Malware Analysis Report

2024-11-30 07:54

Sample ID 240603-gbthwadd5s
Target f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab
SHA256 f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab
Tags
persistence spyware stealer upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab

Threat Level: Known bad

The file f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab was found to be: Known bad.

Malicious Activity Summary

persistence spyware stealer upx

UPX dump on OEP (original entry point)

UPX dump on OEP (original entry point)

Checks computer location settings

Reads user/profile data of web browsers

UPX packed file

Adds Run key to start application

Enumerates connected drives

Drops file in System32 directory

Drops file in Windows directory

Drops file in Program Files directory

Enumerates physical storage devices

Unsigned PE

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-03 05:38

Signatures

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-03 05:38

Reported

2024-06-03 05:40

Platform

win7-20240508-en

Max time kernel

150s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe"

Signatures

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\FxsTmp\russian nude trambling [milf] ash (Kathrin,Curtney).avi.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\american action lingerie catfight (Samantha).mpeg.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Windows\SysWOW64\IME\shared\italian animal beast several models pregnant .zip.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\lesbian big femdom .mpeg.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\italian fetish lesbian girls .rar.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Windows\System32\LogFiles\Fax\Incoming\horse lesbian titts redhair .avi.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\swedish cumshot bukkake masturbation femdom .rar.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\swedish action lesbian voyeur shower (Sandy,Sylvia).zip.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Windows\System32\DriverStore\Temp\danish cum horse full movie penetration .avi.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Windows\SysWOW64\IME\shared\lesbian catfight feet .mpeg.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\Microsoft Shared\blowjob hot (!) 40+ .mpeg.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Program Files (x86)\Google\Temp\brasilian handjob trambling hidden hotel .mpg.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\lingerie several models bondage .avi.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Program Files\DVD Maker\Shared\trambling licking (Janette).mpg.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\italian gang bang blowjob public hole .rar.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\brasilian fetish trambling lesbian fishy .zip.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\indian nude lingerie licking feet .zip.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\swedish fetish bukkake girls .rar.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\danish nude lingerie lesbian titts beautyfull .rar.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\beast full movie cock .mpg.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Program Files\Windows Journal\Templates\trambling uncut glans (Kathrin,Sylvia).mpg.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Program Files\Windows Sidebar\Shared Gadgets\trambling several models high heels .rar.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Program Files (x86)\Google\Update\Download\horse public hole granny (Samantha).mpeg.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\xxx catfight (Tatjana).avi.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\trambling catfight .zip.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\italian cumshot fucking masturbation .mpg.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_387a16fe7addf3b6\malaysia hardcore [milf] (Melissa).mpg.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_095efe9c8261401e\animal hardcore lesbian shoes .avi.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ac16749b75335680\brasilian horse fucking sleeping glans sweet (Curtney).avi.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_3863e9ef3f804dd9\cumshot bukkake catfight .mpeg.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\tyrkish beastiality bukkake hidden titts swallow .rar.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_965db382b6fef5cb\black horse hardcore catfight glans (Jenna,Liz).avi.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_60a2cbbf935c42b4\danish cumshot hardcore full movie granny (Ashley,Liz).zip.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_ddab3bcb3a4ffb45\blowjob lesbian glans (Sonja,Liz).mpeg.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\bukkake several models .rar.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\Downloads\trambling big titts (Jenna,Karin).mpg.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8bc7919d3f36cee7\german sperm big feet femdom .zip.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_4fe2107fd06efdd8\asian lesbian catfight .mpg.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_6f0f7833cb71e18d\brasilian beastiality blowjob lesbian hole granny .rar.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_6.1.7600.16385_none_49dd84a06c7c8863\beast hidden shower (Ashley,Liz).zip.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ad7c61fb28607522\asian gay girls feet .mpeg.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Windows\mssrv.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Windows\assembly\temp\hardcore masturbation YEâPSè& .mpg.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05\blowjob several models swallow .mpeg.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\trambling sleeping hole bedroom (Sarah).rar.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5d6ada54ed6d35a2\german hardcore catfight hole gorgeoushorny .zip.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_6.1.7600.16385_none_5499606faffb3f9f\xxx masturbation glans .rar.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a3772de7111797da\american cumshot xxx sleeping fishy .mpg.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_39c9d74ef2ad6c7b\fetish lesbian several models fishy .rar.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_3d98a610fed70b75\chinese xxx licking swallow (Sonja,Samantha).mpeg.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_7bfdfb15e7184c41\black cum fucking full movie shower .mpg.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_f3c374fc18118ca2\fetish lesbian public mature .avi.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\american animal lingerie masturbation hotel .avi.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\danish horse blowjob [milf] .mpeg.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Windows\SoftwareDistribution\Download\bukkake [bangbus] 40+ .rar.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_7f84cd98a7a56fd8\italian action fucking voyeur ejaculation .mpg.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_4d274741486b900c\russian animal hardcore [free] glans .mpeg.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_6.1.7600.16385_none_2958d4a31d2ec64f\brasilian nude beast big traffic .mpg.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_bacc7ceffc55dca2\gay full movie bondage .mpg.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0ac4ebfc358e5ec0\american handjob gay girls glans gorgeoushorny (Janette).zip.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_6.1.7600.16385_none_a727eb798dcfb185\asian lesbian hot (!) titts sweet .mpeg.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\indian kicking lesbian lesbian YEâPSè& .rar.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2fc4a33adb648f33\french sperm catfight cock .avi.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_664dbffec8693dfe\lingerie [free] hole shoes .avi.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\american gang bang blowjob big (Sarah).zip.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8d9f242de8497d58\lesbian catfight .mpeg.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_1412267f4b3bb985\horse blowjob public titts .mpeg.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_aea650787d30ed8a\asian sperm uncut glans .zip.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\american action sperm girls cock upskirt .mpg.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_bcc167434bb9b3ea\american beastiality bukkake [free] hole black hairunshaved .rar.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_3c93ac15fd731acf\canadian lesbian [bangbus] penetration .avi.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_3b85bcbe4734e96a\asian blowjob full movie titts .mpg.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\Downloads\xxx full movie (Karin).mpeg.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Windows\winsxs\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_39374e2435a71b47\malaysia fucking licking granny .mpeg.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_d8216ed3d8746200\tyrkish cumshot xxx hot (!) feet .mpeg.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\black porn xxx lesbian pregnant .zip.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\fucking public titts .avi.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Windows\winsxs\InstallTemp\nude blowjob [free] .avi.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Windows\winsxs\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_dba3691c6002e10e\beastiality sperm [free] bedroom .avi.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\tyrkish kicking gay voyeur hole .zip.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f25d066604c2ad34\hardcore [bangbus] titts .zip.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e30b5ec05031d17d\african beast hot (!) cock .avi.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_f0ca3430257ea13f\italian handjob sperm girls titts balls .mpg.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_aedaf3947d09fbe5\sperm several models feet castration (Tatjana).mpg.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8bfc34b93f0fdd42\hardcore lesbian feet beautyfull (Sarah).mpg.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Windows\winsxs\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_a945e2c500c90142\blowjob [milf] hole redhair (Melissa).zip.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_cd2006602e5ee22e\asian bukkake hot (!) hole (Christine,Tatjana).rar.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Windows\security\templates\blowjob lesbian redhair (Sonja,Curtney).zip.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5d9f7d70ed4643fd\brasilian gang bang trambling big traffic (Anniston,Tatjana).mpg.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2104 wrote to memory of 1668 N/A C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe
PID 2104 wrote to memory of 1668 N/A C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe
PID 2104 wrote to memory of 1668 N/A C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe
PID 2104 wrote to memory of 1668 N/A C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe
PID 1668 wrote to memory of 1908 N/A C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe
PID 1668 wrote to memory of 1908 N/A C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe
PID 1668 wrote to memory of 1908 N/A C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe
PID 1668 wrote to memory of 1908 N/A C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe

Processes

C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe

"C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe"

C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe

"C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe"

C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe

"C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 146.14.95.141.in-addr.arpa udp
US 8.8.8.8:53 115.225.71.224.in-addr.arpa udp
US 8.8.8.8:53 239.217.152.101.in-addr.arpa udp
US 8.8.8.8:53 109.16.80.41.in-addr.arpa udp
US 8.8.8.8:53 90.11.163.205.in-addr.arpa udp
US 8.8.8.8:53 33.245.65.186.in-addr.arpa udp
US 8.8.8.8:53 80.159.110.92.in-addr.arpa udp
US 8.8.8.8:53 67.114.171.16.in-addr.arpa udp
US 8.8.8.8:53 103.252.26.118.in-addr.arpa udp
US 8.8.8.8:53 142.61.21.41.in-addr.arpa udp
US 8.8.8.8:53 165.163.68.47.in-addr.arpa udp
US 8.8.8.8:53 237.13.132.121.in-addr.arpa udp
US 8.8.8.8:53 67.155.234.138.in-addr.arpa udp
US 8.8.8.8:53 149.77.238.68.in-addr.arpa udp
US 8.8.8.8:53 174.223.18.41.in-addr.arpa udp
US 8.8.8.8:53 224.4.203.6.in-addr.arpa udp
US 8.8.8.8:53 74.88.3.96.in-addr.arpa udp
US 8.8.8.8:53 133.76.227.64.in-addr.arpa udp
US 8.8.8.8:53 38.47.151.1.in-addr.arpa udp
US 8.8.8.8:53 186.240.224.127.in-addr.arpa udp
US 8.8.8.8:53 24.173.118.194.in-addr.arpa udp
US 8.8.8.8:53 114.175.6.157.in-addr.arpa udp
US 8.8.8.8:53 251.107.111.206.in-addr.arpa udp
US 8.8.8.8:53 5.1.208.170.in-addr.arpa udp
US 8.8.8.8:53 132.179.29.225.in-addr.arpa udp
US 8.8.8.8:53 84.228.22.37.in-addr.arpa udp

Files

memory/2104-0-0x0000000000400000-0x000000000041E000-memory.dmp

C:\Program Files\Windows Sidebar\Shared Gadgets\trambling several models high heels .rar.exe

MD5 fe9f13b25c98138c9611be86ef1eede1
SHA1 64dfee3832ab6d03bb05db72d2e6451855d16667
SHA256 b35f5959047f5851c9ca49149cd6a172a7a039db8350205056992aaa42927619
SHA512 89dadb3f1590c54a4b7d0d7d8ed42f475b0a8447e62b455fe908b4019b0eb804d21a10b5108f6ea531721ddb689b94fa10ec5f692b87a0a8c973002b750bc5d2

memory/1668-64-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2104-63-0x0000000004810000-0x000000000482E000-memory.dmp

memory/1908-88-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1668-87-0x0000000004A90000-0x0000000004AAE000-memory.dmp

memory/2104-105-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2104-107-0x0000000004810000-0x000000000482E000-memory.dmp

memory/1668-108-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1668-109-0x0000000004A90000-0x0000000004AAE000-memory.dmp

memory/1908-110-0x0000000000400000-0x000000000041E000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-03 05:38

Reported

2024-06-03 05:40

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe"

Signatures

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\config\systemprofile\beastiality full movie cock fishy .mpg.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Windows\SysWOW64\IME\SHARED\bukkake girls .avi.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Windows\System32\LogFiles\Fax\Incoming\spanish lingerie voyeur pregnant .rar.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\swedish animal hot (!) glans boots .avi.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\norwegian blowjob voyeur leather (Sonja).rar.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\black fucking cumshot masturbation mistress .avi.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Windows\System32\DriverStore\Temp\lesbian girls upskirt .mpeg.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\nude uncut nipples beautyfull .rar.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\indian trambling [free] cock .zip.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\danish kicking big legs .mpg.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\brasilian bukkake licking glans (Christine).zip.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Windows\SysWOW64\IME\SHARED\norwegian xxx cumshot lesbian wifey (Jade,Sarah).mpeg.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\french fucking masturbation mature .mpeg.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\danish lingerie [milf] ash pregnant (Anniston,Sarah).avi.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\african horse girls feet fishy .zip.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\horse action lesbian YEâPSè& (Gina).mpeg.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Program Files\Common Files\microsoft shared\canadian lesbian uncut feet leather (Britney).zip.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Program Files\dotnet\shared\gay [milf] ash mature .zip.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\fucking animal catfight vagina mistress .zip.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\african action big lady .avi.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\chinese nude [bangbus] glans .rar.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\nude cum uncut .zip.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\russian trambling girls .zip.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Program Files (x86)\Google\Temp\german cum fucking catfight cock circumcision .mpeg.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Program Files (x86)\Google\Update\Download\porn sleeping .mpg.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\russian hardcore full movie leather .avi.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Program Files\Microsoft Office\Updates\Download\african kicking girls glans (Curtney,Sarah).zip.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Program Files\Windows Sidebar\Shared Gadgets\canadian porn cumshot catfight mature .mpeg.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\malaysia horse fetish licking shower .rar.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\chinese sperm [bangbus] boobs boots .mpg.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_10.0.19041.1_none_bd731e5b85dd203e\lingerie horse hot (!) (Jade,Sonja).mpeg.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_6242879b1c08046f\action lingerie lesbian .rar.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.844_none_67b5915b5651dd8a\african sperm hot (!) 40+ (Sandy).mpeg.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_833abdc06c68d338\cum licking black hairunshaved (Sylvia).avi.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_it-it_bdb6c49fcea35732\danish xxx lesbian several models .zip.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_f07d4fae3e8e883f\tyrkish porn big hairy .zip.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_57eddd48e7a74274\horse animal [milf] boobs ash .mpg.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Windows\WinSxS\InstallTemp\nude cum [bangbus] cock bedroom .avi.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedpc-sharedpccsp_31bf3856ad364e35_10.0.19041.1_none_24f622f1fc5a3f3c\hardcore big leather .mpg.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_10.0.19041.1_none_4ac6500cab2b2113\gang bang voyeur legs .rar.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_10.0.19041.1_none_551afa5edf8be30e\lesbian public boobs hotel (Sonja,Anniston).mpeg.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\chinese horse [milf] young .mpg.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_56cd15352969a8d0\italian porn cum public blondie (Christine,Sandy).zip.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_f3b35d713ce0fc7f\bukkake [free] (Britney,Curtney).rar.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_10.0.19041.1_none_965fbcbe4df0916b\hardcore voyeur (Sonja,Liz).mpg.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Windows\assembly\tmp\fucking big ejaculation .mpg.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.1_none_b201c2e68d8dbc0d\swedish blowjob horse girls hotel (Kathrin,Jade).mpeg.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\german kicking blowjob [milf] ash .mpeg.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_b1ffa0e7b4ed03e2\canadian horse fucking sleeping YEâPSè& (Christine,Curtney).mpg.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_10.0.19041.1_none_ee94ce5eb8e7e4c0\cum voyeur .mpeg.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_10.0.19041.1_none_91025638be651781\american fucking voyeur legs shoes (Kathrin,Sandy).zip.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_ca03036af4a5017e\black gang bang [free] pregnant .mpg.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_10.0.19041.1_none_01240756137c3159\malaysia porn catfight .mpeg.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_855aff45853749ef\swedish sperm beastiality sleeping cock hairy (Ashley,Curtney).mpeg.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..se-shared-datafiles_31bf3856ad364e35_10.0.19041.1_none_2f5f00d280dce9f6\beastiality horse sleeping cock mistress .zip.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.1_none_abfc9db6c377b91f\indian cum fetish masturbation glans fishy .zip.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..mon-sharedresources_31bf3856ad364e35_10.0.19041.1_none_5417ea1f38dbb76b\canadian gay [free] boots .zip.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_en-us_64f5aaf4bb13ecef\norwegian fetish [milf] hole (Curtney,Britney).mpeg.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Windows\WinSxS\x86_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_10.0.19041.1_none_34e3bab50607a64b\porn nude sleeping mistress (Karin,Jade).mpg.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.84_none_cee95e04c201c860\canadian cum licking hole bedroom .zip.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\russian hardcore catfight mistress .mpg.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_14c898cc82025c76\bukkake [milf] .rar.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_3058d81cfd5218f2\black blowjob porn voyeur boobs .mpg.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_it-it_56adcc94becfef03\african xxx beast lesbian girly .mpeg.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\Downloads\bukkake handjob catfight 50+ .rar.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_10.0.19041.1_none_8c0b126c198fcf70\japanese hardcore voyeur young .mpg.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_887b2378b7b5651d\african cumshot big wifey .rar.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_it-it_1a80ce63d483fe70\fucking cumshot [free] femdom (Samantha,Gina).avi.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_8d8f6812a0c99533\lesbian [bangbus] vagina fishy (Ashley,Sandy).rar.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_10.0.19041.207_none_e2f2dfeea7fa44fc\sperm [free] circumcision (Christine,Gina).avi.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Windows\assembly\temp\russian lesbian [bangbus] gorgeoushorny .avi.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Windows\InputMethod\SHARED\indian cum several models cock blondie .avi.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.928_none_33e0d5558cdd7c61\british animal handjob hot (!) YEâPSè& .zip.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_621728fcd3c9d5f6\tyrkish animal sleeping mature .rar.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_en-us_e5f85095c4bc5d16\fetish lesbian [bangbus] vagina boots .mpg.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Windows\WinSxS\x86_netfx4-uninstallsqlstatetemplate_sql_b03f5f7f11d50a3a_4.0.15805.0_none_231ddfc33015c6db\fetish girls sm (Sonja).zip.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.746_none_2212358fc33cc10f\canadian blowjob action catfight femdom .rar.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.746_none_d404daff82e97769\british handjob blowjob several models mature .avi.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_93c5f32b7859ec4f\hardcore girls balls (Sonja,Sonja).rar.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..ces-ime-eashared-lm_31bf3856ad364e35_10.0.19041.1_none_4756d423b091d10b\russian beastiality big feet swallow .avi.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Windows\WinSxS\x86_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_10.0.19041.1_none_d980e9752d51efac\malaysia lingerie beast masturbation vagina redhair (Sonja,Britney).mpeg.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.746_none_d01527cffa9c25bc\horse blowjob licking .avi.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_2fe79eae2833b9b1\italian gay hot (!) legs girly .mpg.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedpc-sharedpccsp_31bf3856ad364e35_10.0.19041.746_none_4cfe603abbcbfd86\black bukkake sperm uncut boobs hotel .avi.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_8fafa997b9980bea\french lesbian xxx uncut leather .mpeg.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..s-ime-eashared-ihds_31bf3856ad364e35_10.0.19041.1_none_e8996b7d3512363f\black xxx gang bang big YEâPSè& .rar.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_de-de_3d077a9cd5de5151\beastiality voyeur legs .mpeg.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_ee7ea14f7d8a3ee3\german gang bang horse sleeping sweet .mpg.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.964_none_1c1a193f5bfcf136\japanese gang bang hidden glans pregnant .avi.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Windows\WinSxS\Temp\asian handjob bukkake [bangbus] .mpeg.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\african porn full movie hole sm .zip.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.1_none_a80cea873b2a6772\german gang bang hot (!) .zip.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_de-de_16bd831fd16633be\german lingerie horse girls .mpg.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_it-it_4c5922428a6f2d08\tyrkish cumshot cum several models cock .zip.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4268 wrote to memory of 4552 N/A C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe
PID 4268 wrote to memory of 4552 N/A C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe
PID 4268 wrote to memory of 4552 N/A C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe
PID 4552 wrote to memory of 3612 N/A C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe
PID 4552 wrote to memory of 3612 N/A C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe
PID 4552 wrote to memory of 3612 N/A C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe

Processes

C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe

"C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe"

C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe

"C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe"

C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe

"C:\Users\Admin\AppData\Local\Temp\f6ce4527806a57bf51c4d70befa2a6efd27596e14cc0d5b4e003b9c6aa3873ab.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 144.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 69.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 8.8.8.8:53 67.31.126.40.in-addr.arpa udp
NL 23.62.61.155:443 www.bing.com tcp
US 8.8.8.8:53 155.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 14.142.121.196.in-addr.arpa udp
US 8.8.8.8:53 208.165.10.25.in-addr.arpa udp
US 8.8.8.8:53 193.219.113.229.in-addr.arpa udp
US 8.8.8.8:53 181.77.3.64.in-addr.arpa udp
US 8.8.8.8:53 69.12.190.160.in-addr.arpa udp
US 8.8.8.8:53 160.145.211.173.in-addr.arpa udp
US 8.8.8.8:53 157.79.116.1.in-addr.arpa udp
US 8.8.8.8:53 130.181.3.221.in-addr.arpa udp
US 8.8.8.8:53 156.238.55.204.in-addr.arpa udp
US 8.8.8.8:53 94.145.219.186.in-addr.arpa udp
US 8.8.8.8:53 142.17.206.44.in-addr.arpa udp
US 8.8.8.8:53 104.66.121.253.in-addr.arpa udp
US 8.8.8.8:53 251.79.243.181.in-addr.arpa udp
US 8.8.8.8:53 103.180.94.48.in-addr.arpa udp
US 8.8.8.8:53 203.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 250.156.221.109.in-addr.arpa udp
US 8.8.8.8:53 186.175.194.180.in-addr.arpa udp
US 8.8.8.8:53 123.115.116.154.in-addr.arpa udp
US 8.8.8.8:53 151.53.237.128.in-addr.arpa udp
US 8.8.8.8:53 4.96.145.189.in-addr.arpa udp
US 8.8.8.8:53 64.217.69.97.in-addr.arpa udp
US 8.8.8.8:53 56.25.32.44.in-addr.arpa udp
US 8.8.8.8:53 55.190.196.244.in-addr.arpa udp
US 8.8.8.8:53 34.231.110.7.in-addr.arpa udp
US 8.8.8.8:53 159.43.58.115.in-addr.arpa udp
US 8.8.8.8:53 64.118.161.26.in-addr.arpa udp
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 151.165.163.105.in-addr.arpa udp
US 8.8.8.8:53 95.49.115.19.in-addr.arpa udp
US 8.8.8.8:53 112.141.225.169.in-addr.arpa udp
US 8.8.8.8:53 172.81.137.167.in-addr.arpa udp
US 8.8.8.8:53 181.176.109.143.in-addr.arpa udp
US 8.8.8.8:53 182.104.208.119.in-addr.arpa udp
US 8.8.8.8:53 163.119.240.242.in-addr.arpa udp
US 8.8.8.8:53 80.221.124.23.in-addr.arpa udp
US 8.8.8.8:53 47.43.247.229.in-addr.arpa udp
US 8.8.8.8:53 50.230.190.108.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 81.51.28.205.in-addr.arpa udp
US 8.8.8.8:53 178.195.206.43.in-addr.arpa udp
US 8.8.8.8:53 139.144.194.102.in-addr.arpa udp
US 8.8.8.8:53 28.82.112.116.in-addr.arpa udp
US 8.8.8.8:53 87.65.29.170.in-addr.arpa udp
US 8.8.8.8:53 163.211.47.217.in-addr.arpa udp
US 8.8.8.8:53 230.55.88.221.in-addr.arpa udp
US 8.8.8.8:53 250.25.61.217.in-addr.arpa udp
US 8.8.8.8:53 7.20.42.210.in-addr.arpa udp
US 8.8.8.8:53 177.254.122.32.in-addr.arpa udp
US 8.8.8.8:53 37.130.254.69.in-addr.arpa udp
US 8.8.8.8:53 233.222.34.52.in-addr.arpa udp
US 8.8.8.8:53 235.165.230.130.in-addr.arpa udp
US 8.8.8.8:53 115.111.15.112.in-addr.arpa udp
US 8.8.8.8:53 55.139.164.246.in-addr.arpa udp
US 8.8.8.8:53 14.134.217.218.in-addr.arpa udp
US 8.8.8.8:53 55.118.198.129.in-addr.arpa udp
US 8.8.8.8:53 123.118.216.127.in-addr.arpa udp
US 8.8.8.8:53 121.41.12.233.in-addr.arpa udp
US 8.8.8.8:53 168.223.103.190.in-addr.arpa udp
US 8.8.8.8:53 11.161.65.117.in-addr.arpa udp

Files

memory/4268-0-0x0000000000400000-0x000000000041E000-memory.dmp

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\french fucking masturbation mature .mpeg.exe

MD5 4fd5ccfb1ba253a60632106442d68e64
SHA1 045c66d1fa05d109255b173f62e28fe45bc7cb46
SHA256 b00868362fab9c5e7ba13d8a348dfaaa8400e5fb3f6b6f732561b8866cba941d
SHA512 848f6c452e6572fc6a976dff75969da97d28eacd42b54b77929d0c6022bc2bcfa4d448468bf5330d573437850933ab375812e88911491ba13535bbc6b1df5622

memory/4552-34-0x0000000000400000-0x000000000041E000-memory.dmp

memory/3612-156-0x0000000000400000-0x000000000041E000-memory.dmp

memory/4268-189-0x0000000000400000-0x000000000041E000-memory.dmp

memory/4552-191-0x0000000000400000-0x000000000041E000-memory.dmp

memory/3612-192-0x0000000000400000-0x000000000041E000-memory.dmp