Malware Analysis Report

2024-11-30 04:13

Sample ID 240408-beyzwaca5y
Target c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e
SHA256 c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e
Tags
persistence spyware stealer upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e

Threat Level: Known bad

The file c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e was found to be: Known bad.

Malicious Activity Summary

persistence spyware stealer upx

UPX dump on OEP (original entry point)

UPX dump on OEP (original entry point)

Detects executables containing possible sandbox analysis VM usernames

Reads user/profile data of web browsers

UPX packed file

Checks computer location settings

Enumerates connected drives

Adds Run key to start application

Drops file in System32 directory

Drops file in Windows directory

Drops file in Program Files directory

Enumerates physical storage devices

Unsigned PE

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-08 01:04

Signatures

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-08 01:04

Reported

2024-04-08 01:06

Platform

win7-20240221-en

Max time kernel

151s

Max time network

154s

Command Line

"C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe"

Signatures

Detects executables containing possible sandbox analysis VM usernames

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\american kicking beast [milf] feet mistress (Melissa).zip.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Windows\System32\DriverStore\Temp\beast catfight (Liz).zip.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\canadian horse uncut glans femdom .mpg.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\gay girls .rar.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\danish cumshot gay [free] sm (Christine,Sarah).zip.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\nude trambling [free] glans .mpg.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Windows\System32\LogFiles\Fax\Incoming\indian animal horse licking sweet .avi.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\japanese porn gay lesbian castration (Sonja,Melissa).rar.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Windows\SysWOW64\IME\shared\blowjob catfight .avi.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Windows\SysWOW64\IME\shared\danish cum trambling catfight hairy .mpeg.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\DVD Maker\Shared\cumshot trambling hidden (Jade).avi.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\trambling [milf] .avi.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\bukkake hot (!) .mpg.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\xxx catfight cock gorgeoushorny (Janette).zip.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\italian animal gay masturbation blondie .zip.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\italian beastiality horse [bangbus] feet .zip.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\bukkake full movie feet shoes .mpg.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\black cum sperm [milf] titts YEâPSè& (Jade).mpeg.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Program Files\Windows Journal\Templates\brasilian porn xxx voyeur glans granny .mpg.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Program Files\Windows Sidebar\Shared Gadgets\swedish beastiality fucking lesbian glans .zip.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\lesbian licking cock .rar.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\danish fetish horse [milf] shower .zip.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\beast voyeur glans traffic (Samantha).zip.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Program Files (x86)\Google\Temp\black porn horse hot (!) .rar.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Program Files (x86)\Google\Update\Download\black handjob trambling sleeping cock .zip.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\xxx voyeur .mpeg.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_aea650787d30ed8a\horse lesbian lady .mpg.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_515dc677700303ec\xxx [milf] swallow .avi.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_94ab98ac6d213009\xxx public fishy (Gina,Curtney).mpg.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_4fe2107fd06efdd8\chinese sperm sleeping lady .mpeg.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5d6ada54ed6d35a2\cum xxx public .mpeg.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\brasilian action gay big .mpeg.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_d81c96999f75bd77\danish cum bukkake girls titts penetration .avi.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_05ea1d9b8e2bf020\brasilian cum lingerie girls black hairunshaved (Kathrin,Samantha).zip.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\indian action lingerie [bangbus] wifey .avi.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\black gang bang gay sleeping glans .mpg.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0835101f2d90c7b6\lesbian several models .mpg.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\Downloads\brasilian porn gay girls glans granny .zip.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_39c9d74ef2ad6c7b\brasilian cumshot fucking catfight cock (Anniston,Tatjana).zip.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Windows\winsxs\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_39374e2435a71b47\xxx masturbation glans .mpeg.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_ddab3bcb3a4ffb45\beastiality horse girls (Janette).avi.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Windows\winsxs\x86_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_dd18b2a07d49aa11\canadian trambling voyeur titts traffic (Melissa).mpg.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Windows\winsxs\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_5e4ff1f4cf2dee9b\spanish gay licking cock 50+ .mpeg.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\black gang bang beast lesbian young .mpg.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_657d9a203abeb154\japanese cum hardcore hidden blondie .rar.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ea4a469ab7713182\cumshot hardcore licking .zip.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_6.1.7600.16385_none_af6f98ff87b0e3cc\horse [milf] sweet .mpg.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\russian horse sperm lesbian YEâPSè& .rar.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_6.1.7600.16385_none_6377027f0030a06a\japanese fetish gay catfight 40+ .mpg.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_6208b91f46896156\american nude xxx public glans .mpg.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_cd2006602e5ee22e\african sperm several models hole .mpg.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_3d98a610fed70b75\indian beastiality blowjob [bangbus] wifey .zip.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\sperm [free] hole upskirt .zip.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Windows\winsxs\Temp\american animal lesbian [bangbus] (Jade).zip.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\lingerie [free] titts .zip.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Windows\Downloaded Program Files\tyrkish horse sperm sleeping redhair .mpeg.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8d9f242de8497d58\french lesbian catfight girly .zip.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\russian horse fucking uncut castration .rar.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_f27c4f066f5c6701\black horse blowjob voyeur cock .mpg.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_34400a5790d1d336\swedish horse lesbian full movie feet redhair .mpg.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ad7c61fb28607522\spanish sperm full movie hole lady (Melissa).mpg.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_6b16fa9f975e1109\porn sperm sleeping hole upskirt (Melissa).zip.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_965db382b6fef5cb\asian trambling several models cock black hairunshaved .zip.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Windows\mssrv.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_de-de_5803850b2f40840e\canadian blowjob hot (!) circumcision .rar.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_bacc7ceffc55dca2\animal beast uncut hole .zip.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0af98f1835676d1b\gay public fishy .rar.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_60a2cbbf935c42b4\german gay public .mpg.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\japanese action horse lesbian cock YEâPSè& (Jade).avi.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\russian kicking beast masturbation cock .zip.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_293ea1e3e6bc5364\gay girls hole upskirt .avi.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_en-us_00f45b041e1e8fd3\beast uncut titts high heels (Melissa).mpg.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_2e7f079c3208e549\fucking public cock 40+ (Sarah).avi.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Windows\winsxs\amd64_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_c26c5b8280c6af34\swedish beastiality lingerie hot (!) .rar.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_7f84cd98a7a56fd8\cum blowjob [bangbus] cock .avi.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\lingerie public .rar.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5d9f7d70ed4643fd\swedish nude hardcore hot (!) .rar.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e30b5ec05031d17d\african trambling uncut high heels .mpg.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8bfc34b93f0fdd42\hardcore [free] glans .avi.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_bcc167434bb9b3ea\malaysia sperm big .mpeg.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_1412267f4b3bb985\danish handjob lingerie public hairy .mpeg.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_4d274741486b900c\italian action fucking catfight glans .rar.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f25d066604c2ad34\action bukkake hidden (Samantha).zip.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8c6fc5a7aa8c435d\gang bang sperm lesbian .rar.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8bc7919d3f36cee7\swedish handjob beast full movie upskirt .rar.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_f3c374fc18118ca2\asian horse hot (!) glans redhair (Karin).rar.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Windows\SoftwareDistribution\Download\beast uncut glans ìï .avi.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a3772de7111797da\malaysia beast sleeping mistress (Britney,Karin).rar.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Windows\winsxs\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_a945e2c500c90142\gang bang xxx [milf] 40+ .avi.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2196 wrote to memory of 2652 N/A C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe
PID 2196 wrote to memory of 2652 N/A C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe
PID 2196 wrote to memory of 2652 N/A C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe
PID 2196 wrote to memory of 2652 N/A C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe
PID 2652 wrote to memory of 2428 N/A C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe
PID 2652 wrote to memory of 2428 N/A C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe
PID 2652 wrote to memory of 2428 N/A C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe
PID 2652 wrote to memory of 2428 N/A C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe

Processes

C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe

"C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe"

C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe

"C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe"

C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe

"C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 132.170.69.52.in-addr.arpa udp
US 8.8.8.8:53 98.224.70.65.in-addr.arpa udp
US 8.8.8.8:53 68.203.254.183.in-addr.arpa udp
US 8.8.8.8:53 109.70.185.153.in-addr.arpa udp
US 8.8.8.8:53 250.164.238.249.in-addr.arpa udp
US 8.8.8.8:53 194.97.118.156.in-addr.arpa udp
US 8.8.8.8:53 5.16.57.212.in-addr.arpa udp
US 8.8.8.8:53 154.139.113.29.in-addr.arpa udp
US 8.8.8.8:53 109.53.246.113.in-addr.arpa udp
US 8.8.8.8:53 66.9.164.162.in-addr.arpa udp
US 8.8.8.8:53 215.230.191.83.in-addr.arpa udp
US 8.8.8.8:53 166.202.28.119.in-addr.arpa udp
US 8.8.8.8:53 189.86.208.205.in-addr.arpa udp
US 8.8.8.8:53 42.93.249.80.in-addr.arpa udp
US 8.8.8.8:53 182.158.69.22.in-addr.arpa udp
US 8.8.8.8:53 211.138.187.4.in-addr.arpa udp
US 8.8.8.8:53 120.33.117.15.in-addr.arpa udp
US 8.8.8.8:53 217.29.224.17.in-addr.arpa udp
US 8.8.8.8:53 127.116.16.93.in-addr.arpa udp
US 8.8.8.8:53 54.237.186.76.in-addr.arpa udp
US 8.8.8.8:53 45.172.182.202.in-addr.arpa udp
US 8.8.8.8:53 134.154.68.49.in-addr.arpa udp

Files

memory/2196-0-0x0000000000400000-0x000000000041B000-memory.dmp

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\beast voyeur glans traffic (Samantha).zip.exe

MD5 03671fcea7df9c3628e0b224e6e087d5
SHA1 2b7145cd5af0d253c7057306ee5f2479f7c57e0d
SHA256 b1d56cb083431a8e1dfa5fa2f019e957fe82d3996133bff0dbb7d1eb776cc1da
SHA512 26d2ad977d0077274941e5e1b32d30fda8b4a943f7191bb6fa0cf92ccb3cff820d6a1a90c89147aeb852f10c1601376e018a58a344f26491d3db1883ecd67955

memory/2196-15-0x0000000004980000-0x000000000499B000-memory.dmp

memory/2652-16-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2428-59-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2652-58-0x0000000004680000-0x000000000469B000-memory.dmp

memory/2196-83-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2652-84-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2428-85-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2196-86-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2196-87-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2196-90-0x0000000004980000-0x000000000499B000-memory.dmp

memory/2652-92-0x0000000004680000-0x000000000469B000-memory.dmp

memory/2196-93-0x0000000000400000-0x000000000041B000-memory.dmp

C:\debug.txt

MD5 c43d77c769eb0077b8baea8661692f7d
SHA1 d1710dd9dafe965ab43014dfa8c4454794bf7efc
SHA256 c68f36a5454cf4e161fe9c56e6bacd52e95dae2c4279ef5e0865ed1bf3c47ebe
SHA512 ff24997f9302759b0cd8fd424869a1f7950976ea681971d2c64f2f07b2b904e74916f0024754062ead7e77df99c541708bcffa8807b9f6b285b2668c72ce7d22

memory/2196-106-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2196-109-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2196-112-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2196-115-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2196-118-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2196-123-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2196-126-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2196-129-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2196-132-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2196-135-0x0000000000400000-0x000000000041B000-memory.dmp

memory/2196-138-0x0000000000400000-0x000000000041B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-04-08 01:04

Reported

2024-04-08 01:06

Platform

win10v2004-20240319-en

Max time kernel

150s

Max time network

161s

Command Line

"C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe"

Signatures

Detects executables containing possible sandbox analysis VM usernames

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\DriverStore\Temp\black cumshot lingerie catfight feet beautyfull (Jade).mpg.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\canadian horse [free] .avi.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\blowjob girls hole ash .zip.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\horse hidden wifey .mpg.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Windows\SysWOW64\IME\SHARED\bukkake full movie glans .zip.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\horse voyeur .mpg.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\xxx hot (!) hole mature (Karin).avi.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Windows\System32\LogFiles\Fax\Incoming\russian handjob horse licking cock latex .avi.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\beast hot (!) castration .mpeg.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\italian cum horse hidden feet castration (Sylvia).zip.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\russian porn xxx catfight .mpeg.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Windows\SysWOW64\IME\SHARED\swedish beastiality beast hidden .rar.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\brasilian kicking lesbian several models leather .zip.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\italian cumshot lingerie several models boots .rar.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\gay girls .mpeg.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\blowjob full movie penetration (Sonja,Sarah).rar.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Program Files\Microsoft Office\Updates\Download\bukkake uncut cock ¼ë .rar.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Program Files (x86)\Google\Update\Download\lesbian several models .avi.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\american cumshot fucking uncut shower .rar.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\chinese hardcore [milf] granny .avi.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\japanese kicking trambling catfight beautyfull .mpg.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\lesbian licking .mpeg.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Program Files\dotnet\shared\bukkake hidden .mpg.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\sperm voyeur cock sweet .avi.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\blowjob big .mpeg.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Program Files (x86)\Google\Temp\blowjob catfight boots .avi.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Install\{D3EA2F86-0081-495C-8439-1E64CA71F999}\EDGEMITMP_57EE5.tmp\black nude xxx big glans .zip.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Program Files\Common Files\microsoft shared\indian cumshot beast [milf] glans mistress .mpg.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\danish cum trambling [bangbus] glans leather .mpg.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Program Files\Windows Sidebar\Shared Gadgets\spanish horse catfight (Sylvia).zip.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\russian nude hardcore masturbation glans ash (Tatjana).mpg.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_es-es_c9ce604ef4cbf323\animal gay sleeping (Karin).avi.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.746_none_a06b29f6c4bab99e\british bukkake hidden traffic .zip.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.1266_none_7916f7558927ae23\british hardcore public feet wifey .mpeg.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_e79b400a6df5fd2c\chinese bukkake hot (!) feet upskirt (Samantha).avi.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_10.0.19041.1_none_096bb4dc0d5d63a0\horse trambling public glans .zip.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedpc-sharedpccsp_31bf3856ad364e35_10.0.19041.746_none_4cfe603abbcbfd86\american cumshot trambling sleeping .mpeg.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_10.0.19041.1_none_01240756137c3159\italian cum gay public femdom .zip.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\brasilian nude gay hot (!) blondie (Gina,Tatjana).zip.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\tyrkish beastiality sperm hidden titts sweet .mpeg.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1151_none_fbdc4c5f677dc2ec\action horse [bangbus] .avi.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-u..tyvm-sysprep-shared_31bf3856ad364e35_10.0.19041.1_none_3ba048793ab5eb3f\danish nude xxx masturbation bondage .mpeg.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.1_none_4a03fd12cb3f16c2\horse lingerie hidden traffic .rar.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-a..gement-uevtemplates_31bf3856ad364e35_10.0.19041.1_none_0d66b54875835a49\asian fucking lesbian .mpg.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_14c898cc82025c76\tyrkish nude horse hot (!) hole .mpeg.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Windows\WinSxS\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_10.0.19041.1_none_15ba23b7f1e2b81b\british beast sleeping cock swallow .rar.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_ab42fb092bda9182\russian beastiality bukkake catfight femdom (Sonja,Karin).avi.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_93c5f32b7859ec4f\blowjob [free] .mpg.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..ervices-tsfairshare_31bf3856ad364e35_10.0.19041.1_none_e32b64807ab11fd2\american action horse catfight wifey .zip.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Windows\WinSxS\x86_microsoft-windows-m..-temptable-provider_31bf3856ad364e35_10.0.19041.1_none_77cfea69a421a4a1\malaysia bukkake hot (!) leather .avi.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.1_none_abfc9db6c377b91f\russian porn horse sleeping boots (Sonja,Sylvia).mpeg.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_en-us_e5f85095c4bc5d16\chinese xxx big titts .zip.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.1_none_6e0e425bd0e83959\japanese gang bang fucking [milf] feet ejaculation (Tatjana).zip.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_215194e2327a46ac\beastiality bukkake voyeur balls .zip.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_10.0.19041.1_none_bd731e5b85dd203e\black beastiality beast [milf] gorgeoushorny .mpeg.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_a4f93129c473df49\asian bukkake big leather .mpg.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.867_none_c29826784f9429f8\british trambling hot (!) .mpeg.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.746_none_d404daff82e97769\norwegian bukkake [milf] high heels .mpeg.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_it-it_1a80ce63d483fe70\fetish trambling [milf] hole pregnant .mpg.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Windows\WinSxS\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_10.0.19041.1_none_4ab14109a3e1e067\action bukkake big (Sarah).rar.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Windows\WinSxS\x86_netfx4-uninstallsqlstatetemplate_sql_b03f5f7f11d50a3a_4.0.15805.0_none_231ddfc33015c6db\black cum lesbian [free] girly .zip.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\Downloads\japanese horse fucking big (Sarah).mpg.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_es-es_bf79b5fcc06b3128\action sperm hidden hole YEâPSè& .avi.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-u..ell-sharedutilities_31bf3856ad364e35_10.0.19041.546_none_a93e4a2569276206\cum sperm girls bondage .mpg.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_ee7ea14f7d8a3ee3\swedish fetish horse sleeping cock shower (Samantha).avi.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1_none_0b596e2a33be7d4c\horse [bangbus] titts gorgeoushorny .mpeg.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_10.0.19041.1_none_965fbcbe4df0916b\russian horse beast masturbation hairy .avi.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Windows\WinSxS\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_10.0.19041.1_none_0341fea186758116\gay uncut .zip.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\templates\tyrkish kicking gay [milf] .zip.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..s-ime-eashared-ihds_31bf3856ad364e35_10.0.19041.1_none_e8996b7d3512363f\malaysia fucking masturbation .zip.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_10.0.19041.1_none_551afa5edf8be30e\black cumshot gay [bangbus] hole (Britney,Curtney).zip.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Windows\WinSxS\amd64_netfx4-_dataoraclec.._shared12_neutral_h_b03f5f7f11d50a3a_4.0.15805.0_none_3b8d4dacc2ea6b71\canadian bukkake full movie feet sm .rar.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Windows\PLA\Templates\xxx catfight upskirt .rar.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1_none_97e9c0335b4cd39a\spanish beast hot (!) glans redhair .avi.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_it-it_f1a0741e853eda74\asian blowjob voyeur castration .rar.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..mon-sharedresources_31bf3856ad364e35_10.0.19041.1_none_5417ea1f38dbb76b\norwegian bukkake uncut glans .zip.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_fe0807c37141be7a\malaysia gay [bangbus] cock hotel .rar.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.746_none_b53f8b98f2b3a373\asian beast [bangbus] lady (Sandy,Melissa).rar.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Windows\Downloaded Program Files\bukkake sleeping feet .avi.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1288_none_56c05939711f0938\beast big feet hairy .rar.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_ca03036af4a5017e\fucking hidden hotel (Sonja,Karin).avi.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.84_none_81616275259e37fe\spanish fucking [bangbus] traffic .mpg.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_de-de_e4e52f411b7b0526\trambling girls girly .mpg.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-m..ineshared.resources_31bf3856ad364e35_10.0.19041.1_en-us_a4327320c19e2fa7\russian handjob horse [milf] .zip.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.572_none_d9e58b774d1b6e80\action lesbian hidden feet .rar.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_2426cc56d654beaa\japanese horse gay masturbation pregnant (Gina,Sarah).avi.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Windows\InputMethod\SHARED\russian gang bang xxx lesbian Ôï .rar.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.906_none_ef0e010d1381269b\american beastiality gay [bangbus] pregnant .mpeg.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Windows\WinSxS\amd64_netfx4-uninstallsqlstatetemplate_sql_b03f5f7f11d50a3a_4.0.15805.0_none_db70a8ec1b999dd5\black nude horse [milf] (Jade).avi.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\brasilian action blowjob hot (!) sm (Jenna,Janette).mpeg.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.1_none_b201c2e68d8dbc0d\canadian lesbian girls upskirt (Anniston,Karin).avi.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedpc-sharedpccsp_31bf3856ad364e35_10.0.19041.1_none_24f622f1fc5a3f3c\asian xxx catfight stockings .mpg.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_6c6bd34f082a97f1\danish gang bang horse several models hole .rar.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_10.0.19041.1_none_91025638be651781\animal trambling voyeur shoes .mpg.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_62312bfbb33d478a\gang bang xxx hidden glans Ôï .rar.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1972 wrote to memory of 968 N/A C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe
PID 1972 wrote to memory of 968 N/A C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe
PID 1972 wrote to memory of 968 N/A C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe
PID 1972 wrote to memory of 4264 N/A C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe
PID 1972 wrote to memory of 4264 N/A C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe
PID 1972 wrote to memory of 4264 N/A C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe
PID 968 wrote to memory of 3120 N/A C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe
PID 968 wrote to memory of 3120 N/A C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe
PID 968 wrote to memory of 3120 N/A C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe

Processes

C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe

"C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe"

C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe

"C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe"

C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe

"C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe"

C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe

"C:\Users\Admin\AppData\Local\Temp\c0c4cb6534f1f534400214060a3d3722b6e3b43deebae20fbc665ec69571118e.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1328 --field-trial-handle=2260,i,11662483365823245381,11064702639240765741,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 74.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 0.204.248.87.in-addr.arpa udp
US 8.8.8.8:53 21.114.53.23.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 20.231.121.79:80 tcp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
GB 13.105.221.15:443 tcp
GB 13.105.221.15:443 tcp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 68.131.43.109.in-addr.arpa udp
US 8.8.8.8:53 27.62.248.89.in-addr.arpa udp
US 8.8.8.8:53 40.255.58.232.in-addr.arpa udp
US 8.8.8.8:53 17.247.46.162.in-addr.arpa udp
US 8.8.8.8:53 117.114.129.212.in-addr.arpa udp
US 8.8.8.8:53 148.59.181.226.in-addr.arpa udp
US 8.8.8.8:53 228.70.95.229.in-addr.arpa udp
US 8.8.8.8:53 13.130.77.1.in-addr.arpa udp
US 8.8.8.8:53 177.154.9.215.in-addr.arpa udp
US 8.8.8.8:53 166.64.154.36.in-addr.arpa udp
US 8.8.8.8:53 176.54.37.11.in-addr.arpa udp
US 8.8.8.8:53 242.223.51.236.in-addr.arpa udp
US 8.8.8.8:53 229.75.122.165.in-addr.arpa udp
US 8.8.8.8:53 24.26.129.138.in-addr.arpa udp
US 8.8.8.8:53 160.113.52.76.in-addr.arpa udp
US 8.8.8.8:53 114.152.204.68.in-addr.arpa udp
US 8.8.8.8:53 177.158.4.105.in-addr.arpa udp
US 8.8.8.8:53 17.61.164.211.in-addr.arpa udp
US 8.8.8.8:53 182.247.55.188.in-addr.arpa udp
US 8.8.8.8:53 106.180.179.248.in-addr.arpa udp
US 8.8.8.8:53 242.176.12.111.in-addr.arpa udp
US 8.8.8.8:53 120.84.111.24.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 84.87.9.115.in-addr.arpa udp
US 8.8.8.8:53 219.89.224.203.in-addr.arpa udp
US 8.8.8.8:53 236.129.169.121.in-addr.arpa udp
US 8.8.8.8:53 215.11.178.125.in-addr.arpa udp
US 8.8.8.8:53 93.129.13.125.in-addr.arpa udp
US 8.8.8.8:53 164.36.216.246.in-addr.arpa udp
US 8.8.8.8:53 149.229.69.30.in-addr.arpa udp
US 8.8.8.8:53 246.37.230.227.in-addr.arpa udp
US 8.8.8.8:53 233.44.202.119.in-addr.arpa udp
US 8.8.8.8:53 229.109.10.18.in-addr.arpa udp
US 8.8.8.8:53 161.227.97.159.in-addr.arpa udp
US 8.8.8.8:53 237.155.97.190.in-addr.arpa udp
US 8.8.8.8:53 234.85.188.45.in-addr.arpa udp
US 8.8.8.8:53 17.182.63.220.in-addr.arpa udp
US 8.8.8.8:53 167.233.172.176.in-addr.arpa udp
US 8.8.8.8:53 69.203.138.128.in-addr.arpa udp
US 8.8.8.8:53 163.221.213.80.in-addr.arpa udp
US 8.8.8.8:53 254.49.250.83.in-addr.arpa udp
US 8.8.8.8:53 25.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 239.206.32.40.in-addr.arpa udp
US 8.8.8.8:53 214.15.37.165.in-addr.arpa udp
US 8.8.8.8:53 164.201.138.216.in-addr.arpa udp
US 8.8.8.8:53 22.36.208.223.in-addr.arpa udp
US 8.8.8.8:53 232.95.168.143.in-addr.arpa udp
US 8.8.8.8:53 123.63.206.41.in-addr.arpa udp

Files

memory/1972-0-0x0000000000400000-0x000000000041B000-memory.dmp

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\gay girls .mpeg.exe

MD5 0f22294037af3cfe46cde04d0f4c852e
SHA1 e031e2a6fedc683297af3e9005f46c2b01e0f2f1
SHA256 7778c2b0eb9c248283d9d39b5eadd84605b5380486445ea3b5b96e7411bd2b4b
SHA512 a41e5a98ac5d6967356cc6c81d3c2a540a9b3d56c7d8a3a4e77b28cd087d957d21e7bec3818382be5e77cd375f0f7b617c31a922a75f94e1a4b609ee8adb1144

memory/968-10-0x0000000000400000-0x000000000041B000-memory.dmp

memory/4264-55-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1972-147-0x0000000000400000-0x000000000041B000-memory.dmp

memory/968-168-0x0000000000400000-0x000000000041B000-memory.dmp

memory/4264-176-0x0000000000400000-0x000000000041B000-memory.dmp

memory/3120-177-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1972-188-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1972-189-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1972-193-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1972-197-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1972-201-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1972-206-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1972-212-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1972-226-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1972-230-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1972-234-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1972-238-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1972-243-0x0000000000400000-0x000000000041B000-memory.dmp

memory/1972-247-0x0000000000400000-0x000000000041B000-memory.dmp