d25d23973a86b45ed7f628f0884a7f74a6d3f54ec103d4167408b1bd42c12e2e582b4a1ecadc77de753d4c264c6b

memory/1968-103-0x0000000000400000-0x000000000041F000-memory.dmp

memory/1968-105-0x0000000004E20000-0x0000000004E3F000-memory.dmp

memory/2604-106-0x0000000000400000-0x000000000041F000-memory.dmp

memory/2604-107-0x0000000000500000-0x000000000051F000-memory.dmp

memory/880-109-0x0000000000400000-0x000000000041F000-memory.dmp