quasar | 8c8a3846e1f9c9aef9566158cbe5c69f26ea1d1167f387bea8ab9a6f8de2b31e

Analysis

max time kernel
139s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
09-06-2024 20:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

HoneyPot.exe
Size

3.2MB
MD5

1b1eb2ec84ec46145969c46749dc4063
SHA1

e1a988e15bd7184c9539b6f024ce80ce6b79d95e
SHA256

8c8a3846e1f9c9aef9566158cbe5c69f26ea1d1167f387bea8ab9a6f8de2b31e
SHA512

ccd4ae2047a50772120f59f75dfc9e0ae44af351e3c2871d32c93e32cee0348dc1380d9d2aecae5498608a017f5e8f7ae331ad68cced350dd27eb395525c1142
SSDEEP

49152:dvZ6r25iapTY4PslEsvRnLVd4NovjMpETck/KQoGdITHHB72eh2NT:dvMr25iapTY4PslEsvlLVd4NkjB

Score

10^/10

quasar it was the first day back to school cuttin up in class actin like a tool friends are rollin in we st spyware trojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

It was the first day Back to school Cuttin up in class Actin like a tool Friends are rollin in We started talkin bout the summer DJ saw Twilight Bummer I spoke up And I asked my friends "Are there any new girls? nines or tens?" Hopin a few hotties Had moved from other cities And in walked this girl With Tig 'Ol Bitties Whoo I can't believe my eyes In a contest they'd win first prize Double D, guarantee I was checkin the size It's like two beach balls in a shirt disguise Or earth and mars Havin some fun Wait I take that back It's like two of the sun But at this point i let my mind run And drifted off thinkin bout them Tig 'Ol Bitties Hah, Tig 'Ol Bitties Mount Fuji brought it's twin Tig 'Ol Bitties Two melons in a shirt Tig 'Ol Bitties Tig 'Ol Bitties I put books in my lap Tig 'Ol Bitties Heads bobbin as she walks Tig 'Ol Bitties Oh my god! Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Kept trippin in class cuz of her dang breasts in a tiny white shirt Boobs havin a fiesta Later in lab We were messin with test tubes Couldn't keep my eyes off the new girls chest Boobs! Wasn't payin attention Got busted Had to serve detention In biology We talked about the bees The best kinda bees Boob-bees Whoo I can't believe my mind I hold a pokerface to her two of a kind With each step Her breasts gettin redefined I'm makin my move I'm thinkin it's time Oh snap I'mma ask her to prom And in my head She responds "you're the bomb" Feelin nervous So I count to three "I like your boobs, go to prom with me?" Hah, Tig 'Ol Bitties King kong boobs Tig 'Ol Bitties Great tracks of land Tig 'Ol Bitties Tig 'Ol Bitties Like my balls Tig 'Ol Bitties Real big Tig 'Ol Bitties Oh my god! Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties She said yes So I'm gettin ready Stain on my shirt Mom's spaghetti I pick her up And I'm pretty sure That she'll let me motor-boat like rrrrrr I try to cop a feel once we get to school She said "No touching, that's the rule" Principal walks up on the scene "It's time to announce prom king and queen Your Favorite Martian and Tig 'Ol Bitties Congratulations to you both on winning" Time slowed down and she jumped for joy When out of her dress jumped something more Tissues flew and rained from the sky Oh my god you stuff your shirt!? Your Favorite Martian in a world of hurt Awwww fake 'Ol Bitties Wow! Fake 'Ol Bitties You breakin my heart with Fake 'Ol Bitties You're crushin my dreams with Fake 'Ol Bitties Fake 'Ol Bitties I can't believable it Fake 'Ol Bitties You really suck Fake 'Ol Bitties I can't believe you would do that Fake 'Ol Bitties Fake 'Ol Bitties Why would you do that when you're just trying to get everyone's attention Stuffed boobs! They're lies! Lies I tell you! But you know I'm still down to make out if you If you want to, want to come back with me You know what, never mindIt was the first day Back to school Cuttin up in class Actin like a tool Friends are rollin in We started talkin bout the summer DJ saw Twilight Bummer I spoke up And I asked my friends "Are there any new girls? nines or tens?" Hopin a few hotties Had moved from other cities And in walked this girl With Tig 'Ol Bitties Whoo I can't believe my eyes In a contest they'd win first prize Double D, guarantee I was checkin the size It's like two beach balls in a shirt disguise Or earth and mars Havin some fun Wait I take that back It's like two of the sun But at this point i let my mind run And drifted off thinkin bout them Tig 'Ol Bitties Hah, Tig 'Ol Bitties Mount Fuji brought it's twin Tig 'Ol Bitties Two melons in a shirt Tig 'Ol Bitties Tig 'Ol Bitties I put books in my lap Tig 'Ol Bitties Heads bobbin as she walks Tig 'Ol Bitties Oh my god! Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Kept trippin in class cuz of her dang breasts in a tiny white shirt Boobs havin a fiesta Later in lab We were messin with test tubes Couldn't keep my eyes off the new girls chest Boobs! Wasn't payin attention Got busted Had to serve detention In biology We talked about the bees The best kinda bees Boob-bees Whoo I can't believe my mind I hold a pokerface to her two of a kind With each step Her breasts gettin redefined I'm makin my move I'm thinkin it's time Oh snap I'mma ask her to prom And in my head She responds "you're the bomb" Feelin nervous So I count to three "I like your boobs, go to prom with me?" Hah, Tig 'Ol Bitties King kong boobs Tig 'Ol Bitties Great tracks of land Tig 'Ol Bitties Tig 'Ol Bitties Like my balls Tig 'Ol Bitties Real big Tig 'Ol Bitties Oh my god! Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties She said yes So I'm gettin ready Stain on my shirt Mom's spaghetti I pick her up And I'm pretty sure That she'll let me motor-boat like rrrrrr I try to cop a feel once we get to school She said "No touching, that's the rule" Principal walks up on the scene "It's time to announce prom king and queen Your Favorite Martian and Tig 'Ol Bitties Congratulations to you both on winning" Time slowed down and she jumped for joy When out of her dress jumped something more Tissues flew and rained from the sky Oh my god you stuff your shirt!? Your Favorite Martian in a world of hurt Awwww fake 'Ol Bitties Wow! Fake 'Ol Bitties You breakin my heart with Fake 'Ol Bitties You're crushin my dreams with Fake 'Ol Bitties Fake 'Ol Bitties I can't believable it Fake 'Ol Bitties You really suck Fake 'Ol Bitties I can't believe you would do that Fake 'Ol Bitties Fake 'Ol Bitties Why would you do that when you're just trying to get everyone's attention Stuffed boobs! They're lies! Lies I tell you! But you know I'm still down to make out if you If you want to, want to come back with me You know what, never mindIt was the first day Back to school Cuttin up in class Actin like a tool Friends are rollin in We started talkin bout the summer DJ saw Twilight Bummer I spoke up And I asked my friends "Are there any new girls? nines or tens?" Hopin a few hotties Had moved from other cities And in walked this girl With Tig 'Ol Bitties Whoo I can't believe my eyes In a contest they'd win first prize Double D, guarantee I was checkin the size It's like two beach balls in a shirt disguise Or earth and mars Havin some fun Wait I take that back It's like two of the sun But at this point i let my mind run And drifted off thinkin bout them Tig 'Ol Bitties Hah, Tig 'Ol Bitties Mount Fuji brought it's twin Tig 'Ol Bitties Two melons in a shirt Tig 'Ol Bitties Tig 'Ol Bitties I put books in my lap Tig 'Ol Bitties Heads bobbin as she walks Tig 'Ol Bitties Oh my god! Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Kept trippin in class cuz of her dang breasts in a tiny white shirt Boobs havin a fiesta Later in lab We were messin with test tubes Couldn't keep my eyes off the new girls chest Boobs! Wasn't payin attention Got busted Had to serve detention In biology We talked about the bees The best kinda bees Boob-bees Whoo I can't believe my mind I hold a pokerface to her two of a kind With each step Her breasts gettin redefined I'm makin my move I'm thinkin it's time Oh snap I'mma ask her to prom And in my head She responds "you're the bomb" Feelin nervous So I count to three "I like your boobs, go to prom with me?" Hah, Tig 'Ol Bitties King kong boobs Tig 'Ol Bitties Great tracks of land Tig 'Ol Bitties Tig 'Ol Bitties Like my balls Tig 'Ol Bitties Real big Tig 'Ol Bitties Oh my god! Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties She said yes So I'm gettin ready Stain on my shirt Mom's spaghetti I pick her up And I'm pretty sure That she'll let me motor-boat like rrrrrr I try to cop a feel once we get to school She said "No touching, that's the rule" Principal walks up on the scene "It's time to announce prom king and queen Your Favorite Martian and Tig 'Ol Bitties Congratulations to you both on winning" Time slowed down and she jumped for joy When out of her dress jumped something more Tissues flew and rained from the sky Oh my god you stuff your shirt!? Your Favorite Martian in a world of hurt Awwww fake 'Ol Bitties Wow! Fake 'Ol Bitties You breakin my heart with Fake 'Ol Bitties You're crushin my dreams with Fake 'Ol Bitties Fake 'Ol Bitties I can't believable it Fake 'Ol Bitties You really suck Fake 'Ol Bitties I can't believe you would do that Fake 'Ol Bitties Fake 'Ol Bitties Why would you do that when you're just trying to get everyone's attention Stuffed boobs! They're lies! Lies I tell you! But you know I'm still down to make out if you If you want to, want to come back with me You know what, never mindIt was the first day Back to school Cuttin up in class Actin like a tool Friends are rollin in We started talkin bout the summer DJ saw Twilight Bummer I spoke up And I asked my friends "Are there any new girls? nines or tens?" Hopin a few hotties Had moved from other cities And in walked this girl With Tig 'Ol Bitties Whoo I can't believe my eyes In a contest they'd win first prize Double D, guarantee I was checkin the size It's like two beach balls in a shirt disguise Or earth and mars Havin some fun Wait I take that back It's like two of the sun But at this point i let my mind run And drifted off thinkin bout them Tig 'Ol Bitties Hah, Tig 'Ol Bitties Mount Fuji brought it's twin Tig 'Ol Bitties Two melons in a shirt Tig 'Ol Bitties Tig 'Ol Bitties I put books in my lap Tig 'Ol Bitties Heads bobbin as she walks Tig 'Ol Bitties Oh my god! Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Kept trippin in class cuz of her dang breasts in a tiny white shirt Boobs havin a fiesta Later in lab We were messin with test tubes Couldn't keep my eyes off the new girls chest Boobs! Wasn't payin attention Got busted Had to serve detention In biology We talked about the bees The best kinda bees Boob-bees Whoo I can't believe my mind I hold a pokerface to her two of a kind With each step Her breasts gettin redefined I'm makin my move I'm thinkin it's time Oh snap I'mma ask her to prom And in my head She responds "you're the bomb" Feelin nervous So I count to three "I like your boobs, go to prom with me?" Hah, Tig 'Ol Bitties King kong boobs Tig 'Ol Bitties Great tracks of land Tig 'Ol Bitties Tig 'Ol Bitties Like my balls Tig 'Ol Bitties Real big Tig 'Ol Bitties Oh my god! Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties She said yes So I'm gettin ready Stain on my shirt Mom's spaghetti I pick her up And I'm pretty sure That she'll let me motor-boat like rrrrrr I try to cop a feel once we get to school She said "No touching, that's the rule" Principal walks up on the scene "It's time to announce prom king and queen Your Favorite Martian and Tig 'Ol Bitties Congratulations to you both on winning" Time slowed down and she jumped for joy When out of her dress jumped something more Tissues flew and rained from the sky Oh my god you stuff your shirt!? Your Favorite Martian in a world of hurt Awwww fake 'Ol Bitties Wow! Fake 'Ol Bitties You breakin my heart with Fake 'Ol Bitties You're crushin my dreams with Fake 'Ol Bitties Fake 'Ol Bitties I can't believable it Fake 'Ol Bitties You really suck Fake 'Ol Bitties I can't believe you would do that Fake 'Ol Bitties Fake 'Ol Bitties Why would you do that when you're just trying to get everyone's attention Stuffed boobs! They're lies! Lies I tell you! But you know I'm still down to make out if you If you want to, want to come back with me You know what, never mindIt was the first day Back to school Cuttin up in class Actin like a tool Friends are rollin in We started talkin bout the summer DJ saw Twilight Bummer I spoke up And I asked my friends "Are there any new girls? nines or tens?" Hopin a few hotties Had moved from other cities And in walked this girl With Tig 'Ol Bitties Whoo I can't believe my eyes In a contest they'd win first prize Double D, guarantee I was checkin the size It's like two beach balls in a shirt disguise Or earth and mars Havin some fun Wait I take that back It's like two of the sun But at this point i let my mind run And drifted off thinkin bout them Tig 'Ol Bitties Hah, Tig 'Ol Bitties Mount Fuji brought it's twin Tig 'Ol Bitties Two melons in a shirt Tig 'Ol Bitties Tig 'Ol Bitties I put books in my lap Tig 'Ol Bitties Heads bobbin as she walks Tig 'Ol Bitties Oh my god! Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Kept trippin in class cuz of her dang breasts in a tiny white shirt Boobs havin a fiesta Later in lab We were messin with test tubes Couldn't keep my eyes off the new girls chest Boobs! Wasn't payin attention Got busted Had to serve detention In biology We talked about the bees The best kinda bees Boob-bees Whoo I can't believe my mind I hold a pokerface to her two of a kind With each step Her breasts gettin redefined I'm makin my move I'm thinkin it's time Oh snap I'mma ask her to prom And in my head She responds "you're the bomb" Feelin nervous So I count to three "I like your boobs, go to prom with me?" Hah, Tig 'Ol Bitties King kong boobs Tig 'Ol Bitties Great tracks of land Tig 'Ol Bitties Tig 'Ol Bitties Like my balls Tig 'Ol Bitties Real big Tig 'Ol Bitties Oh my god! Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties She said yes So I'm gettin ready Stain on my shirt Mom's spaghetti I pick her up And I'm pretty sure That she'll let me motor-boat like rrrrrr I try to cop a feel once we get to school She said "No touching, that's the rule" Principal walks up on the scene "It's time to announce prom king and queen Your Favorite Martian and Tig 'Ol Bitties Congratulations to you both on winning" Time slowed down and she jumped for joy When out of her dress jumped something more Tissues flew and rained from the sky Oh my god you stuff your shirt!? Your Favorite Martian in a world of hurt Awwww fake 'Ol Bitties Wow! Fake 'Ol Bitties You breakin my heart with Fake 'Ol Bitties You're crushin my dreams with Fake 'Ol Bitties Fake 'Ol Bitties I can't believable it Fake 'Ol Bitties You really suck Fake 'Ol Bitties I can't believe you would do that Fake 'Ol Bitties Fake 'Ol Bitties Why would you do that when you're just trying to get everyone's attention Stuffed boobs! They're lies! Lies I tell you! But you know I'm still down to make out if you If you want to, want to come back with me You know what, never mindIt was the first day Back to school Cuttin up in class Actin like a tool Friends are rollin in We started talkin bout the summer DJ saw Twilight Bummer I spoke up And I asked my friends "Are there any new girls? nines or tens?" Hopin a few hotties Had moved from other cities And in walked this girl With Tig 'Ol Bitties Whoo I can't believe my eyes In a contest they'd win first prize Double D, guarantee I was checkin the size It's like two beach balls in a shirt disguise Or earth and mars Havin some fun Wait I take that back It's like two of the sun But at this point i let my mind run And drifted off thinkin bout them Tig 'Ol Bitties Hah, Tig 'Ol Bitties Mount Fuji brought it's twin Tig 'Ol Bitties Two melons in a shirt Tig 'Ol Bitties Tig 'Ol Bitties I put books in my lap Tig 'Ol Bitties Heads bobbin as she walks Tig 'Ol Bitties Oh my god! Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Kept trippin in class cuz of her dang breasts in a tiny white shirt Boobs havin a fiesta Later in lab We were messin with test tubes Couldn't keep my eyes off the new girls chest Boobs! Wasn't payin attention Got busted Had to serve detention In biology We talked about the bees The best kinda bees Boob-bees Whoo I can't believe my mind I hold a pokerface to her two of a kind With each step Her breasts gettin redefined I'm makin my move I'm thinkin it's time Oh snap I'mma ask her to prom And in my head She responds "you're the bomb" Feelin nervous So I count to three "I like your boobs, go to prom with me?" Hah, Tig 'Ol Bitties King kong boobs Tig 'Ol Bitties Great tracks of land Tig 'Ol Bitties Tig 'Ol Bitties Like my balls Tig 'Ol Bitties Real big Tig 'Ol Bitties Oh my god! Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties She said yes So I'm gettin ready Stain on my shirt Mom's spaghetti I pick her up And I'm pretty sure That she'll let me motor-boat like rrrrrr I try to cop a feel once we get to school She said "No touching, that's the rule" Principal walks up on the scene "It's time to announce prom king and queen Your Favorite Martian and Tig 'Ol Bitties Congratulations to you both on winning" Time slowed down and she jumped for joy When out of her dress jumped something more Tissues flew and rained from the sky Oh my god you stuff your shirt!? Your Favorite Martian in a world of hurt Awwww fake 'Ol Bitties Wow! Fake 'Ol Bitties You breakin my heart with Fake 'Ol Bitties You're crushin my dreams with Fake 'Ol Bitties Fake 'Ol Bitties I can't believable it Fake 'Ol Bitties You really suck Fake 'Ol Bitties I can't believe you would do that Fake 'Ol Bitties Fake 'Ol Bitties Why would you do that when you're just trying to get everyone's attention Stuffed boobs! They're lies! Lies I tell you! But you know I'm still down to make out if you If you want to, want to come back with me You know what, never mindIt was the first day Back to school Cuttin up in class Actin like a tool Friends are rollin in We started talkin bout the summer DJ saw Twilight Bummer I spoke up And I asked my friends "Are there any new girls? nines or tens?" Hopin a few hotties Had moved from other cities And in walked this girl With Tig 'Ol Bitties Whoo I can't believe my eyes In a contest they'd win first prize Double D, guarantee I was checkin the size It's like two beach balls in a shirt disguise Or earth and mars Havin some fun Wait I take that back It's like two of the sun But at this point i let my mind run And drifted off thinkin bout them Tig 'Ol Bitties Hah, Tig 'Ol Bitties Mount Fuji brought it's twin Tig 'Ol Bitties Two melons in a shirt Tig 'Ol Bitties Tig 'Ol Bitties I put books in my lap Tig 'Ol Bitties Heads bobbin as she walks Tig 'Ol Bitties Oh my god! Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Kept trippin in class cuz of her dang breasts in a tiny white shirt Boobs havin a fiesta Later in lab We were messin with test tubes Couldn't keep my eyes off the new girls chest Boobs! Wasn't payin attention Got busted Had to serve detention In biology We talked about the bees The best kinda bees Boob-bees Whoo I can't believe my mind I hold a pokerface to her two of a kind With each step Her breasts gettin redefined I'm makin my move I'm thinkin it's time Oh snap I'mma ask her to prom And in my head She responds "you're the bomb" Feelin nervous So I count to three "I like your boobs, go to prom with me?" Hah, Tig 'Ol Bitties King kong boobs Tig 'Ol Bitties Great tracks of land Tig 'Ol Bitties Tig 'Ol Bitties Like my balls Tig 'Ol Bitties Real big Tig 'Ol Bitties Oh my god! Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties She said yes So I'm gettin ready Stain on my shirt Mom's spaghetti I pick her up And I'm pretty sure That she'll let me motor-boat like rrrrrr I try to cop a feel once we get to school She said "No touching, that's the rule" Principal walks up on the scene "It's time to announce prom king and queen Your Favorite Martian and Tig 'Ol Bitties Congratulations to you both on winning" Time slowed down and she jumped for joy When out of her dress jumped something more Tissues flew and rained from the sky Oh my god you stuff your shirt!? Your Favorite Martian in a world of hurt Awwww fake 'Ol Bitties Wow! Fake 'Ol Bitties You breakin my heart with Fake 'Ol Bitties You're crushin my dreams with Fake 'Ol Bitties Fake 'Ol Bitties I can't believable it Fake 'Ol Bitties You really suck Fake 'Ol Bitties I can't believe you would do that Fake 'Ol Bitties Fake 'Ol Bitties Why would you do that when you're just trying to get everyone's attention Stuffed boobs! They're lies! Lies I tell you! But you know I'm still down to make out if you If you want to, want to come back with me You know what, never mindIt was the first day Back to school Cuttin up in class Actin like a tool Friends are rollin in We started talkin bout the summer DJ saw Twilight Bummer I spoke up And I asked my friends "Are there any new girls? nines or tens?" Hopin a few hotties Had moved from other cities And in walked this girl With Tig 'Ol Bitties Whoo I can't believe my eyes In a contest they'd win first prize Double D, guarantee I was checkin the size It's like two beach balls in a shirt disguise Or earth and mars Havin some fun Wait I take that back It's like two of the sun But at this point i let my mind run And drifted off thinkin bout them Tig 'Ol Bitties Hah, Tig 'Ol Bitties Mount Fuji brought it's twin Tig 'Ol Bitties Two melons in a shirt Tig 'Ol Bitties Tig 'Ol Bitties I put books in my lap Tig 'Ol Bitties Heads bobbin as she walks Tig 'Ol Bitties Oh my god! Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Kept trippin in class cuz of her dang breasts in a tiny white shirt Boobs havin a fiesta Later in lab We were messin with test tubes Couldn't keep my eyes off the new girls chest Boobs! Wasn't payin attention Got busted Had to serve detention In biology We talked about the bees The best kinda bees Boob-bees Whoo I can't believe my mind I hold a pokerface to her two of a kind With each step Her breasts gettin redefined I'm makin my move I'm thinkin it's time Oh snap I'mma ask her to prom And in my head She responds "you're the bomb" Feelin nervous So I count to three "I like your boobs, go to prom with me?" Hah, Tig 'Ol Bitties King kong boobs Tig 'Ol Bitties Great tracks of land Tig 'Ol Bitties Tig 'Ol Bitties Like my balls Tig 'Ol Bitties Real big Tig 'Ol Bitties Oh my god! Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties She said yes So I'm gettin ready Stain on my shirt Mom's spaghetti I pick her up And I'm pretty sure That she'll let me motor-boat like rrrrrr I try to cop a feel once we get to school She said "No touching, that's the rule" Principal walks up on the scene "It's time to announce prom king and queen Your Favorite Martian and Tig 'Ol Bitties Congratulations to you both on winning" Time slowed down and she jumped for joy When out of her dress jumped something more Tissues flew and rained from the sky Oh my god you stuff your shirt!? Your Favorite Martian in a world of hurt Awwww fake 'Ol Bitties Wow! Fake 'Ol Bitties You breakin my heart with Fake 'Ol Bitties You're crushin my dreams with Fake 'Ol Bitties Fake 'Ol Bitties I can't believable it Fake 'Ol Bitties You really suck Fake 'Ol Bitties I can't believe you would do that Fake 'Ol Bitties Fake 'Ol Bitties Why would you do that when you're just trying to get everyone's attention Stuffed boobs! They're lies! Lies I tell you! But you know I'm still down to make out if you If you want to, want to come back with me You know what, never mindIt was the first day Back to school Cuttin up in class Actin like a tool Friends are rollin in We started talkin bout the summer DJ saw Twilight Bummer I spoke up And I asked my friends "Are there any new girls? nines or tens?" Hopin a few hotties Had moved from other cities And in walked this girl With Tig 'Ol Bitties Whoo I can't believe my eyes In a contest they'd win first prize Double D, guarantee I was checkin the size It's like two beach balls in a shirt disguise Or earth and mars Havin some fun Wait I take that back It's like two of the sun But at this point i let my mind run And drifted off thinkin bout them Tig 'Ol Bitties Hah, Tig 'Ol Bitties Mount Fuji brought it's twin Tig 'Ol Bitties Two melons in a shirt Tig 'Ol Bitties Tig 'Ol Bitties I put books in my lap Tig 'Ol Bitties Heads bobbin as she walks Tig 'Ol Bitties Oh my god! Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Kept trippin in class cuz of her dang breasts in a tiny white shirt Boobs havin a fiesta Later in lab We were messin with test tubes Couldn't keep my eyes off the new girls chest Boobs! Wasn't payin attention Got busted Had to serve detention In biology We talked about the bees The best kinda bees Boob-bees Whoo I can't believe my mind I hold a pokerface to her two of a kind With each step Her breasts gettin redefined I'm makin my move I'm thinkin it's time Oh snap I'mma ask her to prom And in my head She responds "you're the bomb" Feelin nervous So I count to three "I like your boobs, go to prom with me?" Hah, Tig 'Ol Bitties King kong boobs Tig 'Ol Bitties Great tracks of land Tig 'Ol Bitties Tig 'Ol Bitties Like my balls Tig 'Ol Bitties Real big Tig 'Ol Bitties Oh my god! Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties She said yes So I'm gettin ready Stain on my shirt Mom's spaghetti I pick her up And I'm pretty sure That she'll let me motor-boat like rrrrrr I try to cop a feel once we get to school She said "No touching, that's the rule" Principal walks up on the scene "It's time to announce prom king and queen Your Favorite Martian and Tig 'Ol Bitties Congratulations to you both on winning" Time slowed down and she jumped for joy When out of her dress jumped something more Tissues flew and rained from the sky Oh my god you stuff your shirt!? Your Favorite Martian in a world of hurt Awwww fake 'Ol Bitties Wow! Fake 'Ol Bitties You breakin my heart with Fake 'Ol Bitties You're crushin my dreams with Fake 'Ol Bitties Fake 'Ol Bitties I can't believable it Fake 'Ol Bitties You really suck Fake 'Ol Bitties I can't believe you would do that Fake 'Ol Bitties Fake 'Ol Bitties Why would you do that when you're just trying to get everyone's attention Stuffed boobs! They're lies! Lies I tell you! But you know I'm still down to make out if you If you want to, want to come back with me You know what, never mindIt was the first day Back to school Cuttin up in class Actin like a tool Friends are rollin in We started talkin bout the summer DJ saw Twilight Bummer I spoke up And I asked my friends "Are there any new girls? nines or tens?" Hopin a few hotties Had moved from other cities And in walked this girl With Tig 'Ol Bitties Whoo I can't believe my eyes In a contest they'd win first prize Double D, guarantee I was checkin the size It's like two beach balls in a shirt disguise Or earth and mars Havin some fun Wait I take that back It's like two of the sun But at this point i let my mind run And drifted off thinkin bout them Tig 'Ol Bitties Hah, Tig 'Ol Bitties Mount Fuji brought it's twin Tig 'Ol Bitties Two melons in a shirt Tig 'Ol Bitties Tig 'Ol Bitties I put books in my lap Tig 'Ol Bitties Heads bobbin as she walks Tig 'Ol Bitties Oh my god! Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Kept trippin in class cuz of her dang breasts in a tiny white shirt Boobs havin a fiesta Later in lab We were messin with test tubes Couldn't keep my eyes off the new girls chest Boobs! Wasn't payin attention Got busted Had to serve detention In biology We talked about the bees The best kinda bees Boob-bees Whoo I can't believe my mind I hold a pokerface to her two of a kind With each step Her breasts gettin redefined I'm makin my move I'm thinkin it's time Oh snap I'mma ask her to prom And in my head She responds "you're the bomb" Feelin nervous So I count to three "I like your boobs, go to prom with me?" Hah, Tig 'Ol Bitties King kong boobs Tig 'Ol Bitties Great tracks of land Tig 'Ol Bitties Tig 'Ol Bitties Like my balls Tig 'Ol Bitties Real big Tig 'Ol Bitties Oh my god! Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties She said yes So I'm gettin ready Stain on my shirt Mom's spaghetti I pick her up And I'm pretty sure That she'll let me motor-boat like rrrrrr I try to cop a feel once we get to school She said "No touching, that's the rule" Principal walks up on the scene "It's time to announce prom king and queen Your Favorite Martian and Tig 'Ol Bitties Congratulations to you both on winning" Time slowed down and she jumped for joy When out of her dress jumped something more Tissues flew and rained from the sky Oh my god you stuff your shirt!? Your Favorite Martian in a world of hurt Awwww fake 'Ol Bitties Wow! Fake 'Ol Bitties You breakin my heart with Fake 'Ol Bitties You're crushin my dreams with Fake 'Ol Bitties Fake 'Ol Bitties I can't believable it Fake 'Ol Bitties You really suck Fake 'Ol Bitties I can't believe you would do that Fake 'Ol Bitties Fake 'Ol Bitties Why would you do that when you're just trying to get everyone's attention Stuffed boobs! They're lies! Lies I tell you! But you know I'm still down to make out if you If you want to, want to come back with me You know what, never mindIt was the first day Back to school Cuttin up in class Actin like a tool Friends are rollin in We started talkin bout the summer DJ saw Twilight Bummer I spoke up And I asked my friends "Are there any new girls? nines or tens?" Hopin a few hotties Had moved from other cities And in walked this girl With Tig 'Ol Bitties Whoo I can't believe my eyes In a contest they'd win first prize Double D, guarantee I was checkin the size It's like two beach balls in a shirt disguise Or earth and mars Havin some fun Wait I take that back It's like two of the sun But at this point i let my mind run And drifted off thinkin bout them Tig 'Ol Bitties Hah, Tig 'Ol Bitties Mount Fuji brought it's twin Tig 'Ol Bitties Two melons in a shirt Tig 'Ol Bitties Tig 'Ol Bitties I put books in my lap Tig 'Ol Bitties Heads bobbin as she walks Tig 'Ol Bitties Oh my god! Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Kept trippin in class cuz of her dang breasts in a tiny white shirt Boobs havin a fiesta Later in lab We were messin with test tubes Couldn't keep my eyes off the new girls chest Boobs! Wasn't payin attention Got busted Had to serve detention In biology We talked about the bees The best kinda bees Boob-bees Whoo I can't believe my mind I hold a pokerface to her two of a kind With each step Her breasts gettin redefined I'm makin my move I'm thinkin it's time Oh snap I'mma ask her to prom And in my head She responds "you're the bomb" Feelin nervous So I count to three "I like your boobs, go to prom with me?" Hah, Tig 'Ol Bitties King kong boobs Tig 'Ol Bitties Great tracks of land Tig 'Ol Bitties Tig 'Ol Bitties Like my balls Tig 'Ol Bitties Real big Tig 'Ol Bitties Oh my god! Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties Tig 'Ol Bitties She said yes So I'm gettin ready Stain on my shirt Mom's spaghetti I pick her up And I'm pretty sure That she'll let me motor-boat like rrrrrr I try to cop a feel once we get to school She said "No t

idk:4782

Mutex

5c7d6a36-dffc-4ec3-8525-ba9161772945

Attributes

encryption_key
7930C3883BFB3E417BEC9036B64E581CD2465EFE
install_name
Byfron.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Balls
subdirectory
SubDir

Signatures

Quasar RAT
Quasar is an open source Remote Access Tool.
trojan spyware quasar

Quasar payload 2 IoCs

Processes:

resource	yara_rule
behavioral2/memory/5072-1-0x00000000003A0000-0x00000000006D8000-memory.dmp	family_quasar
C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe	family_quasar

Checks computer location settings 2 TTPs 11 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

Byfron.exeByfron.exeByfron.exeByfron.exeByfron.exeByfron.exeByfron.exeByfron.exeByfron.exeByfron.exeByfron.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation	Byfron.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation	Byfron.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation	Byfron.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation	Byfron.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation	Byfron.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation	Byfron.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation	Byfron.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation	Byfron.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation	Byfron.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation	Byfron.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation	Byfron.exe

Executes dropped EXE 12 IoCs

Processes:

Byfron.exeByfron.exeByfron.exeByfron.exeByfron.exeByfron.exeByfron.exeByfron.exeByfron.exeByfron.exeByfron.exeByfron.exe

pid	process
3592	Byfron.exe
3852	Byfron.exe
924	Byfron.exe
3592	Byfron.exe
1012	Byfron.exe
4872	Byfron.exe
3356	Byfron.exe
2572	Byfron.exe
3676	Byfron.exe
4328	Byfron.exe
4452	Byfron.exe
2448	Byfron.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Creates scheduled task(s) 1 TTPs 13 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence

Scheduled Task/Job

T1053

Processes:

schtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exe

pid	process
2008	schtasks.exe
5076	schtasks.exe
1048	schtasks.exe
3248	schtasks.exe
3400	schtasks.exe
2568	schtasks.exe
4836	schtasks.exe
3288	schtasks.exe
4056	schtasks.exe
3152	schtasks.exe
1384	schtasks.exe
4836	schtasks.exe
4964	schtasks.exe

Runs ping.exe 1 TTPs 12 IoCs

Remote System Discovery

T1018

Processes:

PING.EXEPING.EXEPING.EXEPING.EXEPING.EXEPING.EXEPING.EXEPING.EXEPING.EXEPING.EXEPING.EXEPING.EXE

pid	process
1612	PING.EXE
3380	PING.EXE
2592	PING.EXE
4800	PING.EXE
1044	PING.EXE
1260	PING.EXE
868	PING.EXE
2464	PING.EXE
3636	PING.EXE
3676	PING.EXE
2596	PING.EXE
4748	PING.EXE

Suspicious use of AdjustPrivilegeToken 13 IoCs

Processes:

HoneyPot.exeByfron.exeByfron.exeByfron.exeByfron.exeByfron.exeByfron.exeByfron.exeByfron.exeByfron.exeByfron.exeByfron.exeByfron.exe

description	pid	process
Token: SeDebugPrivilege	5072	HoneyPot.exe
Token: SeDebugPrivilege	3592	Byfron.exe
Token: SeDebugPrivilege	3852	Byfron.exe
Token: SeDebugPrivilege	924	Byfron.exe
Token: SeDebugPrivilege	3592	Byfron.exe
Token: SeDebugPrivilege	1012	Byfron.exe
Token: SeDebugPrivilege	4872	Byfron.exe
Token: SeDebugPrivilege	3356	Byfron.exe
Token: SeDebugPrivilege	2572	Byfron.exe
Token: SeDebugPrivilege	3676	Byfron.exe
Token: SeDebugPrivilege	4328	Byfron.exe
Token: SeDebugPrivilege	4452	Byfron.exe
Token: SeDebugPrivilege	2448	Byfron.exe

Suspicious use of SetWindowsHookEx 11 IoCs

Processes:

Byfron.exeByfron.exeByfron.exeByfron.exeByfron.exeByfron.exeByfron.exeByfron.exeByfron.exeByfron.exeByfron.exe

pid	process
3592	Byfron.exe
3852	Byfron.exe
924	Byfron.exe
3592	Byfron.exe
1012	Byfron.exe
4872	Byfron.exe
3356	Byfron.exe
2572	Byfron.exe
3676	Byfron.exe
4328	Byfron.exe
4452	Byfron.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

HoneyPot.exeByfron.execmd.exeByfron.execmd.exeByfron.execmd.exeByfron.execmd.exeByfron.execmd.exeByfron.execmd.exe

description	pid	process	target process
PID 5072 wrote to memory of 4836	5072	HoneyPot.exe	schtasks.exe
PID 5072 wrote to memory of 4836	5072	HoneyPot.exe	schtasks.exe
PID 5072 wrote to memory of 3592	5072	HoneyPot.exe	Byfron.exe
PID 5072 wrote to memory of 3592	5072	HoneyPot.exe	Byfron.exe
PID 3592 wrote to memory of 3288	3592	Byfron.exe	schtasks.exe
PID 3592 wrote to memory of 3288	3592	Byfron.exe	schtasks.exe
PID 3592 wrote to memory of 2576	3592	Byfron.exe	cmd.exe
PID 3592 wrote to memory of 2576	3592	Byfron.exe	cmd.exe
PID 2576 wrote to memory of 2656	2576	cmd.exe	chcp.com
PID 2576 wrote to memory of 2656	2576	cmd.exe	chcp.com
PID 2576 wrote to memory of 868	2576	cmd.exe	PING.EXE
PID 2576 wrote to memory of 868	2576	cmd.exe	PING.EXE
PID 2576 wrote to memory of 3852	2576	cmd.exe	Byfron.exe
PID 2576 wrote to memory of 3852	2576	cmd.exe	Byfron.exe
PID 3852 wrote to memory of 1384	3852	Byfron.exe	schtasks.exe
PID 3852 wrote to memory of 1384	3852	Byfron.exe	schtasks.exe
PID 3852 wrote to memory of 3848	3852	Byfron.exe	cmd.exe
PID 3852 wrote to memory of 3848	3852	Byfron.exe	cmd.exe
PID 3848 wrote to memory of 448	3848	cmd.exe	chcp.com
PID 3848 wrote to memory of 448	3848	cmd.exe	chcp.com
PID 3848 wrote to memory of 2464	3848	cmd.exe	PING.EXE
PID 3848 wrote to memory of 2464	3848	cmd.exe	PING.EXE
PID 3848 wrote to memory of 924	3848	cmd.exe	Byfron.exe
PID 3848 wrote to memory of 924	3848	cmd.exe	Byfron.exe
PID 924 wrote to memory of 4836	924	Byfron.exe	schtasks.exe
PID 924 wrote to memory of 4836	924	Byfron.exe	schtasks.exe
PID 924 wrote to memory of 4568	924	Byfron.exe	cmd.exe
PID 924 wrote to memory of 4568	924	Byfron.exe	cmd.exe
PID 4568 wrote to memory of 2064	4568	cmd.exe	chcp.com
PID 4568 wrote to memory of 2064	4568	cmd.exe	chcp.com
PID 4568 wrote to memory of 3636	4568	cmd.exe	PING.EXE
PID 4568 wrote to memory of 3636	4568	cmd.exe	PING.EXE
PID 4568 wrote to memory of 3592	4568	cmd.exe	Byfron.exe
PID 4568 wrote to memory of 3592	4568	cmd.exe	Byfron.exe
PID 3592 wrote to memory of 3248	3592	Byfron.exe	schtasks.exe
PID 3592 wrote to memory of 3248	3592	Byfron.exe	schtasks.exe
PID 3592 wrote to memory of 3204	3592	Byfron.exe	cmd.exe
PID 3592 wrote to memory of 3204	3592	Byfron.exe	cmd.exe
PID 3204 wrote to memory of 1736	3204	cmd.exe	chcp.com
PID 3204 wrote to memory of 1736	3204	cmd.exe	chcp.com
PID 3204 wrote to memory of 3676	3204	cmd.exe	PING.EXE
PID 3204 wrote to memory of 3676	3204	cmd.exe	PING.EXE
PID 3204 wrote to memory of 1012	3204	cmd.exe	Byfron.exe
PID 3204 wrote to memory of 1012	3204	cmd.exe	Byfron.exe
PID 1012 wrote to memory of 3400	1012	Byfron.exe	schtasks.exe
PID 1012 wrote to memory of 3400	1012	Byfron.exe	schtasks.exe
PID 1012 wrote to memory of 1908	1012	Byfron.exe	cmd.exe
PID 1012 wrote to memory of 1908	1012	Byfron.exe	cmd.exe
PID 1908 wrote to memory of 3944	1908	cmd.exe	chcp.com
PID 1908 wrote to memory of 3944	1908	cmd.exe	chcp.com
PID 1908 wrote to memory of 1612	1908	cmd.exe	PING.EXE
PID 1908 wrote to memory of 1612	1908	cmd.exe	PING.EXE
PID 1908 wrote to memory of 4872	1908	cmd.exe	Byfron.exe
PID 1908 wrote to memory of 4872	1908	cmd.exe	Byfron.exe
PID 4872 wrote to memory of 2568	4872	Byfron.exe	schtasks.exe
PID 4872 wrote to memory of 2568	4872	Byfron.exe	schtasks.exe
PID 4872 wrote to memory of 3492	4872	Byfron.exe	cmd.exe
PID 4872 wrote to memory of 3492	4872	Byfron.exe	cmd.exe
PID 3492 wrote to memory of 2896	3492	cmd.exe	chcp.com
PID 3492 wrote to memory of 2896	3492	cmd.exe	chcp.com
PID 3492 wrote to memory of 2596	3492	cmd.exe	PING.EXE
PID 3492 wrote to memory of 2596	3492	cmd.exe	PING.EXE
PID 3492 wrote to memory of 3356	3492	cmd.exe	Byfron.exe
PID 3492 wrote to memory of 3356	3492	cmd.exe	Byfron.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\HoneyPot.exe
"C:\Users\Admin\AppData\Local\Temp\HoneyPot.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:5072

C:\Windows\SYSTEM32\schtasks.exe
"schtasks" /create /tn "Balls" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe" /rl HIGHEST /f
2⤵
- Creates scheduled task(s)
PID:4836

C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe
"C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe"
2⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3592

C:\Windows\SYSTEM32\schtasks.exe
"schtasks" /create /tn "Balls" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe" /rl HIGHEST /f
3⤵
- Creates scheduled task(s)
PID:3288

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\mrvmP3FWI10x.bat" "
3⤵
- Suspicious use of WriteProcessMemory
PID:2576

C:\Windows\system32\chcp.com
chcp 65001
4⤵
PID:2656

C:\Windows\system32\PING.EXE
ping -n 10 localhost
4⤵
- Runs ping.exe
PID:868

C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe
"C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe"
4⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3852

C:\Windows\SYSTEM32\schtasks.exe
"schtasks" /create /tn "Balls" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe" /rl HIGHEST /f
5⤵
- Creates scheduled task(s)
PID:1384

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\OndaTxuaN6Dh.bat" "
5⤵
- Suspicious use of WriteProcessMemory
PID:3848

C:\Windows\system32\chcp.com
chcp 65001
6⤵
PID:448

C:\Windows\system32\PING.EXE
ping -n 10 localhost
6⤵
- Runs ping.exe
PID:2464

C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe
"C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe"
6⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:924

C:\Windows\SYSTEM32\schtasks.exe
"schtasks" /create /tn "Balls" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe" /rl HIGHEST /f
7⤵
- Creates scheduled task(s)
PID:4836

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\CyuAbMD8nXQ0.bat" "
7⤵
- Suspicious use of WriteProcessMemory
PID:4568

C:\Windows\system32\chcp.com
chcp 65001
8⤵
PID:2064

C:\Windows\system32\PING.EXE
ping -n 10 localhost
8⤵
- Runs ping.exe
PID:3636

C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe
"C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe"
8⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3592

C:\Windows\SYSTEM32\schtasks.exe
"schtasks" /create /tn "Balls" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe" /rl HIGHEST /f
9⤵
- Creates scheduled task(s)
PID:3248

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\uE6VB3kQAa8N.bat" "
9⤵
- Suspicious use of WriteProcessMemory
PID:3204

C:\Windows\system32\chcp.com
chcp 65001
10⤵
PID:1736

C:\Windows\system32\PING.EXE
ping -n 10 localhost
10⤵
- Runs ping.exe
PID:3676

C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe
"C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe"
10⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1012

C:\Windows\SYSTEM32\schtasks.exe
"schtasks" /create /tn "Balls" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe" /rl HIGHEST /f
11⤵
- Creates scheduled task(s)
PID:3400

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\8djhvT2O6mkL.bat" "
11⤵
- Suspicious use of WriteProcessMemory
PID:1908

C:\Windows\system32\chcp.com
chcp 65001
12⤵
PID:3944

C:\Windows\system32\PING.EXE
ping -n 10 localhost
12⤵
- Runs ping.exe
PID:1612

C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe
"C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe"
12⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4872

C:\Windows\SYSTEM32\schtasks.exe
"schtasks" /create /tn "Balls" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe" /rl HIGHEST /f
13⤵
- Creates scheduled task(s)
PID:2568

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\1vJSijccAyuH.bat" "
13⤵
- Suspicious use of WriteProcessMemory
PID:3492

C:\Windows\system32\chcp.com
chcp 65001
14⤵
PID:2896

C:\Windows\system32\PING.EXE
ping -n 10 localhost
14⤵
- Runs ping.exe
PID:2596

C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe
"C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe"
14⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:3356

C:\Windows\SYSTEM32\schtasks.exe
"schtasks" /create /tn "Balls" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe" /rl HIGHEST /f
15⤵
- Creates scheduled task(s)
PID:2008

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\eLemipRlX6ZL.bat" "
15⤵
PID:2856

C:\Windows\system32\chcp.com
chcp 65001
16⤵
PID:4528

C:\Windows\system32\PING.EXE
ping -n 10 localhost
16⤵
- Runs ping.exe
PID:4748

C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe
"C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe"
16⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2572

C:\Windows\SYSTEM32\schtasks.exe
"schtasks" /create /tn "Balls" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe" /rl HIGHEST /f
17⤵
- Creates scheduled task(s)
PID:4964

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\rSjwdj5ICVTN.bat" "
17⤵
PID:3288

C:\Windows\system32\chcp.com
chcp 65001
18⤵
PID:3724

C:\Windows\system32\PING.EXE
ping -n 10 localhost
18⤵
- Runs ping.exe
PID:3380

C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe
"C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe"
18⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:3676

C:\Windows\SYSTEM32\schtasks.exe
"schtasks" /create /tn "Balls" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe" /rl HIGHEST /f
19⤵
- Creates scheduled task(s)
PID:4056

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\UXGSlYJ4BAVT.bat" "
19⤵
PID:3108

C:\Windows\system32\chcp.com
chcp 65001
20⤵
PID:3684

C:\Windows\system32\PING.EXE
ping -n 10 localhost
20⤵
- Runs ping.exe
PID:2592

C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe
"C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe"
20⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:4328

C:\Windows\SYSTEM32\schtasks.exe
"schtasks" /create /tn "Balls" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe" /rl HIGHEST /f
21⤵
- Creates scheduled task(s)
PID:5076

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\QNSYKENv3mMp.bat" "
21⤵
PID:2316

C:\Windows\system32\chcp.com
chcp 65001
22⤵
PID:4820

C:\Windows\system32\PING.EXE
ping -n 10 localhost
22⤵
- Runs ping.exe
PID:4800

C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe
"C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe"
22⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:4452

C:\Windows\SYSTEM32\schtasks.exe
"schtasks" /create /tn "Balls" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe" /rl HIGHEST /f
23⤵
- Creates scheduled task(s)
PID:1048

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\Y4EMJuzvwIvb.bat" "
23⤵
PID:2512

C:\Windows\system32\chcp.com
chcp 65001
24⤵
PID:1008

C:\Windows\system32\PING.EXE
ping -n 10 localhost
24⤵
- Runs ping.exe
PID:1044

C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe
"C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe"
24⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:2448

C:\Windows\SYSTEM32\schtasks.exe
"schtasks" /create /tn "Balls" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe" /rl HIGHEST /f
25⤵
- Creates scheduled task(s)
PID:3152

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\KUOpWPPD5zTb.bat" "
25⤵
PID:1672

C:\Windows\system32\chcp.com
chcp 65001
26⤵
PID:1296

C:\Windows\system32\PING.EXE
ping -n 10 localhost
26⤵
- Runs ping.exe
PID:1260

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4320,i,13879737908471496610,15335851594401413307,262144 --variations-seed-version --mojo-platform-channel-handle=1416 /prefetch:8
1⤵
PID:4536

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

T1053

Persistence

Scheduled Task/Job

T1053

Privilege Escalation

Scheduled Task/Job

T1053

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Remote System Discovery

T1018

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Byfron.exe.log
Filesize
2KB

MD5
8f0271a63446aef01cf2bfc7b7c7976b

SHA1
b70dad968e1dda14b55ad361b7fd4ef9ab6c06d7

SHA256
da740d78ae00b72cb3710d1a1256dc6431550965d20afaa65e5d5860a4748e8c

SHA512
78a403c69f1284b7dd41527019f3eede3512a5e4d439d846eca83557b741ca37bcf56c412f3e577b9dd4cfa5a6d6210961215f14cb271b143f6eb94f69389cf5

Download Submit
C:\Users\Admin\AppData\Local\Temp\1vJSijccAyuH.bat
Filesize
207B

MD5
2ca9e6ff8a745a8dde189d3f5dfa3c37

SHA1
f9950fff3f67435e60edabd7c18799464cf6ad44

SHA256
7103012d7d92f963a11e1ed96b209060c5ef3f964a602cf1bce291cd5dd51735

SHA512
a792f2baf1559a23301316cc3231003fcc44cd6c3c21fdd2385db44d654faff6c1f717b67daedb4eb26e21a9d7513ec1d81afd27f3ed5433830b2c828a1f3809

Download Submit
C:\Users\Admin\AppData\Local\Temp\8djhvT2O6mkL.bat
Filesize
207B

MD5
0f208eff95f164ef3734899441e4592b

SHA1
22de1def50af68c45052532a50cdafc78ec68a65

SHA256
c1ce875290bb4b89f54bb9f0338cd36d37eb8df05902c3fcc65896070f1e369c

SHA512
436b01b448a898b6697824e905abfe237e70e41c810880fc59a3296e427c0282b663f0f4bea4dcfdddf68ad296a2c86e720efee9080852040a447eda3e235491

Download Submit
C:\Users\Admin\AppData\Local\Temp\CyuAbMD8nXQ0.bat
Filesize
207B

MD5
3c7b78b1da361c75ed663ad0d6defbcb

SHA1
2782cbf70012ae881f5bde55d01d89a1ae52e3e3

SHA256
81ced8f8e2a356f26874957bbb92a7e7a0318ca0da7e1d628fe598922a145223

SHA512
60540ad815a6d9819d28e8402efbde5a51ff09ae6035d139f89c94611e6104ca6fc4f3f62174e23541221868f381cbb8cbf22d6856f7a10ad83ef8554fd29b4b

Download Submit
C:\Users\Admin\AppData\Local\Temp\KUOpWPPD5zTb.bat
Filesize
207B

MD5
1007b6ca6c688635466c27890fc20700

SHA1
e7b2e4dbb08925fb2c4b558d399590373d93f489

SHA256
184174e20ecc6d7c30a336ed3c39e3f30f96a4d73cef21a229bdcace54dd8cb7

SHA512
8033d771291b3348f8cd7ae34ebf44bc2594be925c83d667bf7adb6e7061a184a744436914f824f7d377271952ac0f6077f3aa7034d5c4c06b5f60ccbcc109ce

Download Submit
C:\Users\Admin\AppData\Local\Temp\OndaTxuaN6Dh.bat
Filesize
207B

MD5
20aa0d51d64e29fb19582d88ab72adf1

SHA1
b4776bb9f3699d3820f2824408eb0d8ccb2f2ee2

SHA256
99f4f50853d719030e7031c1f72ba8b723d6edc26d6e45d259a0c386b789eb72

SHA512
8256162dbaf7a32e3b7d0838ba395987834ff5983946bdddada1fc7462dda57ee4e1e873575b7cab0857720f179109c143ee8cac5f1505f86a1f0d19a4de6b11

Download Submit
C:\Users\Admin\AppData\Local\Temp\QNSYKENv3mMp.bat
Filesize
207B

MD5
09b8ad8c7046d735e470e890ffaf4ca6

SHA1
8272c8936c268e4f4bb31670607dd2610bc3d257

SHA256
24fc3d87f2022ba1f2995d52047417783b3d4296eedc4bf76134c8a5324cddda

SHA512
f9b0cb326527dbb41bd1235533c562e9e26437bcecb2756860a1caaa83ecfab92be5b0543eae88f8424131e0305b43b5b654d882e1ced0f89d049e76683b1706

Download Submit
C:\Users\Admin\AppData\Local\Temp\UXGSlYJ4BAVT.bat
Filesize
207B

MD5
0b6c726b6af5f27fc1557e1893c2e131

SHA1
53d8f85f3fe7fa88f762788e0f3d1f09b978acd7

SHA256
385ecd571b6fd62aef8ac93ca30367d3528cf5dd0bbe5fcc8d39ffd813adefdb

SHA512
1e1f19d6a11309611f13ea8382fa501ee01ea36d3e093c48dee984fbea5ba3391ce42300a27d31e58abc8191ade44941b994b22541e4217570dad47e565464a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Y4EMJuzvwIvb.bat
Filesize
207B

MD5
e8e0bf7904d37c3640ba4e34dbd043ce

SHA1
1b3c91427344151f74c7f52875a2a52f6f3070c1

SHA256
91ccbac3d5d6e0b16329c69f92e4551542ccf675eb99dfd754b6caa6a73d73e2

SHA512
317ba2bd33e612bc91e0191b8d6b10b93c6d92c87dffdf53937252714134e114e137860baa6fc206b2564fc189ba6e7e8b9d3a0c822e354126bfe96ce88166b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\eLemipRlX6ZL.bat
Filesize
207B

MD5
5ef73e18a805480938340ae74217edf8

SHA1
b06537b405aa50358bff11f39de1e3a71f6c7945

SHA256
f1ee8ead1ea62f9504593bcd74a8a7035a2818c11740c444bdc90f03007ee441

SHA512
0cb02e3ee3457836d63059aa61462425c14c2ebea0a3a88d6210f2d23fee3de77fa03c1000f3fbd162e857a249e4073ef78b8ef8556cc85ffa4f55f88214442f

Download Submit
C:\Users\Admin\AppData\Local\Temp\mrvmP3FWI10x.bat
Filesize
207B

MD5
45b8b894f9706ce7087da8cf237f2758

SHA1
499e0aae791308487b7340de622bbd4de05373c7

SHA256
9f588692125b200a0e6a5fa3786db239ce368ce69fe89b1d0f20cc1bbdaa5985

SHA512
fd268192182fb6c70708eeccb464976da4a1955fd6673531d83129358cba43c8f4417747032f7557c925c9c33ff0c1d92b7191da7a849f7446f7f775e45b63e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\rSjwdj5ICVTN.bat
Filesize
207B

MD5
706b533ceb548ac0c5fc9f002a9d02e9

SHA1
3e209ca386e934eaebb80abab9d57ce6143344eb

SHA256
85a2ba63bd832720ca1345ddfd57481c8651c2595a978fcf76872052420f6f21

SHA512
ccd00c9088d5db5a41cef38c5006b5ee3fc1d5f6a60704cdf6b01a5d62d7fabfb2b552ca4cada30d852ab9e3e094cd8244381f7096ffefa8d29218ed4bb08deb

Download Submit
C:\Users\Admin\AppData\Local\Temp\uE6VB3kQAa8N.bat
Filesize
207B

MD5
ff4315d9e480288be13d64257ee03e58

SHA1
a62edbf963290ea8691ba5e126faeb70c34ec07a

SHA256
be8ec10cfe2ee03b373958ecc31fd4f5e533c239354b00a384e3884e63fe1504

SHA512
37cfeca359b91e0e77992b48ff7a71df9f62852c741d7d344e57d3972f6b819849c2c5e968372fb6b9aa4dfc7dcd4f75d6eb75bc7a79c3e9eed41020b50488fd

Download Submit
C:\Users\Admin\AppData\Roaming\SubDir\Byfron.exe
Filesize
3.2MB

MD5
1b1eb2ec84ec46145969c46749dc4063

SHA1
e1a988e15bd7184c9539b6f024ce80ce6b79d95e

SHA256
8c8a3846e1f9c9aef9566158cbe5c69f26ea1d1167f387bea8ab9a6f8de2b31e

SHA512
ccd4ae2047a50772120f59f75dfc9e0ae44af351e3c2871d32c93e32cee0348dc1380d9d2aecae5498608a017f5e8f7ae331ad68cced350dd27eb395525c1142

Download Submit
memory/3592-18-0x00007FF842860000-0x00007FF843321000-memory.dmp

Filesize
10.8MB

Download
memory/3592-13-0x000000001C3E0000-0x000000001C492000-memory.dmp

Filesize
712KB

Download
memory/3592-12-0x00000000031C0000-0x0000000003210000-memory.dmp

Filesize
320KB

Download
memory/3592-11-0x00007FF842860000-0x00007FF843321000-memory.dmp

Filesize
10.8MB

Download
memory/3592-10-0x00007FF842860000-0x00007FF843321000-memory.dmp

Filesize
10.8MB

Download
memory/5072-0-0x00007FF842863000-0x00007FF842865000-memory.dmp

Filesize
8KB

Download
memory/5072-9-0x00007FF842860000-0x00007FF843321000-memory.dmp

Filesize
10.8MB

Download
memory/5072-2-0x00007FF842860000-0x00007FF843321000-memory.dmp

Filesize
10.8MB

Download
memory/5072-1-0x00000000003A0000-0x00000000006D8000-memory.dmp

Filesize
3.2MB

Download