1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7

Analysis

max time kernel
151s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
10/04/2024, 19:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
Size

555KB
MD5

269f6da393a0a8c20c7470d5ad2fad18
SHA1

e5e73f8ff6e5dd42cd117faef429c1477cf67fc7
SHA256

1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7
SHA512

bf8020f495c41a3fbe51e0fdde3a4ae13b7d13d72ca4ac2bec8dc3f826ddf89dc68d2e3ee76c5c54a09169cd04c85055edde1529c23808ae45910cfe23a08c36
SSDEEP

12288:lXa8sUK3VkdqLuvghCwOM1bBbOV/dVpTRgTEyai1yA+ued1A4LeB7plZx0p:lq87K3CJgowOMVEV/5TRgTByA+uLH7pU

Score

9^/10

persistence spyware stealer

Malware Config

Signatures

Detects executables containing possible sandbox analysis VM usernames 14 IoCs

resource	yara_rule
behavioral2/memory/4024-56-0x0000000000400000-0x000000000041C000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_SandboxUserNames
behavioral2/memory/1440-61-0x0000000000400000-0x000000000041C000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_SandboxUserNames
behavioral2/memory/4656-70-0x0000000000400000-0x000000000041C000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_SandboxUserNames
behavioral2/memory/4024-106-0x0000000000400000-0x000000000041C000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_SandboxUserNames
behavioral2/memory/4360-107-0x0000000000400000-0x000000000041C000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_SandboxUserNames
behavioral2/memory/4024-170-0x0000000000400000-0x000000000041C000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_SandboxUserNames
behavioral2/memory/4024-192-0x0000000000400000-0x000000000041C000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_SandboxUserNames
behavioral2/memory/4024-196-0x0000000000400000-0x000000000041C000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_SandboxUserNames
behavioral2/memory/4024-199-0x0000000000400000-0x000000000041C000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_SandboxUserNames
behavioral2/memory/4024-216-0x0000000000400000-0x000000000041C000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_SandboxUserNames
behavioral2/memory/4024-221-0x0000000000400000-0x000000000041C000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_SandboxUserNames
behavioral2/memory/4024-225-0x0000000000400000-0x000000000041C000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_SandboxUserNames
behavioral2/memory/4024-230-0x0000000000400000-0x000000000041C000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_SandboxUserNames
behavioral2/memory/4024-240-0x0000000000400000-0x000000000041C000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_SandboxUserNames

UPX dump on OEP (original entry point) 16 IoCs

resource	yara_rule
behavioral2/memory/4024-0-0x0000000000400000-0x000000000041C000-memory.dmp	UPX
behavioral2/files/0x0007000000023228-5.dat	UPX
behavioral2/memory/4024-56-0x0000000000400000-0x000000000041C000-memory.dmp	UPX
behavioral2/memory/1440-61-0x0000000000400000-0x000000000041C000-memory.dmp	UPX
behavioral2/memory/4656-70-0x0000000000400000-0x000000000041C000-memory.dmp	UPX
behavioral2/memory/4024-106-0x0000000000400000-0x000000000041C000-memory.dmp	UPX
behavioral2/memory/4360-107-0x0000000000400000-0x000000000041C000-memory.dmp	UPX
behavioral2/memory/4024-170-0x0000000000400000-0x000000000041C000-memory.dmp	UPX
behavioral2/memory/4024-192-0x0000000000400000-0x000000000041C000-memory.dmp	UPX
behavioral2/memory/4024-196-0x0000000000400000-0x000000000041C000-memory.dmp	UPX
behavioral2/memory/4024-199-0x0000000000400000-0x000000000041C000-memory.dmp	UPX
behavioral2/memory/4024-216-0x0000000000400000-0x000000000041C000-memory.dmp	UPX
behavioral2/memory/4024-221-0x0000000000400000-0x000000000041C000-memory.dmp	UPX
behavioral2/memory/4024-225-0x0000000000400000-0x000000000041C000-memory.dmp	UPX
behavioral2/memory/4024-230-0x0000000000400000-0x000000000041C000-memory.dmp	UPX
behavioral2/memory/4024-240-0x0000000000400000-0x000000000041C000-memory.dmp	UPX

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\Control Panel\International\Geo\Nation	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\Control Panel\International\Geo\Nation	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\I:	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
File opened (read-only)	\??\N:	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
File opened (read-only)	\??\Q:	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
File opened (read-only)	\??\R:	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
File opened (read-only)	\??\S:	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
File opened (read-only)	\??\V:	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
File opened (read-only)	\??\E:	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
File opened (read-only)	\??\K:	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
File opened (read-only)	\??\X:	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
File opened (read-only)	\??\Z:	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
File opened (read-only)	\??\B:	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
File opened (read-only)	\??\H:	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
File opened (read-only)	\??\J:	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
File opened (read-only)	\??\M:	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
File opened (read-only)	\??\O:	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
File opened (read-only)	\??\P:	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
File opened (read-only)	\??\U:	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
File opened (read-only)	\??\W:	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
File opened (read-only)	\??\Y:	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
File opened (read-only)	\??\A:	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
File opened (read-only)	\??\G:	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
File opened (read-only)	\??\L:	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
File opened (read-only)	\??\T:	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe

Drops file in System32 directory 12 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\Temp\horse lesbian 50+ .rar.exe	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
File created	C:\Windows\SysWOW64\FxsTmp\animal big ash .mpg.exe	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\indian nude handjob girls circumcision .mpg.exe	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\asian bukkake beastiality sleeping stockings .mpeg.exe	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
File created	C:\Windows\SysWOW64\FxsTmp\malaysia beastiality cum licking redhair .zip.exe	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
File created	C:\Windows\SysWOW64\IME\SHARED\lingerie bukkake uncut glans (Jade).zip.exe	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\russian horse blowjob catfight wifey (Samantha,Sonja).mpeg.exe	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
File created	C:\Windows\SysWOW64\config\systemprofile\spanish hardcore masturbation circumcision .mpeg.exe	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
File created	C:\Windows\SysWOW64\IME\SHARED\black horse horse catfight .mpg.exe	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\blowjob licking circumcision .mpeg.exe	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
File created	C:\Windows\SysWOW64\config\systemprofile\italian horse handjob hot (!) YEâPSè& .mpg.exe	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\cum uncut (Jenna,Ashley).mpg.exe	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe

Drops file in Program Files directory 18 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\fucking handjob voyeur lady (Karin,Anniston).zip.exe	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\porn kicking [free] hole .avi.exe	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\african cumshot cum lesbian .avi.exe	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
File created	C:\Program Files\Common Files\microsoft shared\fucking several models femdom (Liz).rar.exe	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\fucking full movie femdom .avi.exe	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\animal [bangbus] .zip.exe	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\swedish gay animal lesbian stockings .zip.exe	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\horse catfight legs castration (Sarah,Liz).zip.exe	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
File created	C:\Program Files\Microsoft Office\root\Templates\black lesbian cum hidden titts blondie .zip.exe	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\spanish cum [milf] .avi.exe	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\black fetish [free] .zip.exe	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\trambling public (Melissa,Melissa).mpeg.exe	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\italian horse lesbian 40+ .avi.exe	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
File created	C:\Program Files (x86)\Microsoft\Temp\handjob beastiality several models .avi.exe	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\danish fucking horse hot (!) .zip.exe	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\chinese action voyeur cock blondie .rar.exe	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
File created	C:\Program Files (x86)\Google\Temp\cumshot licking .mpeg.exe	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
File created	C:\Program Files (x86)\Google\Update\Download\chinese beastiality full movie ¼ë .mpeg.exe	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\WinSxS\wow64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_3a3c49005c947bac\indian horse hidden feet shoes .mpeg.exe	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
File created	C:\Windows\WinSxS\x86_microsoft-windows-m..-temptable-provider_31bf3856ad364e35_10.0.19041.1_none_77cfea69a421a4a1\bukkake porn [milf] hole (Anniston).mpg.exe	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
File created	C:\Windows\WinSxS\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_10.0.19041.1_none_c049dbdb4e15bdd2\xxx voyeur .rar.exe	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.1266_none_7916f7558927ae23\american gay hot (!) (Melissa,Melissa).zip.exe	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
File created	C:\Windows\WinSxS\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_10.0.19041.1_none_91025638be651781\cum hot (!) feet high heels (Ashley,Curtney).mpg.exe	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_10.0.19041.1_none_965fbcbe4df0916b\american sperm several models .rar.exe	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d38ece58f77171b4\tyrkish cum big hotel .rar.exe	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_it-it_4c5922428a6f2d08\cumshot fucking girls lady .zip.exe	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_en-us_e5f85095c4bc5d16\danish cumshot lesbian upskirt .mpeg.exe	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.84_none_cee95e04c201c860\british horse lesbian .zip.exe	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_215194e2327a46ac\blowjob hot (!) fishy .zip.exe	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_5b152a8d329397ec\cumshot lingerie licking glans granny .zip.exe	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_cb389cf57d74d691\lingerie gay lesbian cock .mpg.exe	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_ab42fb092bda9182\french beastiality big shower (Sylvia).rar.exe	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
File created	C:\Windows\security\templates\horse voyeur wifey (Jenna).zip.exe	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_7860bee9439c3ae7\german trambling action big .mpeg.exe	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_10.0.19041.1_none_8c0b126c198fcf70\american xxx lesbian latex .mpg.exe	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_887b2378b7b5651d\black bukkake big vagina shoes (Karin).avi.exe	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\sperm catfight legs castration (Anniston).zip.exe	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.906_none_ef0e010d1381269b\indian gay [free] .mpeg.exe	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
File created	C:\Windows\WinSxS\amd64_netfx4-_dataperfcou.._shared12_neutral_h_b03f5f7f11d50a3a_4.0.15805.0_none_24ed4511dcc3019e\tyrkish animal cum uncut boobs ash (Britney,Ashley).avi.exe	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_14c898cc82025c76\french sperm sperm public .mpeg.exe	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-w..acejoin-gptemplates_31bf3856ad364e35_10.0.19041.1_none_609f27436445f4da\malaysia handjob uncut gorgeoushorny .rar.exe	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.1_none_fa09f84703cb02c5\bukkake public (Ashley,Samantha).mpeg.exe	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..se-shared-datafiles_31bf3856ad364e35_10.0.19041.1_none_2f5f00d280dce9f6\fetish blowjob [bangbus] vagina traffic .rar.exe	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1151_none_fbdc4c5f677dc2ec\danish hardcore lesbian several models .rar.exe	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_89c0bf1761110f07\kicking [bangbus] glans .mpg.exe	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\cumshot voyeur .mpeg.exe	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_it-it_1a80ce63d483fe70\danish beast action lesbian vagina blondie (Melissa,Tatjana).zip.exe	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_a4f93129c473df49\spanish horse xxx licking circumcision .mpg.exe	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1288_none_6115038ba57fcb33\xxx kicking lesbian nipples .rar.exe	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_57eddd48e7a74274\norwegian cum action [milf] .avi.exe	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.1_none_c6da8048542fddc7\asian handjob sleeping wifey (Ashley,Liz).mpg.exe	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_10.0.19041.1_none_bd731e5b85dd203e\chinese porn uncut high heels .avi.exe	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1_none_a23e6a858fad9595\brasilian nude masturbation .mpeg.exe	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
File created	C:\Windows\InputMethod\SHARED\tyrkish porn porn hot (!) sm .mpeg.exe	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\porn horse uncut high heels .avi.exe	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\templates\kicking xxx [free] .zip.exe	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_en-us_310bfb76047869ad\italian kicking trambling hot (!) legs YEâPSè& .mpg.exe	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
File created	C:\Windows\SoftwareDistribution\Download\black beast [free] gorgeoushorny .avi.exe	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
File created	C:\Windows\WinSxS\amd64_netfx-aspnet-sharedcomponents_b03f5f7f11d50a3a_4.0.19041.1_none_47ca94859da20b28\action porn [milf] .zip.exe	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_ee7ea14f7d8a3ee3\lesbian porn masturbation ash ash .mpeg.exe	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.546_none_cd016aa683e5a345\lingerie sperm [milf] .mpeg.exe	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_ca03036af4a5017e\kicking hot (!) wifey (Janette).mpeg.exe	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
File created	C:\Windows\WinSxS\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_10.0.19041.1_none_0341fea186758116\asian action hardcore catfight titts .avi.exe	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.1_none_7862ecae0548fb54\sperm full movie .mpeg.exe	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\canadian beastiality [bangbus] YEâPSè& .mpeg.exe	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_621728fcd3c9d5f6\xxx lingerie licking hole sm .mpeg.exe	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_5d54c0aac5c3c12c\horse uncut .zip.exe	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-security-ntlmshared_31bf3856ad364e35_10.0.19041.1_none_734900fc110387b6\chinese horse lingerie catfight (Sonja,Liz).zip.exe	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_it-it_72a319bf8ee74a9b\nude catfight (Jade,Sylvia).zip.exe	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_2426cc56d654beaa\russian fucking fetish hidden (Ashley).avi.exe	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_855aff45853749ef\horse catfight .mpeg.exe	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
File created	C:\Windows\SoftwareDistribution\Download\SharedFileCache\indian blowjob cum [milf] titts (Samantha,Sonja).rar.exe	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.867_none_c29826784f9429f8\danish fetish licking boobs 50+ .zip.exe	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-m..ineshared.resources_31bf3856ad364e35_10.0.19041.1_en-us_a4327320c19e2fa7\tyrkish cum licking .rar.exe	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.1_none_d12f2a9a88909fc2\fetish hardcore hidden leather .avi.exe	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
File created	C:\Windows\CbsTemp\german bukkake uncut .rar.exe	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_5abbd3c4a3f2014c\danish porn cumshot girls nipples .mpeg.exe	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_es-es_64c107d8bb3ade94\british action hardcore [milf] cock latex .rar.exe	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.84_none_c494b3b28da10665\japanese cumshot sperm [milf] (Britney).avi.exe	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.1_none_a7ad1894592cfa12\chinese hardcore bukkake voyeur boobs circumcision .mpeg.exe	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.746_none_b53f8b98f2b3a373\lingerie sleeping upskirt (Samantha,Christine).mpg.exe	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-t..ervices-tsfairshare_31bf3856ad364e35_10.0.19041.746_none_0b33a1c93a22de1c\gay gay [bangbus] titts shoes .zip.exe	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4024	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
4024	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
4360	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
4360	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
4024	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
4024	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
1440	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
1440	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
4656	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
4656	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
4360	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
4024	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
4024	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
4360	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
1440	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
1440	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
4656	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
4656	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
4024	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
4360	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
4024	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
4360	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
1440	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
1440	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
4656	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
4656	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
4024	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
4024	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
4360	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
4360	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
1440	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
1440	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
4656	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
4656	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
4360	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
4024	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
4360	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
4024	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
1440	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
1440	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
4656	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
4656	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
4024	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
4024	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
4360	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
4360	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
1440	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
1440	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
4656	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
4656	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
4360	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
4024	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
4360	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
4024	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
1440	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
1440	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
4656	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
4656	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
4360	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
4024	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
4360	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
4024	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
1440	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
1440	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 4024 wrote to memory of 4360	4024	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe	85
PID 4024 wrote to memory of 4360	4024	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe	85
PID 4024 wrote to memory of 4360	4024	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe	85
PID 4024 wrote to memory of 1440	4024	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe	86
PID 4024 wrote to memory of 1440	4024	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe	86
PID 4024 wrote to memory of 1440	4024	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe	86
PID 4360 wrote to memory of 4656	4360	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe	87
PID 4360 wrote to memory of 4656	4360	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe	87
PID 4360 wrote to memory of 4656	4360	1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe	87

C:\Users\Admin\AppData\Local\Temp\1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
"C:\Users\Admin\AppData\Local\Temp\1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4024
- C:\Users\Admin\AppData\Local\Temp\1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
  "C:\Users\Admin\AppData\Local\Temp\1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:4360
- - C:\Users\Admin\AppData\Local\Temp\1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
    "C:\Users\Admin\AppData\Local\Temp\1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4656
- C:\Users\Admin\AppData\Local\Temp\1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe
  "C:\Users\Admin\AppData\Local\Temp\1e9301515c7e2555c71060ca5281ee2cb2c7197f59924a586f27281fea2490f7.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1440

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\spanish cum [milf] .avi.exe

Filesize
90KB

MD5
ac0097634101dd0cec2da9a3cb6e0adc

SHA1
3109ebe0a09d1b95dc33a0a8694ed821ec782747

SHA256
729c80b0939c911e30b36e262a617b57fa6ff637ddb37449ca7bbaff26f41cb4

SHA512
ea2e0904a5632b264538de48d9ae45afa3e70e7854bc6efa28511e15a26cc8a20ff1f7840972f2063a802a4ff64e4ae97db8bd47c84fe4bc41a880443f62d291

Download Submit
memory/1440-61-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4024-221-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4024-0-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4024-240-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4024-106-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4024-230-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4024-170-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4024-192-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4024-196-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4024-199-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4024-216-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4024-56-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4024-225-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4360-107-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4656-70-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download