f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
01-07-2024 04:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
Size

268KB
MD5

bbc3340f9a97710f3e61748478e8e71f
SHA1

2d2d625853b96838e1e226cb72afaf70be8edb83
SHA256

f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5
SHA512

e58413a14d8428f771f0625f28c006c96a71e270557b404aa9a8955d5f403724ebafde3e337f749833f434413abfc357d9683cd3c639773efa08e9a125cb5679
SSDEEP

6144:dXC4vgmhbIxs3NBRdMCmAvl7hCLYCaoHB3RehIuvynXyLqEwK6/eHL:dXCNi9BwNI/UBBL7ymLJc

Score

9^/10

persistence spyware stealer

Malware Config

Signatures

Detects executables containing possible sandbox analysis VM usernames 1 IoCs

Processes:

resource yara_rule

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\italian porn licking (Karin).avi.exe INDICATOR_SUSPICIOUS_EXE_SandboxUserNames

resource	yara_rule
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\italian porn licking (Karin).avi.exe	INDICATOR_SUSPICIOUS_EXE_SandboxUserNames

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exef4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe

description	ioc	process
File opened (read-only)	\??\M:	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
File opened (read-only)	\??\P:	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
File opened (read-only)	\??\U:	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
File opened (read-only)	\??\V:	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
File opened (read-only)	\??\E:	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
File opened (read-only)	\??\G:	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
File opened (read-only)	\??\K:	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
File opened (read-only)	\??\L:	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
File opened (read-only)	\??\Z:	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
File opened (read-only)	\??\T:	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
File opened (read-only)	\??\X:	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
File opened (read-only)	\??\B:	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
File opened (read-only)	\??\I:	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
File opened (read-only)	\??\N:	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
File opened (read-only)	\??\R:	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
File opened (read-only)	\??\A:	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
File opened (read-only)	\??\O:	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
File opened (read-only)	\??\S:	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
File opened (read-only)	\??\Y:	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
File opened (read-only)	\??\H:	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
File opened (read-only)	\??\J:	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
File opened (read-only)	\??\Q:	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
File opened (read-only)	\??\W:	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe

Drops file in System32 directory 12 IoCs

Processes:

f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe

description	ioc	process
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\spanish handjob beastiality sleeping (Britney,Curtney).avi.exe	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
File created	C:\Windows\SysWOW64\config\systemprofile\russian nude cum [milf] vagina black hairunshaved .mpg.exe	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\kicking hidden 50+ .mpeg.exe	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\american horse uncut girly .rar.exe	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
File created	C:\Windows\SysWOW64\config\systemprofile\tyrkish porn fetish public sweet .avi.exe	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
File created	C:\Windows\SysWOW64\IME\SHARED\porn masturbation .rar.exe	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\british gay hot (!) .avi.exe	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
File created	C:\Windows\SysWOW64\FxsTmp\beastiality beastiality [free] granny .rar.exe	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
File created	C:\Windows\SysWOW64\IME\SHARED\german beastiality big ash 50+ .avi.exe	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
File created	C:\Windows\System32\DriverStore\Temp\russian action lingerie masturbation nipples circumcision .mpeg.exe	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
File created	C:\Windows\SysWOW64\FxsTmp\italian animal masturbation glans .rar.exe	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\black blowjob kicking [milf] legs .mpg.exe	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe

Drops file in Program Files directory 19 IoCs

Processes:

f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe

description	ioc	process
File created	C:\Program Files\dotnet\shared\tyrkish fetish sperm full movie .mpg.exe	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\swedish beast hardcore girls upskirt (Anniston).zip.exe	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\asian kicking fetish [bangbus] .mpg.exe	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\hardcore lesbian titts mature .zip.exe	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
File created	C:\Program Files\Common Files\microsoft shared\american nude beast lesbian 50+ .avi.exe	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\italian porn licking (Karin).avi.exe	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\italian beast lesbian boots .mpg.exe	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\fetish sperm hidden .mpg.exe	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\russian cum lesbian girls .zip.exe	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
File created	C:\Program Files (x86)\Google\Temp\italian fetish cum [milf] black hairunshaved .rar.exe	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\action hot (!) gorgeoushorny .avi.exe	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
File created	C:\Program Files (x86)\Google\Update\Download\beast sleeping castration .mpeg.exe	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\bukkake fucking girls .rar.exe	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
File created	C:\Program Files\Microsoft Office\root\Templates\action public (Karin,Ashley).rar.exe	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\handjob animal hidden boobs .rar.exe	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\malaysia action [bangbus] fishy .mpg.exe	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\gay [milf] black hairunshaved (Kathrin,Anniston).zip.exe	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Install\{F0237BE9-D6E4-4703-93AC-27360BF5E970}\EDGEMITMP_1D2FD.tmp\hardcore gang bang lesbian redhair (Sarah).mpeg.exe	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
File created	C:\Program Files (x86)\Microsoft\Temp\american porn cum uncut castration .mpeg.exe	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe

Drops file in Windows directory 64 IoCs

Processes:

f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe

description	ioc	process
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\african nude handjob [free] .zip.exe	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
File created	C:\Windows\Downloaded Program Files\animal blowjob several models (Britney).avi.exe	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
File created	C:\Windows\WinSxS\x86_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_10.0.19041.1_none_d980e9752d51efac\asian gang bang lingerie hot (!) swallow .rar.exe	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.84_none_81616275259e37fe\malaysia animal uncut fishy .rar.exe	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1202_none_e2f5ebbcec2d8fca\kicking horse voyeur Ôï .rar.exe	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_2610450c30b37cc4\animal sleeping (Sonja).mpeg.exe	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_f8d34ba1b1eb00de\chinese horse lingerie licking .rar.exe	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\black fucking lingerie [free] .mpg.exe	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.84_none_c494b3b28da10665\british animal handjob public latex (Britney,Melissa).mpg.exe	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_10.0.19041.1_none_c513167c1d0a90dd\nude nude [free] .zip.exe	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-m..ineshared.resources_31bf3856ad364e35_10.0.19041.1_en-us_99ddc8ce8d3d6dac\horse xxx [free] bedroom .mpg.exe	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_it-it_72a319bf8ee74a9b\tyrkish cum girls .mpg.exe	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..-kf-commondownloads_31bf3856ad364e35_10.0.19041.1_none_a914e3e3f19ceda1\black fucking hot (!) vagina ejaculation .avi.exe	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.1_none_6e0e425bd0e83959\tyrkish animal voyeur circumcision (Anniston,Sylvia).avi.exe	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
File created	C:\Windows\WinSxS\amd64_netfx4-uninstallsqlstatetemplate_sql_b03f5f7f11d50a3a_4.0.15805.0_none_db70a8ec1b999dd5\norwegian beast fucking sleeping legs granny (Christine,Sonja).avi.exe	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_es-es_c9ce604ef4cbf323\russian lingerie public glans .avi.exe	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
File created	C:\Windows\SystemResources\Windows.ShellCommon.SharedResources\japanese kicking licking 50+ .rar.exe	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_es-es_8da1621e0a800290\spanish blowjob big balls (Karin,Sonja).rar.exe	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_fad1fa0072ef4a3a\trambling [free] nipples black hairunshaved .mpg.exe	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..s-ime-eashared-ihds_31bf3856ad364e35_10.0.19041.1_none_e8996b7d3512363f\danish nude horse [bangbus] traffic .rar.exe	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_bca64d70c79f104b\asian horse gay lesbian .avi.exe	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
File created	C:\Windows\WinSxS\amd64_netfx-aspnet-sharedcomponents_b03f5f7f11d50a3a_4.0.19041.1_none_47ca94859da20b28\porn [milf] hairy .rar.exe	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.906_none_f962ab5f47e1e896\gay girls .mpg.exe	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.1_none_fa09f84703cb02c5\nude several models black hairunshaved .zip.exe	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_67a96afcfa248327\german kicking bukkake big (Sandy,Anniston).mpeg.exe	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.746_none_a06b29f6c4bab99e\american gay cumshot girls gorgeoushorny .zip.exe	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
File created	C:\Windows\mssrv.exe	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
File created	C:\Windows\security\templates\african beastiality gay [milf] legs sm .mpg.exe	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_10.0.19041.1_none_096bb4dc0d5d63a0\porn [free] .avi.exe	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_2426cc56d654beaa\asian handjob girls latex .rar.exe	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.746_none_d404daff82e97769\chinese nude hot (!) upskirt (Christine).mpg.exe	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_10.0.19041.1_none_4ac6500cab2b2113\swedish horse [bangbus] pregnant (Karin).mpg.exe	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
File created	C:\Windows\WinSxS\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_10.0.19041.1_none_0341fea186758116\malaysia beastiality fetish big boots .mpg.exe	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_5b152a8d329397ec\russian gay [free] hole traffic .mpg.exe	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_de-de_bc04d4fbcc35e12a\cumshot public latex .avi.exe	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_de-de_e4e52f411b7b0526\black action [bangbus] 50+ .rar.exe	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_f07d4fae3e8e883f\black lesbian cum hidden .mpg.exe	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
File created	C:\Windows\WinSxS\amd64_netfx4-_dataoraclec.._shared12_neutral_h_b03f5f7f11d50a3a_4.0.15805.0_none_3b8d4dacc2ea6b71\gang bang full movie .mpeg.exe	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
File created	C:\Windows\assembly\temp\german sperm trambling hot (!) glans blondie .mpeg.exe	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\handjob voyeur femdom .zip.exe	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_de-de_16bd831fd16633be\italian gang bang sleeping black hairunshaved .mpg.exe	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.1_none_a7ad1894592cfa12\french lesbian gay big ash sweet .mpg.exe	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_7860bee9439c3ae7\indian nude horse [milf] .mpg.exe	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..gement-uevtemplates_31bf3856ad364e35_10.0.19041.1_none_0d66b54875835a49\african trambling blowjob girls 40+ .zip.exe	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.746_none_2212358fc33cc10f\horse [free] castration .avi.exe	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_bfae5918c0443f83\chinese xxx several models .avi.exe	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_en-us_310bfb76047869ad\malaysia beast hidden blondie .avi.exe	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
File created	C:\Windows\WinSxS\amd64_netfx-aspnet-nonwow64-shared_b03f5f7f11d50a3a_4.0.19041.1_none_d66d07dacac85e2d\japanese cum hidden boots .mpeg.exe	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.964_none_1c1a193f5bfcf136\indian gang bang sperm catfight glans sm .zip.exe	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
File created	C:\Windows\WinSxS\amd64_netfx-shared_registry_whidbey_31bf3856ad364e35_10.0.19041.1_none_1c68775f06732f08\american fetish [free] hotel .mpg.exe	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.1_none_b201c2e68d8dbc0d\kicking voyeur gorgeoushorny (Ashley,Gina).avi.exe	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1288_none_6115038ba57fcb33\malaysia animal lesbian catfight ash .avi.exe	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\german horse full movie .zip.exe	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5021dd18efc0460c\trambling beastiality big titts shoes .avi.exe	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.572_none_cf90e12518baac85\asian action blowjob full movie (Melissa).avi.exe	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_215194e2327a46ac\italian xxx catfight vagina .avi.exe	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_5af076e0a3cb0fa7\chinese blowjob [milf] (Sarah,Tatjana).mpeg.exe	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.572_none_d9e58b774d1b6e80\indian cumshot [bangbus] legs .avi.exe	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\templates\african beast beastiality catfight (Sylvia).rar.exe	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.844_none_67b5915b5651dd8a\swedish lesbian licking hole black hairunshaved .mpeg.exe	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_a4f93129c473df49\gang bang cumshot masturbation vagina .avi.exe	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
File created	C:\Windows\CbsTemp\chinese cum lesbian sleeping shower .mpg.exe	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_1bbb9ab9fc52bac9\lesbian voyeur legs wifey (Britney).avi.exe	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_10.0.19041.746_none_e2c6a972a81b8d2c\sperm licking mistress .rar.exe	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exef4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exef4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exef4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe

pid	process
3536	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
3536	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
2136	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
2136	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
3536	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
3536	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
4132	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
4132	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
3540	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
3540	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
3536	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
3536	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
2136	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
2136	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
4132	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
4132	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
3540	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
3540	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
3536	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
3536	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
2136	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
2136	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
4132	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
4132	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
3540	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
3540	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
3536	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
3536	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
2136	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
2136	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
4132	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
4132	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
3540	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
3540	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
3536	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
3536	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
2136	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
2136	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
4132	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
4132	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
3540	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
3540	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
3536	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
3536	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
2136	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
2136	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
4132	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
4132	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
3540	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
3540	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
3536	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
3536	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
2136	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
2136	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
4132	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
4132	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
3540	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
3540	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
3536	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
3536	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
2136	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
2136	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
4132	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
4132	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe

Suspicious use of WriteProcessMemory 9 IoCs

Processes:

f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exef4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe

description	pid	process	target process
PID 3536 wrote to memory of 2136	3536	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
PID 3536 wrote to memory of 2136	3536	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
PID 3536 wrote to memory of 2136	3536	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
PID 3536 wrote to memory of 4132	3536	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
PID 3536 wrote to memory of 4132	3536	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
PID 3536 wrote to memory of 4132	3536	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
PID 2136 wrote to memory of 3540	2136	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
PID 2136 wrote to memory of 3540	2136	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
PID 2136 wrote to memory of 3540	2136	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe	f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe

C:\Users\Admin\AppData\Local\Temp\f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
"C:\Users\Admin\AppData\Local\Temp\f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3536

C:\Users\Admin\AppData\Local\Temp\f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
"C:\Users\Admin\AppData\Local\Temp\f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe"
2⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2136

C:\Users\Admin\AppData\Local\Temp\f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
"C:\Users\Admin\AppData\Local\Temp\f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe"
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:3540

C:\Users\Admin\AppData\Local\Temp\f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe
"C:\Users\Admin\AppData\Local\Temp\f4f1a458eccd8b5fb6102d7a6b8a0cde767d183842b98d5e31e8217f804164b5.exe"
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4132

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\italian porn licking (Karin).avi.exe
Filesize
694KB

MD5
0c53d42c824bf3fa73a8d34bd04c9afa

SHA1
47513dc3b27b3a836e1172e15e0a3eb647f4e3b1

SHA256
257bef864e3f55579562e26f89ed2e7fff301e90f78c705b37a4600ecba35cde

SHA512
fce3e5c687532509811766a9f250d1e25aefd1c4d450e640977bc76b11b04ef2f71370ebfdd5d294c81233567ee59bd7943ae1413523ec2c1b2ace71679fd1d4

Download Submit