66ef52467495a8042844dccfdaefabb7d3c690c3f29b3ec29a2c292ed766e874

Resubmissions

21/02/2024, 11:43

240221-nvrlysef4x 8

21/02/2024, 11:40

240221-nsy81sfb53 10

Analysis

max time kernel
1795s
max time network
1521s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
21/02/2024, 11:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-02-21_9bf351853b70dc260a5baac08d6fbaeb_goldeneye.exe
Size

372KB
MD5

9bf351853b70dc260a5baac08d6fbaeb
SHA1

77430875bf961ab9e1f0c81892476b2164df5287
SHA256

66ef52467495a8042844dccfdaefabb7d3c690c3f29b3ec29a2c292ed766e874
SHA512

d56c700b6424a44b49ec7dad44dfef639c89a6ffc828b2cf9e214ea43184997cdd3a826ad4045b0ceae4deacd1cb8180c6b9441a04800b80d090c41a17f0ed52
SSDEEP

3072:CEGh0oVmlJOiNOe2MUVg3bHrH/HqOYGte+rcC4F0fJGRIS8Rfd7eQEcGcrTutTBE:CEGKl/Oe2MUVg3vTeKcAEciTBqr3

Score

8^/10

persistence

Malware Config

Signatures

Modifies Installed Components in the registry 2 TTPs 64 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{1071F5D0-36B8-4549-BDBE-6CDC603E827E}	{60B90B0A-D09F-4a53-A3C0-E43464B165A8}.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5D240771-72CE-40fa-BA1F-238C4C98C30E}\stubpath = "C:\\Windows\\{5D240771-72CE-40fa-BA1F-238C4C98C30E}.exe"	{3C4133BB-AD5F-4072-962A-B9C6C62D46CD}.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{AD3A5B6D-6D7A-4ee3-980D-4EC82546FBE5}	{6196EABD-E226-4f32-91BE-42FE8AF727E6}.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5560D454-8CA9-4044-88DE-B9C478571C17}	{B618FB7A-12CA-4435-ADA2-D5D8A8E6D7D9}.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{69FB88E5-686D-496e-8E70-4E655AB52EFA}	{71E38D6F-7593-4c14-9E91-D2E7412BD345}.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{75B95ED2-07D4-4d12-BB1D-8FE1457AEB4C}	{192A0F91-C351-46fe-9738-F24E5E96E1D8}.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{3561D533-7893-4184-ABF9-9F1D139185DD}\stubpath = "C:\\Windows\\{3561D533-7893-4184-ABF9-9F1D139185DD}.exe"	{6C0F95D7-FAC5-46f0-8A43-836C4F52FCEC}.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{F7588000-BBEB-4d83-B269-B3069FABE8A3}	{5322F418-B608-4f56-94BC-2FC72A4B8351}.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{9072BC53-25BC-4ef3-874B-431E1C0665CA}\stubpath = "C:\\Windows\\{9072BC53-25BC-4ef3-874B-431E1C0665CA}.exe"	{C4B6282E-C515-4b2c-B327-5CE67B26FCA0}.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{F55A580E-9DDB-425e-9367-17B31472AD72}\stubpath = "C:\\Windows\\{F55A580E-9DDB-425e-9367-17B31472AD72}.exe"	{08EB6A5D-0F6E-49b3-99E3-106EF192276D}.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{E8CB97F1-E987-438e-8F59-9E463BF94E7E}\stubpath = "C:\\Windows\\{E8CB97F1-E987-438e-8F59-9E463BF94E7E}.exe"	{15B3CC06-E7A8-45de-8C99-DB550EC6DA1A}.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{959DE87C-ADB1-408d-A76A-B94415F96EA3}	{AB8A8841-D03B-4e30-AD8A-6ADACFC7C4DF}.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{737C6727-4962-4007-8143-F970BB4ADCDD}	{DE83BBF7-D6A6-4a85-B378-AC648CD57B0E}.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{BF97D121-F614-496d-A761-CA1B0BBE858A}\stubpath = "C:\\Windows\\{BF97D121-F614-496d-A761-CA1B0BBE858A}.exe"	{FEBA69D1-D79D-4840-AF03-7422DA19E4AB}.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{2D42FC6C-1807-48ce-95E6-1169A0A36A8F}\stubpath = "C:\\Windows\\{2D42FC6C-1807-48ce-95E6-1169A0A36A8F}.exe"	{BF97D121-F614-496d-A761-CA1B0BBE858A}.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{85100AF0-EFC7-4ad8-98EA-7BCD1C48F957}	{67FA5347-58B9-4d88-8FAD-B37829A629DA}.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5322F418-B608-4f56-94BC-2FC72A4B8351}\stubpath = "C:\\Windows\\{5322F418-B608-4f56-94BC-2FC72A4B8351}.exe"	{85100AF0-EFC7-4ad8-98EA-7BCD1C48F957}.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{A010B4F6-528D-49a5-A0B7-4CFF42FC7CED}\stubpath = "C:\\Windows\\{A010B4F6-528D-49a5-A0B7-4CFF42FC7CED}.exe"	{F7588000-BBEB-4d83-B269-B3069FABE8A3}.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{6196EABD-E226-4f32-91BE-42FE8AF727E6}\stubpath = "C:\\Windows\\{6196EABD-E226-4f32-91BE-42FE8AF727E6}.exe"	{FE3DFFE4-1E30-488e-8CC1-C28402A6F684}.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{A83C2E07-4279-447f-ADD4-2DD8CC36D686}\stubpath = "C:\\Windows\\{A83C2E07-4279-447f-ADD4-2DD8CC36D686}.exe"	{606D3A8D-EDF3-4927-942C-C3595E7E97B4}.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{C694EE32-1328-431c-A280-785ACF706FBF}\stubpath = "C:\\Windows\\{C694EE32-1328-431c-A280-785ACF706FBF}.exe"	{9901F4A6-CE03-43b9-B6FC-F1B94B4A150D}.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{94CB4ECC-9723-45be-BF96-3EC4B6998D3A}\stubpath = "C:\\Windows\\{94CB4ECC-9723-45be-BF96-3EC4B6998D3A}.exe"	{1D84CCD2-569E-492e-BFE5-854441AE7D55}.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{D024CBB8-7AEC-45ba-9C76-C62420B0660A}	{98A5A819-CB40-4dee-995A-1FC2F658A54F}.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{0234127B-A3A3-49bb-A4C6-5BCC85DC5C90}\stubpath = "C:\\Windows\\{0234127B-A3A3-49bb-A4C6-5BCC85DC5C90}.exe"	{67F9BD7B-8666-49c8-A45C-70BEF2503590}.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5D240771-72CE-40fa-BA1F-238C4C98C30E}	{3C4133BB-AD5F-4072-962A-B9C6C62D46CD}.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{048DEFA1-F254-4b62-BC97-1E38D21CAE39}\stubpath = "C:\\Windows\\{048DEFA1-F254-4b62-BC97-1E38D21CAE39}.exe"	{5F05B382-C267-4a62-B166-933E663C1741}.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{D4C575B8-D9C5-413f-A0D9-A8A58D0CE5C7}	{51044596-100C-4047-A94A-491D1B0EFFF1}.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{193CD24C-BE53-4f62-80D6-D01E2A417ACA}	{F2636712-029E-4e2b-986B-1EC9A3C9E860}.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5F5B32A3-917C-4f7b-A599-09EB1F21FF40}\stubpath = "C:\\Windows\\{5F5B32A3-917C-4f7b-A599-09EB1F21FF40}.exe"	{FF57100F-EB19-4775-9662-FDDF79F2E8CC}.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{70C7EC87-AAA2-41f8-9CB1-3C396F8E0017}\stubpath = "C:\\Windows\\{70C7EC87-AAA2-41f8-9CB1-3C396F8E0017}.exe"	{2F7AC9A9-7AA0-4132-AF87-1401E3D10BBF}.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{14C764DF-6268-4c96-A63C-74C5ED126149}\stubpath = "C:\\Windows\\{14C764DF-6268-4c96-A63C-74C5ED126149}.exe"	{5D491113-9898-47e3-AF2B-CEC1E70634A0}.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{1B9AEBC0-7AE0-4b2f-BF2C-38DDC332D36C}\stubpath = "C:\\Windows\\{1B9AEBC0-7AE0-4b2f-BF2C-38DDC332D36C}.exe"	{1999EBE3-582D-4cd6-AAE9-C66C09D01974}.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{3561D533-7893-4184-ABF9-9F1D139185DD}	{6C0F95D7-FAC5-46f0-8A43-836C4F52FCEC}.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{B1B19C61-6747-4702-9CEB-5FBFA63A6D22}	{7FB6B5CC-D7AC-4bc5-879D-B9040509B4B4}.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{DF6697DB-1980-47c9-B84A-368856B0217F}	{C77AF4B3-D8CD-485e-8850-863221E1AD21}.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{048DEFA1-F254-4b62-BC97-1E38D21CAE39}	{5F05B382-C267-4a62-B166-933E663C1741}.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{FEBA69D1-D79D-4840-AF03-7422DA19E4AB}	{9BE1C449-6544-408f-8B6E-6317388406F2}.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{1A34657C-F2F2-46cd-B489-96CB5287E927}\stubpath = "C:\\Windows\\{1A34657C-F2F2-46cd-B489-96CB5287E927}.exe"	{B1B19C61-6747-4702-9CEB-5FBFA63A6D22}.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{DF3916CA-9524-495c-92C0-28EF774EC1CB}	2024-02-21_9bf351853b70dc260a5baac08d6fbaeb_goldeneye.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{6F9D0591-73A3-4204-B2C0-8DE474AB40A3}\stubpath = "C:\\Windows\\{6F9D0591-73A3-4204-B2C0-8DE474AB40A3}.exe"	{C694EE32-1328-431c-A280-785ACF706FBF}.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{01CBC9BD-64E7-4604-B769-039E278BD93F}	{048DEFA1-F254-4b62-BC97-1E38D21CAE39}.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{E7B06599-4262-4205-9607-6F8E1CAE72B3}\stubpath = "C:\\Windows\\{E7B06599-4262-4205-9607-6F8E1CAE72B3}.exe"	{02D2C06E-B632-46d9-A40A-15BDAF3C6F62}.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{D75FF857-D7DC-4106-B547-E4921909B342}	{04177901-5F31-48a9-907E-707A1A94D557}.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{EAB514E0-5517-437c-8163-B2A09EE7F38D}	{89BDF0F6-22D8-4073-A2ED-348FB142F1AB}.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{7A9B336D-2183-4406-B391-437BC7E17D67}	{513EEFE1-C9B8-4611-A61C-64A38814348C}.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5D491113-9898-47e3-AF2B-CEC1E70634A0}\stubpath = "C:\\Windows\\{5D491113-9898-47e3-AF2B-CEC1E70634A0}.exe"	{4264E937-895A-4d8c-B737-883D14044E25}.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{193CD24C-BE53-4f62-80D6-D01E2A417ACA}\stubpath = "C:\\Windows\\{193CD24C-BE53-4f62-80D6-D01E2A417ACA}.exe"	{F2636712-029E-4e2b-986B-1EC9A3C9E860}.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{15B3CC06-E7A8-45de-8C99-DB550EC6DA1A}\stubpath = "C:\\Windows\\{15B3CC06-E7A8-45de-8C99-DB550EC6DA1A}.exe"	{64F984EB-DFAC-446f-A1E3-6A50846F7826}.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{1D84CCD2-569E-492e-BFE5-854441AE7D55}	{E349FAB7-CF46-480e-9ADF-84915D72F84B}.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{513EEFE1-C9B8-4611-A61C-64A38814348C}	{75B8C948-0A7D-4364-8726-08CE364C99B9}.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{630143E4-47E8-4d86-9A6A-345982EF544D}	{19B60F16-64BD-41db-8392-2708B94BEE97}.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{F2BAF08F-F96A-43e4-BD8A-9B15AFF66510}\stubpath = "C:\\Windows\\{F2BAF08F-F96A-43e4-BD8A-9B15AFF66510}.exe"	{15E94F3D-49DC-4aa3-AE56-1B1892ED59A6}.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{614AD9CB-5527-4845-83FA-41F6D6CA90B8}	{1B9AEBC0-7AE0-4b2f-BF2C-38DDC332D36C}.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{EEA91F35-AE46-4580-B820-C5A468872E5E}\stubpath = "C:\\Windows\\{EEA91F35-AE46-4580-B820-C5A468872E5E}.exe"	{476D9A55-CEC1-46fd-86E6-5DEF3A9EB3D0}.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{B9A5AA6F-84EE-48c6-9BD7-651A4B3AF061}\stubpath = "C:\\Windows\\{B9A5AA6F-84EE-48c6-9BD7-651A4B3AF061}.exe"	{A6722B9C-E39C-44bf-AA20-387ACB17DE2C}.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{959DE87C-ADB1-408d-A76A-B94415F96EA3}\stubpath = "C:\\Windows\\{959DE87C-ADB1-408d-A76A-B94415F96EA3}.exe"	{AB8A8841-D03B-4e30-AD8A-6ADACFC7C4DF}.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{D82E759D-2CB9-445f-A45A-A43A53728068}\stubpath = "C:\\Windows\\{D82E759D-2CB9-445f-A45A-A43A53728068}.exe"	{A30E4369-FBA5-4329-BDA2-5205DD9A56A0}.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{3C4133BB-AD5F-4072-962A-B9C6C62D46CD}\stubpath = "C:\\Windows\\{3C4133BB-AD5F-4072-962A-B9C6C62D46CD}.exe"	{CF5C5B94-6290-459d-893E-5143D5718ADA}.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5F05B382-C267-4a62-B166-933E663C1741}	{3561D533-7893-4184-ABF9-9F1D139185DD}.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{9BE1C449-6544-408f-8B6E-6317388406F2}\stubpath = "C:\\Windows\\{9BE1C449-6544-408f-8B6E-6317388406F2}.exe"	{01CBC9BD-64E7-4604-B769-039E278BD93F}.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{DE83BBF7-D6A6-4a85-B378-AC648CD57B0E}\stubpath = "C:\\Windows\\{DE83BBF7-D6A6-4a85-B378-AC648CD57B0E}.exe"	{D5311A15-3F09-42b0-A014-90CEDF176D8B}.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{6CA67982-60ED-45ea-B193-B670F42FEC63}	{F55A580E-9DDB-425e-9367-17B31472AD72}.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{47F3B051-112E-42e3-B82B-BFCD40631850}	{6CA67982-60ED-45ea-B193-B670F42FEC63}.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{737C6727-4962-4007-8143-F970BB4ADCDD}\stubpath = "C:\\Windows\\{737C6727-4962-4007-8143-F970BB4ADCDD}.exe"	{DE83BBF7-D6A6-4a85-B378-AC648CD57B0E}.exe

Executes dropped EXE 64 IoCs

pid	Process
1424	{DF3916CA-9524-495c-92C0-28EF774EC1CB}.exe
3636	{75B8C948-0A7D-4364-8726-08CE364C99B9}.exe
1000	{513EEFE1-C9B8-4611-A61C-64A38814348C}.exe
368	{7A9B336D-2183-4406-B391-437BC7E17D67}.exe
4968	{237C8625-C7F6-4cea-A878-CFAD46A46447}.exe
1984	{99C24AA5-3F97-49e8-A47F-E14FDCC0E032}.exe
548	{B2E76142-471E-404a-BFE2-553C6A37A7D0}.exe
4600	{5543F531-65C6-4c69-9C10-8A739103E095}.exe
592	{439ADDF5-3153-4332-B3EC-5CEDB2BE56EF}.exe
688	{AB8A8841-D03B-4e30-AD8A-6ADACFC7C4DF}.exe
3680	{959DE87C-ADB1-408d-A76A-B94415F96EA3}.exe
3632	{0A8B2D1B-E5BD-4f96-929A-6AC01CB2FDF9}.exe
4960	{37805C89-366E-4f86-B630-9FA5D3D5603D}.exe
3404	{69A6DCFA-7E85-4695-994E-6C035CCDA1F6}.exe
4524	{2F7AC9A9-7AA0-4132-AF87-1401E3D10BBF}.exe
3228	{70C7EC87-AAA2-41f8-9CB1-3C396F8E0017}.exe
2504	{94182851-CAD0-4ac7-A23E-F0A5CAFE8A77}.exe
1120	{19B60F16-64BD-41db-8392-2708B94BEE97}.exe
4968	{630143E4-47E8-4d86-9A6A-345982EF544D}.exe
1104	{606D3A8D-EDF3-4927-942C-C3595E7E97B4}.exe
3604	{A83C2E07-4279-447f-ADD4-2DD8CC36D686}.exe
1584	{4264E937-895A-4d8c-B737-883D14044E25}.exe
2440	{5D491113-9898-47e3-AF2B-CEC1E70634A0}.exe
3596	{14C764DF-6268-4c96-A63C-74C5ED126149}.exe
3812	{09C11BC6-B250-483c-99D1-B2149096182D}.exe
2152	{8D6E1E72-155A-433a-9271-3FC806E134DF}.exe
2132	{15E94F3D-49DC-4aa3-AE56-1B1892ED59A6}.exe
516	{F2BAF08F-F96A-43e4-BD8A-9B15AFF66510}.exe
1808	{67F9BD7B-8666-49c8-A45C-70BEF2503590}.exe
1196	{0234127B-A3A3-49bb-A4C6-5BCC85DC5C90}.exe
1492	{9CF9B743-4A04-47b9-91FB-469C85AFD002}.exe
448	{A30E4369-FBA5-4329-BDA2-5205DD9A56A0}.exe
4468	{D82E759D-2CB9-445f-A45A-A43A53728068}.exe
4800	{1999EBE3-582D-4cd6-AAE9-C66C09D01974}.exe
60	{1B9AEBC0-7AE0-4b2f-BF2C-38DDC332D36C}.exe
3368	{614AD9CB-5527-4845-83FA-41F6D6CA90B8}.exe
4432	{D4B320E7-2DC0-4283-B903-574351E35D56}.exe
2064	{F2D4A0BA-F051-4122-AD91-68D430A5BD72}.exe
4412	{60B90B0A-D09F-4a53-A3C0-E43464B165A8}.exe
1748	{1071F5D0-36B8-4549-BDBE-6CDC603E827E}.exe
1688	{0611703F-E8AB-4e4c-BD68-70DBA26968B5}.exe
1544	{9308047A-BB91-4887-A82B-CFFBC2B1761F}.exe
840	{9BCEB2AB-F117-492b-AF1D-E0C0CC8E9709}.exe
3932	{9901F4A6-CE03-43b9-B6FC-F1B94B4A150D}.exe
3008	{C694EE32-1328-431c-A280-785ACF706FBF}.exe
2352	{6F9D0591-73A3-4204-B2C0-8DE474AB40A3}.exe
3260	{EBE7BB42-3D47-4312-85E5-472F28A4C46B}.exe
3772	{C199007B-0109-42d5-B613-08E603677B84}.exe
4316	{476D9A55-CEC1-46fd-86E6-5DEF3A9EB3D0}.exe
1924	{EEA91F35-AE46-4580-B820-C5A468872E5E}.exe
2132	{28CF50BA-889B-4356-A040-393F8044CDDE}.exe
4220	{AC8EB82B-408A-41b8-A0A5-1E0DE1168771}.exe
4328	{DAA7086D-4ADF-4e18-8768-F60480334A00}.exe
1576	{51044596-100C-4047-A94A-491D1B0EFFF1}.exe
2632	{D4C575B8-D9C5-413f-A0D9-A8A58D0CE5C7}.exe
1920	{1BE5E24C-E129-49bc-8BA6-E970F5FEEB3B}.exe
464	{DC610B8F-8123-49ae-9723-F97BCFF0A093}.exe
5032	{F2636712-029E-4e2b-986B-1EC9A3C9E860}.exe
2708	{193CD24C-BE53-4f62-80D6-D01E2A417ACA}.exe
4372	{CF5C5B94-6290-459d-893E-5143D5718ADA}.exe
392	{3C4133BB-AD5F-4072-962A-B9C6C62D46CD}.exe
920	{5D240771-72CE-40fa-BA1F-238C4C98C30E}.exe
3136	{6C0F95D7-FAC5-46f0-8A43-836C4F52FCEC}.exe
2356	{3561D533-7893-4184-ABF9-9F1D139185DD}.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\{15E94F3D-49DC-4aa3-AE56-1B1892ED59A6}.exe	{8D6E1E72-155A-433a-9271-3FC806E134DF}.exe
File created	C:\Windows\{9901F4A6-CE03-43b9-B6FC-F1B94B4A150D}.exe	{9BCEB2AB-F117-492b-AF1D-E0C0CC8E9709}.exe
File created	C:\Windows\{01CBC9BD-64E7-4604-B769-039E278BD93F}.exe	{048DEFA1-F254-4b62-BC97-1E38D21CAE39}.exe
File created	C:\Windows\{02D2C06E-B632-46d9-A40A-15BDAF3C6F62}.exe	{731E225D-A552-4d5a-9568-B2061013DE65}.exe
File created	C:\Windows\{5A495F7A-4466-4868-8B53-4D54BE7CEAE1}.exe	{1DD9C550-B543-4be1-A4FC-38859B61A32A}.exe
File created	C:\Windows\{513EEFE1-C9B8-4611-A61C-64A38814348C}.exe	{75B8C948-0A7D-4364-8726-08CE364C99B9}.exe
File created	C:\Windows\{D4B320E7-2DC0-4283-B903-574351E35D56}.exe	{614AD9CB-5527-4845-83FA-41F6D6CA90B8}.exe
File created	C:\Windows\{9308047A-BB91-4887-A82B-CFFBC2B1761F}.exe	{0611703F-E8AB-4e4c-BD68-70DBA26968B5}.exe
File created	C:\Windows\{AC8EB82B-408A-41b8-A0A5-1E0DE1168771}.exe	{28CF50BA-889B-4356-A040-393F8044CDDE}.exe
File created	C:\Windows\{6BCB9690-BB89-4d77-8763-A3EC7469C0AB}.exe	{2AAB03A4-EB42-453f-AF8E-9D6FEF771205}.exe
File created	C:\Windows\{5D491113-9898-47e3-AF2B-CEC1E70634A0}.exe	{4264E937-895A-4d8c-B737-883D14044E25}.exe
File created	C:\Windows\{B9A5AA6F-84EE-48c6-9BD7-651A4B3AF061}.exe	{A6722B9C-E39C-44bf-AA20-387ACB17DE2C}.exe
File created	C:\Windows\{08EB6A5D-0F6E-49b3-99E3-106EF192276D}.exe	{6BCB9690-BB89-4d77-8763-A3EC7469C0AB}.exe
File created	C:\Windows\{E349FAB7-CF46-480e-9ADF-84915D72F84B}.exe	{737C6727-4962-4007-8143-F970BB4ADCDD}.exe
File created	C:\Windows\{A6722B9C-E39C-44bf-AA20-387ACB17DE2C}.exe	{2EA591CC-1922-44e7-9047-35EF9881449E}.exe
File created	C:\Windows\{94CB4ECC-9723-45be-BF96-3EC4B6998D3A}.exe	{1D84CCD2-569E-492e-BFE5-854441AE7D55}.exe
File created	C:\Windows\{53E3F65C-59AA-4619-AC18-9FEB0089B6E4}.exe	{144EF226-81D8-4cdc-98DC-64F554016DA7}.exe
File created	C:\Windows\{DF3916CA-9524-495c-92C0-28EF774EC1CB}.exe	2024-02-21_9bf351853b70dc260a5baac08d6fbaeb_goldeneye.exe
File created	C:\Windows\{A83C2E07-4279-447f-ADD4-2DD8CC36D686}.exe	{606D3A8D-EDF3-4927-942C-C3595E7E97B4}.exe
File created	C:\Windows\{60B90B0A-D09F-4a53-A3C0-E43464B165A8}.exe	{F2D4A0BA-F051-4122-AD91-68D430A5BD72}.exe
File created	C:\Windows\{28CF50BA-889B-4356-A040-393F8044CDDE}.exe	{EEA91F35-AE46-4580-B820-C5A468872E5E}.exe
File created	C:\Windows\{1BE5E24C-E129-49bc-8BA6-E970F5FEEB3B}.exe	{D4C575B8-D9C5-413f-A0D9-A8A58D0CE5C7}.exe
File created	C:\Windows\{125CA564-FFA1-4524-B7AB-E86BA73A21A1}.exe	{D024CBB8-7AEC-45ba-9C76-C62420B0660A}.exe
File created	C:\Windows\{15B3CC06-E7A8-45de-8C99-DB550EC6DA1A}.exe	{64F984EB-DFAC-446f-A1E3-6A50846F7826}.exe
File created	C:\Windows\{0611703F-E8AB-4e4c-BD68-70DBA26968B5}.exe	{1071F5D0-36B8-4549-BDBE-6CDC603E827E}.exe
File created	C:\Windows\{476D9A55-CEC1-46fd-86E6-5DEF3A9EB3D0}.exe	{C199007B-0109-42d5-B613-08E603677B84}.exe
File created	C:\Windows\{5F05B382-C267-4a62-B166-933E663C1741}.exe	{3561D533-7893-4184-ABF9-9F1D139185DD}.exe
File created	C:\Windows\{048DEFA1-F254-4b62-BC97-1E38D21CAE39}.exe	{5F05B382-C267-4a62-B166-933E663C1741}.exe
File created	C:\Windows\{FEBA69D1-D79D-4840-AF03-7422DA19E4AB}.exe	{9BE1C449-6544-408f-8B6E-6317388406F2}.exe
File created	C:\Windows\{7A9B336D-2183-4406-B391-437BC7E17D67}.exe	{513EEFE1-C9B8-4611-A61C-64A38814348C}.exe
File created	C:\Windows\{2F7AC9A9-7AA0-4132-AF87-1401E3D10BBF}.exe	{69A6DCFA-7E85-4695-994E-6C035CCDA1F6}.exe
File created	C:\Windows\{AB8A8841-D03B-4e30-AD8A-6ADACFC7C4DF}.exe	{439ADDF5-3153-4332-B3EC-5CEDB2BE56EF}.exe
File created	C:\Windows\{69A6DCFA-7E85-4695-994E-6C035CCDA1F6}.exe	{37805C89-366E-4f86-B630-9FA5D3D5603D}.exe
File created	C:\Windows\{1999EBE3-582D-4cd6-AAE9-C66C09D01974}.exe	{D82E759D-2CB9-445f-A45A-A43A53728068}.exe
File created	C:\Windows\{CAD7BFE8-55A3-433b-AFB8-9DD39EF29274}.exe	{C4D9C35D-D2F3-4bcb-9593-13C77923E3F1}.exe
File created	C:\Windows\{89BDF0F6-22D8-4073-A2ED-348FB142F1AB}.exe	{E8CB97F1-E987-438e-8F59-9E463BF94E7E}.exe
File created	C:\Windows\{D75FF857-D7DC-4106-B547-E4921909B342}.exe	{04177901-5F31-48a9-907E-707A1A94D557}.exe
File created	C:\Windows\{EAB514E0-5517-437c-8163-B2A09EE7F38D}.exe	{89BDF0F6-22D8-4073-A2ED-348FB142F1AB}.exe
File created	C:\Windows\{606D3A8D-EDF3-4927-942C-C3595E7E97B4}.exe	{630143E4-47E8-4d86-9A6A-345982EF544D}.exe
File created	C:\Windows\{C694EE32-1328-431c-A280-785ACF706FBF}.exe	{9901F4A6-CE03-43b9-B6FC-F1B94B4A150D}.exe
File created	C:\Windows\{0A8B2D1B-E5BD-4f96-929A-6AC01CB2FDF9}.exe	{959DE87C-ADB1-408d-A76A-B94415F96EA3}.exe
File created	C:\Windows\{75B8C948-0A7D-4364-8726-08CE364C99B9}.exe	{DF3916CA-9524-495c-92C0-28EF774EC1CB}.exe
File created	C:\Windows\{2D42FC6C-1807-48ce-95E6-1169A0A36A8F}.exe	{BF97D121-F614-496d-A761-CA1B0BBE858A}.exe
File created	C:\Windows\{B7C1686F-DB7D-443d-8876-7CF2C2AE575B}.exe	{C1F40730-B92A-48c2-8086-378CA4998F94}.exe
File created	C:\Windows\{3561D533-7893-4184-ABF9-9F1D139185DD}.exe	{6C0F95D7-FAC5-46f0-8A43-836C4F52FCEC}.exe
File created	C:\Windows\{6CA67982-60ED-45ea-B193-B670F42FEC63}.exe	{F55A580E-9DDB-425e-9367-17B31472AD72}.exe
File created	C:\Windows\{C4D9C35D-D2F3-4bcb-9593-13C77923E3F1}.exe	{6B773698-C6BA-4d8a-95C6-87D6D4DDD131}.exe
File created	C:\Windows\{9BCEB2AB-F117-492b-AF1D-E0C0CC8E9709}.exe	{9308047A-BB91-4887-A82B-CFFBC2B1761F}.exe
File created	C:\Windows\{7FB6B5CC-D7AC-4bc5-879D-B9040509B4B4}.exe	{8C583FB5-AB2C-483b-899F-4AF133EB2698}.exe
File created	C:\Windows\{47F3B051-112E-42e3-B82B-BFCD40631850}.exe	{6CA67982-60ED-45ea-B193-B670F42FEC63}.exe
File created	C:\Windows\{731E225D-A552-4d5a-9568-B2061013DE65}.exe	{94CB4ECC-9723-45be-BF96-3EC4B6998D3A}.exe
File created	C:\Windows\{FF57100F-EB19-4775-9662-FDDF79F2E8CC}.exe	{2120F130-7ADB-4dfc-A946-DB18F5398894}.exe
File created	C:\Windows\{6F9D0591-73A3-4204-B2C0-8DE474AB40A3}.exe	{C694EE32-1328-431c-A280-785ACF706FBF}.exe
File created	C:\Windows\{2EA591CC-1922-44e7-9047-35EF9881449E}.exe	{A010B4F6-528D-49a5-A0B7-4CFF42FC7CED}.exe
File created	C:\Windows\{EBE7BB42-3D47-4312-85E5-472F28A4C46B}.exe	{6F9D0591-73A3-4204-B2C0-8DE474AB40A3}.exe
File created	C:\Windows\{85100AF0-EFC7-4ad8-98EA-7BCD1C48F957}.exe	{67FA5347-58B9-4d88-8FAD-B37829A629DA}.exe
File created	C:\Windows\{2DE4009E-4390-432f-9F11-55E38CF7ABF9}.exe	{47F3B051-112E-42e3-B82B-BFCD40631850}.exe
File created	C:\Windows\{75FB6AE7-6B3C-4c10-B3FC-BBC0B64ADD3F}.exe	{E7B06599-4262-4205-9607-6F8E1CAE72B3}.exe
File created	C:\Windows\{DE83BBF7-D6A6-4a85-B378-AC648CD57B0E}.exe	{D5311A15-3F09-42b0-A014-90CEDF176D8B}.exe
File created	C:\Windows\{69FB88E5-686D-496e-8E70-4E655AB52EFA}.exe	{71E38D6F-7593-4c14-9E91-D2E7412BD345}.exe
File created	C:\Windows\{1DD9C550-B543-4be1-A4FC-38859B61A32A}.exe	{F1121953-E275-4a42-A03B-5553BEDD1DB1}.exe
File created	C:\Windows\{D4C575B8-D9C5-413f-A0D9-A8A58D0CE5C7}.exe	{51044596-100C-4047-A94A-491D1B0EFFF1}.exe
File created	C:\Windows\{6C0F95D7-FAC5-46f0-8A43-836C4F52FCEC}.exe	{5D240771-72CE-40fa-BA1F-238C4C98C30E}.exe
File created	C:\Windows\{B1B19C61-6747-4702-9CEB-5FBFA63A6D22}.exe	{7FB6B5CC-D7AC-4bc5-879D-B9040509B4B4}.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeIncBasePriorityPrivilege	4220	2024-02-21_9bf351853b70dc260a5baac08d6fbaeb_goldeneye.exe
Token: SeIncBasePriorityPrivilege	1424	{DF3916CA-9524-495c-92C0-28EF774EC1CB}.exe
Token: SeIncBasePriorityPrivilege	3636	{75B8C948-0A7D-4364-8726-08CE364C99B9}.exe
Token: SeIncBasePriorityPrivilege	1000	{513EEFE1-C9B8-4611-A61C-64A38814348C}.exe
Token: SeIncBasePriorityPrivilege	368	{7A9B336D-2183-4406-B391-437BC7E17D67}.exe
Token: SeIncBasePriorityPrivilege	4968	{237C8625-C7F6-4cea-A878-CFAD46A46447}.exe
Token: SeIncBasePriorityPrivilege	1984	{99C24AA5-3F97-49e8-A47F-E14FDCC0E032}.exe
Token: SeIncBasePriorityPrivilege	548	{B2E76142-471E-404a-BFE2-553C6A37A7D0}.exe
Token: SeIncBasePriorityPrivilege	4600	{5543F531-65C6-4c69-9C10-8A739103E095}.exe
Token: SeIncBasePriorityPrivilege	592	{439ADDF5-3153-4332-B3EC-5CEDB2BE56EF}.exe
Token: SeIncBasePriorityPrivilege	688	{AB8A8841-D03B-4e30-AD8A-6ADACFC7C4DF}.exe
Token: SeIncBasePriorityPrivilege	3680	{959DE87C-ADB1-408d-A76A-B94415F96EA3}.exe
Token: SeIncBasePriorityPrivilege	3632	{0A8B2D1B-E5BD-4f96-929A-6AC01CB2FDF9}.exe
Token: SeIncBasePriorityPrivilege	4960	{37805C89-366E-4f86-B630-9FA5D3D5603D}.exe
Token: SeIncBasePriorityPrivilege	3404	{69A6DCFA-7E85-4695-994E-6C035CCDA1F6}.exe
Token: SeIncBasePriorityPrivilege	4524	{2F7AC9A9-7AA0-4132-AF87-1401E3D10BBF}.exe
Token: SeIncBasePriorityPrivilege	3228	{70C7EC87-AAA2-41f8-9CB1-3C396F8E0017}.exe
Token: SeIncBasePriorityPrivilege	2504	{94182851-CAD0-4ac7-A23E-F0A5CAFE8A77}.exe
Token: SeIncBasePriorityPrivilege	1120	{19B60F16-64BD-41db-8392-2708B94BEE97}.exe
Token: SeIncBasePriorityPrivilege	4968	{630143E4-47E8-4d86-9A6A-345982EF544D}.exe
Token: SeIncBasePriorityPrivilege	1104	{606D3A8D-EDF3-4927-942C-C3595E7E97B4}.exe
Token: SeIncBasePriorityPrivilege	3604	{A83C2E07-4279-447f-ADD4-2DD8CC36D686}.exe
Token: SeIncBasePriorityPrivilege	1584	{4264E937-895A-4d8c-B737-883D14044E25}.exe
Token: SeIncBasePriorityPrivilege	2440	{5D491113-9898-47e3-AF2B-CEC1E70634A0}.exe
Token: SeIncBasePriorityPrivilege	3596	{14C764DF-6268-4c96-A63C-74C5ED126149}.exe
Token: SeIncBasePriorityPrivilege	3812	{09C11BC6-B250-483c-99D1-B2149096182D}.exe
Token: SeIncBasePriorityPrivilege	2152	{8D6E1E72-155A-433a-9271-3FC806E134DF}.exe
Token: SeIncBasePriorityPrivilege	2132	{15E94F3D-49DC-4aa3-AE56-1B1892ED59A6}.exe
Token: SeIncBasePriorityPrivilege	516	{F2BAF08F-F96A-43e4-BD8A-9B15AFF66510}.exe
Token: SeIncBasePriorityPrivilege	1808	{67F9BD7B-8666-49c8-A45C-70BEF2503590}.exe
Token: SeIncBasePriorityPrivilege	1196	{0234127B-A3A3-49bb-A4C6-5BCC85DC5C90}.exe
Token: SeIncBasePriorityPrivilege	1492	{9CF9B743-4A04-47b9-91FB-469C85AFD002}.exe
Token: SeIncBasePriorityPrivilege	448	{A30E4369-FBA5-4329-BDA2-5205DD9A56A0}.exe
Token: SeIncBasePriorityPrivilege	4468	{D82E759D-2CB9-445f-A45A-A43A53728068}.exe
Token: SeIncBasePriorityPrivilege	4800	{1999EBE3-582D-4cd6-AAE9-C66C09D01974}.exe
Token: SeIncBasePriorityPrivilege	60	{1B9AEBC0-7AE0-4b2f-BF2C-38DDC332D36C}.exe
Token: SeIncBasePriorityPrivilege	3368	{614AD9CB-5527-4845-83FA-41F6D6CA90B8}.exe
Token: SeIncBasePriorityPrivilege	4432	{D4B320E7-2DC0-4283-B903-574351E35D56}.exe
Token: SeIncBasePriorityPrivilege	2064	{F2D4A0BA-F051-4122-AD91-68D430A5BD72}.exe
Token: SeIncBasePriorityPrivilege	4412	{60B90B0A-D09F-4a53-A3C0-E43464B165A8}.exe
Token: SeIncBasePriorityPrivilege	1748	{1071F5D0-36B8-4549-BDBE-6CDC603E827E}.exe
Token: SeIncBasePriorityPrivilege	1688	{0611703F-E8AB-4e4c-BD68-70DBA26968B5}.exe
Token: SeIncBasePriorityPrivilege	1544	{9308047A-BB91-4887-A82B-CFFBC2B1761F}.exe
Token: SeIncBasePriorityPrivilege	840	{9BCEB2AB-F117-492b-AF1D-E0C0CC8E9709}.exe
Token: SeIncBasePriorityPrivilege	3932	{9901F4A6-CE03-43b9-B6FC-F1B94B4A150D}.exe
Token: SeIncBasePriorityPrivilege	3008	{C694EE32-1328-431c-A280-785ACF706FBF}.exe
Token: SeIncBasePriorityPrivilege	2352	{6F9D0591-73A3-4204-B2C0-8DE474AB40A3}.exe
Token: SeIncBasePriorityPrivilege	3260	{EBE7BB42-3D47-4312-85E5-472F28A4C46B}.exe
Token: SeIncBasePriorityPrivilege	3772	{C199007B-0109-42d5-B613-08E603677B84}.exe
Token: SeIncBasePriorityPrivilege	4316	{476D9A55-CEC1-46fd-86E6-5DEF3A9EB3D0}.exe
Token: SeIncBasePriorityPrivilege	1924	{EEA91F35-AE46-4580-B820-C5A468872E5E}.exe
Token: SeIncBasePriorityPrivilege	2132	{28CF50BA-889B-4356-A040-393F8044CDDE}.exe
Token: SeIncBasePriorityPrivilege	4220	{AC8EB82B-408A-41b8-A0A5-1E0DE1168771}.exe
Token: SeIncBasePriorityPrivilege	4328	{DAA7086D-4ADF-4e18-8768-F60480334A00}.exe
Token: SeIncBasePriorityPrivilege	1576	{51044596-100C-4047-A94A-491D1B0EFFF1}.exe
Token: SeIncBasePriorityPrivilege	2632	{D4C575B8-D9C5-413f-A0D9-A8A58D0CE5C7}.exe
Token: SeIncBasePriorityPrivilege	1920	{1BE5E24C-E129-49bc-8BA6-E970F5FEEB3B}.exe
Token: SeIncBasePriorityPrivilege	464	{DC610B8F-8123-49ae-9723-F97BCFF0A093}.exe
Token: SeIncBasePriorityPrivilege	5032	{F2636712-029E-4e2b-986B-1EC9A3C9E860}.exe
Token: SeIncBasePriorityPrivilege	2708	{193CD24C-BE53-4f62-80D6-D01E2A417ACA}.exe
Token: SeIncBasePriorityPrivilege	4372	{CF5C5B94-6290-459d-893E-5143D5718ADA}.exe
Token: SeIncBasePriorityPrivilege	392	{3C4133BB-AD5F-4072-962A-B9C6C62D46CD}.exe
Token: SeIncBasePriorityPrivilege	920	{5D240771-72CE-40fa-BA1F-238C4C98C30E}.exe
Token: SeIncBasePriorityPrivilege	3136	{6C0F95D7-FAC5-46f0-8A43-836C4F52FCEC}.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4220 wrote to memory of 1424	4220	2024-02-21_9bf351853b70dc260a5baac08d6fbaeb_goldeneye.exe	92
PID 4220 wrote to memory of 1424	4220	2024-02-21_9bf351853b70dc260a5baac08d6fbaeb_goldeneye.exe	92
PID 4220 wrote to memory of 1424	4220	2024-02-21_9bf351853b70dc260a5baac08d6fbaeb_goldeneye.exe	92
PID 4220 wrote to memory of 808	4220	2024-02-21_9bf351853b70dc260a5baac08d6fbaeb_goldeneye.exe	93
PID 4220 wrote to memory of 808	4220	2024-02-21_9bf351853b70dc260a5baac08d6fbaeb_goldeneye.exe	93
PID 4220 wrote to memory of 808	4220	2024-02-21_9bf351853b70dc260a5baac08d6fbaeb_goldeneye.exe	93
PID 1424 wrote to memory of 3636	1424	{DF3916CA-9524-495c-92C0-28EF774EC1CB}.exe	94
PID 1424 wrote to memory of 3636	1424	{DF3916CA-9524-495c-92C0-28EF774EC1CB}.exe	94
PID 1424 wrote to memory of 3636	1424	{DF3916CA-9524-495c-92C0-28EF774EC1CB}.exe	94
PID 1424 wrote to memory of 5000	1424	{DF3916CA-9524-495c-92C0-28EF774EC1CB}.exe	95
PID 1424 wrote to memory of 5000	1424	{DF3916CA-9524-495c-92C0-28EF774EC1CB}.exe	95
PID 1424 wrote to memory of 5000	1424	{DF3916CA-9524-495c-92C0-28EF774EC1CB}.exe	95
PID 3636 wrote to memory of 1000	3636	{75B8C948-0A7D-4364-8726-08CE364C99B9}.exe	97
PID 3636 wrote to memory of 1000	3636	{75B8C948-0A7D-4364-8726-08CE364C99B9}.exe	97
PID 3636 wrote to memory of 1000	3636	{75B8C948-0A7D-4364-8726-08CE364C99B9}.exe	97
PID 3636 wrote to memory of 4252	3636	{75B8C948-0A7D-4364-8726-08CE364C99B9}.exe	98
PID 3636 wrote to memory of 4252	3636	{75B8C948-0A7D-4364-8726-08CE364C99B9}.exe	98
PID 3636 wrote to memory of 4252	3636	{75B8C948-0A7D-4364-8726-08CE364C99B9}.exe	98
PID 1000 wrote to memory of 368	1000	{513EEFE1-C9B8-4611-A61C-64A38814348C}.exe	99
PID 1000 wrote to memory of 368	1000	{513EEFE1-C9B8-4611-A61C-64A38814348C}.exe	99
PID 1000 wrote to memory of 368	1000	{513EEFE1-C9B8-4611-A61C-64A38814348C}.exe	99
PID 1000 wrote to memory of 904	1000	{513EEFE1-C9B8-4611-A61C-64A38814348C}.exe	100
PID 1000 wrote to memory of 904	1000	{513EEFE1-C9B8-4611-A61C-64A38814348C}.exe	100
PID 1000 wrote to memory of 904	1000	{513EEFE1-C9B8-4611-A61C-64A38814348C}.exe	100
PID 368 wrote to memory of 4968	368	{7A9B336D-2183-4406-B391-437BC7E17D67}.exe	101
PID 368 wrote to memory of 4968	368	{7A9B336D-2183-4406-B391-437BC7E17D67}.exe	101
PID 368 wrote to memory of 4968	368	{7A9B336D-2183-4406-B391-437BC7E17D67}.exe	101
PID 368 wrote to memory of 4972	368	{7A9B336D-2183-4406-B391-437BC7E17D67}.exe	102
PID 368 wrote to memory of 4972	368	{7A9B336D-2183-4406-B391-437BC7E17D67}.exe	102
PID 368 wrote to memory of 4972	368	{7A9B336D-2183-4406-B391-437BC7E17D67}.exe	102
PID 4968 wrote to memory of 1984	4968	{237C8625-C7F6-4cea-A878-CFAD46A46447}.exe	103
PID 4968 wrote to memory of 1984	4968	{237C8625-C7F6-4cea-A878-CFAD46A46447}.exe	103
PID 4968 wrote to memory of 1984	4968	{237C8625-C7F6-4cea-A878-CFAD46A46447}.exe	103
PID 4968 wrote to memory of 624	4968	{237C8625-C7F6-4cea-A878-CFAD46A46447}.exe	104
PID 4968 wrote to memory of 624	4968	{237C8625-C7F6-4cea-A878-CFAD46A46447}.exe	104
PID 4968 wrote to memory of 624	4968	{237C8625-C7F6-4cea-A878-CFAD46A46447}.exe	104
PID 1984 wrote to memory of 548	1984	{99C24AA5-3F97-49e8-A47F-E14FDCC0E032}.exe	105
PID 1984 wrote to memory of 548	1984	{99C24AA5-3F97-49e8-A47F-E14FDCC0E032}.exe	105
PID 1984 wrote to memory of 548	1984	{99C24AA5-3F97-49e8-A47F-E14FDCC0E032}.exe	105
PID 1984 wrote to memory of 1204	1984	{99C24AA5-3F97-49e8-A47F-E14FDCC0E032}.exe	106
PID 1984 wrote to memory of 1204	1984	{99C24AA5-3F97-49e8-A47F-E14FDCC0E032}.exe	106
PID 1984 wrote to memory of 1204	1984	{99C24AA5-3F97-49e8-A47F-E14FDCC0E032}.exe	106
PID 548 wrote to memory of 4600	548	{B2E76142-471E-404a-BFE2-553C6A37A7D0}.exe	107
PID 548 wrote to memory of 4600	548	{B2E76142-471E-404a-BFE2-553C6A37A7D0}.exe	107
PID 548 wrote to memory of 4600	548	{B2E76142-471E-404a-BFE2-553C6A37A7D0}.exe	107
PID 548 wrote to memory of 728	548	{B2E76142-471E-404a-BFE2-553C6A37A7D0}.exe	108
PID 548 wrote to memory of 728	548	{B2E76142-471E-404a-BFE2-553C6A37A7D0}.exe	108
PID 548 wrote to memory of 728	548	{B2E76142-471E-404a-BFE2-553C6A37A7D0}.exe	108
PID 4600 wrote to memory of 592	4600	{5543F531-65C6-4c69-9C10-8A739103E095}.exe	109
PID 4600 wrote to memory of 592	4600	{5543F531-65C6-4c69-9C10-8A739103E095}.exe	109
PID 4600 wrote to memory of 592	4600	{5543F531-65C6-4c69-9C10-8A739103E095}.exe	109
PID 4600 wrote to memory of 2772	4600	{5543F531-65C6-4c69-9C10-8A739103E095}.exe	110
PID 4600 wrote to memory of 2772	4600	{5543F531-65C6-4c69-9C10-8A739103E095}.exe	110
PID 4600 wrote to memory of 2772	4600	{5543F531-65C6-4c69-9C10-8A739103E095}.exe	110
PID 592 wrote to memory of 688	592	{439ADDF5-3153-4332-B3EC-5CEDB2BE56EF}.exe	111
PID 592 wrote to memory of 688	592	{439ADDF5-3153-4332-B3EC-5CEDB2BE56EF}.exe	111
PID 592 wrote to memory of 688	592	{439ADDF5-3153-4332-B3EC-5CEDB2BE56EF}.exe	111
PID 592 wrote to memory of 3768	592	{439ADDF5-3153-4332-B3EC-5CEDB2BE56EF}.exe	112
PID 592 wrote to memory of 3768	592	{439ADDF5-3153-4332-B3EC-5CEDB2BE56EF}.exe	112
PID 592 wrote to memory of 3768	592	{439ADDF5-3153-4332-B3EC-5CEDB2BE56EF}.exe	112
PID 688 wrote to memory of 3680	688	{AB8A8841-D03B-4e30-AD8A-6ADACFC7C4DF}.exe	113
PID 688 wrote to memory of 3680	688	{AB8A8841-D03B-4e30-AD8A-6ADACFC7C4DF}.exe	113
PID 688 wrote to memory of 3680	688	{AB8A8841-D03B-4e30-AD8A-6ADACFC7C4DF}.exe	113
PID 688 wrote to memory of 516	688	{AB8A8841-D03B-4e30-AD8A-6ADACFC7C4DF}.exe	114

C:\Users\Admin\AppData\Local\Temp\2024-02-21_9bf351853b70dc260a5baac08d6fbaeb_goldeneye.exe
"C:\Users\Admin\AppData\Local\Temp\2024-02-21_9bf351853b70dc260a5baac08d6fbaeb_goldeneye.exe"
1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4220
- C:\Windows\{DF3916CA-9524-495c-92C0-28EF774EC1CB}.exe
  C:\Windows\{DF3916CA-9524-495c-92C0-28EF774EC1CB}.exe
  2⤵
  - Executes dropped EXE
  - Drops file in Windows directory
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:1424
- - C:\Windows\{75B8C948-0A7D-4364-8726-08CE364C99B9}.exe
    C:\Windows\{75B8C948-0A7D-4364-8726-08CE364C99B9}.exe
    3⤵
    - Modifies Installed Components in the registry
    - Executes dropped EXE
    - Drops file in Windows directory
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:3636
  - - C:\Windows\{513EEFE1-C9B8-4611-A61C-64A38814348C}.exe
      C:\Windows\{513EEFE1-C9B8-4611-A61C-64A38814348C}.exe
      4⤵
      Modifies Installed Components in the registry
      Executes dropped EXE
      Drops file in Windows directory
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of WriteProcessMemory
      PID:1000
    - - C:\Windows\{7A9B336D-2183-4406-B391-437BC7E17D67}.exe
        
        C:\Windows\{7A9B336D-2183-4406-B391-437BC7E17D67}.exe
        5⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:368
      - C:\Windows\{237C8625-C7F6-4cea-A878-CFAD46A46447}.exe
        
        C:\Windows\{237C8625-C7F6-4cea-A878-CFAD46A46447}.exe
        6⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:4968
        
        C:\Windows\{99C24AA5-3F97-49e8-A47F-E14FDCC0E032}.exe
        
        C:\Windows\{99C24AA5-3F97-49e8-A47F-E14FDCC0E032}.exe
        7⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:1984
        
        C:\Windows\{B2E76142-471E-404a-BFE2-553C6A37A7D0}.exe
        
        C:\Windows\{B2E76142-471E-404a-BFE2-553C6A37A7D0}.exe
        8⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:548
        
        C:\Windows\{5543F531-65C6-4c69-9C10-8A739103E095}.exe
        
        C:\Windows\{5543F531-65C6-4c69-9C10-8A739103E095}.exe
        9⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:4600
        
        C:\Windows\{439ADDF5-3153-4332-B3EC-5CEDB2BE56EF}.exe
        
        C:\Windows\{439ADDF5-3153-4332-B3EC-5CEDB2BE56EF}.exe
        10⤵
        Executes dropped EXE
        Drops file in Windows directory
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:592
        
        C:\Windows\{AB8A8841-D03B-4e30-AD8A-6ADACFC7C4DF}.exe
        
        C:\Windows\{AB8A8841-D03B-4e30-AD8A-6ADACFC7C4DF}.exe
        11⤵
        Modifies Installed Components in the registry
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:688
        
        C:\Windows\{959DE87C-ADB1-408d-A76A-B94415F96EA3}.exe
        
        C:\Windows\{959DE87C-ADB1-408d-A76A-B94415F96EA3}.exe
        12⤵
        Executes dropped EXE
        Drops file in Windows directory
        Suspicious use of AdjustPrivilegeToken
        
        PID:3680
        
        C:\Windows\{0A8B2D1B-E5BD-4f96-929A-6AC01CB2FDF9}.exe
        
        C:\Windows\{0A8B2D1B-E5BD-4f96-929A-6AC01CB2FDF9}.exe
        13⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:3632
        
        C:\Windows\{37805C89-366E-4f86-B630-9FA5D3D5603D}.exe
        
        C:\Windows\{37805C89-366E-4f86-B630-9FA5D3D5603D}.exe
        14⤵
        Executes dropped EXE
        Drops file in Windows directory
        Suspicious use of AdjustPrivilegeToken
        
        PID:4960
        
        C:\Windows\{69A6DCFA-7E85-4695-994E-6C035CCDA1F6}.exe
        
        C:\Windows\{69A6DCFA-7E85-4695-994E-6C035CCDA1F6}.exe
        15⤵
        Executes dropped EXE
        Drops file in Windows directory
        Suspicious use of AdjustPrivilegeToken
        
        PID:3404
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\{69A6D~1.EXE > nul
        16⤵
        
        PID:5116
        
        C:\Windows\{2F7AC9A9-7AA0-4132-AF87-1401E3D10BBF}.exe
        
        C:\Windows\{2F7AC9A9-7AA0-4132-AF87-1401E3D10BBF}.exe
        16⤵
        Modifies Installed Components in the registry
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:4524
        
        C:\Windows\{70C7EC87-AAA2-41f8-9CB1-3C396F8E0017}.exe
        
        C:\Windows\{70C7EC87-AAA2-41f8-9CB1-3C396F8E0017}.exe
        17⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:3228
        
        C:\Windows\{94182851-CAD0-4ac7-A23E-F0A5CAFE8A77}.exe
        
        C:\Windows\{94182851-CAD0-4ac7-A23E-F0A5CAFE8A77}.exe
        18⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:2504
        
        C:\Windows\{19B60F16-64BD-41db-8392-2708B94BEE97}.exe
        
        C:\Windows\{19B60F16-64BD-41db-8392-2708B94BEE97}.exe
        19⤵
        Modifies Installed Components in the registry
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:1120
        
        C:\Windows\{630143E4-47E8-4d86-9A6A-345982EF544D}.exe
        
        C:\Windows\{630143E4-47E8-4d86-9A6A-345982EF544D}.exe
        20⤵
        Executes dropped EXE
        Drops file in Windows directory
        Suspicious use of AdjustPrivilegeToken
        
        PID:4968
        
        C:\Windows\{606D3A8D-EDF3-4927-942C-C3595E7E97B4}.exe
        
        C:\Windows\{606D3A8D-EDF3-4927-942C-C3595E7E97B4}.exe
        21⤵
        Modifies Installed Components in the registry
        Executes dropped EXE
        Drops file in Windows directory
        Suspicious use of AdjustPrivilegeToken
        
        PID:1104
        
        C:\Windows\{A83C2E07-4279-447f-ADD4-2DD8CC36D686}.exe
        
        C:\Windows\{A83C2E07-4279-447f-ADD4-2DD8CC36D686}.exe
        22⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:3604
        
        C:\Windows\{4264E937-895A-4d8c-B737-883D14044E25}.exe
        
        C:\Windows\{4264E937-895A-4d8c-B737-883D14044E25}.exe
        23⤵
        Modifies Installed Components in the registry
        Executes dropped EXE
        Drops file in Windows directory
        Suspicious use of AdjustPrivilegeToken
        
        PID:1584
        
        C:\Windows\{5D491113-9898-47e3-AF2B-CEC1E70634A0}.exe
        
        C:\Windows\{5D491113-9898-47e3-AF2B-CEC1E70634A0}.exe
        24⤵
        Modifies Installed Components in the registry
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:2440
        
        C:\Windows\{14C764DF-6268-4c96-A63C-74C5ED126149}.exe
        
        C:\Windows\{14C764DF-6268-4c96-A63C-74C5ED126149}.exe
        25⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:3596
        
        C:\Windows\{09C11BC6-B250-483c-99D1-B2149096182D}.exe
        
        C:\Windows\{09C11BC6-B250-483c-99D1-B2149096182D}.exe
        26⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:3812
        
        C:\Windows\{8D6E1E72-155A-433a-9271-3FC806E134DF}.exe
        
        C:\Windows\{8D6E1E72-155A-433a-9271-3FC806E134DF}.exe
        27⤵
        Executes dropped EXE
        Drops file in Windows directory
        Suspicious use of AdjustPrivilegeToken
        
        PID:2152
        
        C:\Windows\{15E94F3D-49DC-4aa3-AE56-1B1892ED59A6}.exe
        
        C:\Windows\{15E94F3D-49DC-4aa3-AE56-1B1892ED59A6}.exe
        28⤵
        Modifies Installed Components in the registry
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:2132
        
        C:\Windows\{F2BAF08F-F96A-43e4-BD8A-9B15AFF66510}.exe
        
        C:\Windows\{F2BAF08F-F96A-43e4-BD8A-9B15AFF66510}.exe
        29⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:516
        
        C:\Windows\{67F9BD7B-8666-49c8-A45C-70BEF2503590}.exe
        
        C:\Windows\{67F9BD7B-8666-49c8-A45C-70BEF2503590}.exe
        30⤵
        Modifies Installed Components in the registry
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:1808
        
        C:\Windows\{0234127B-A3A3-49bb-A4C6-5BCC85DC5C90}.exe
        
        C:\Windows\{0234127B-A3A3-49bb-A4C6-5BCC85DC5C90}.exe
        31⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:1196
        
        C:\Windows\{9CF9B743-4A04-47b9-91FB-469C85AFD002}.exe
        
        C:\Windows\{9CF9B743-4A04-47b9-91FB-469C85AFD002}.exe
        32⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:1492
        
        C:\Windows\{A30E4369-FBA5-4329-BDA2-5205DD9A56A0}.exe
        
        C:\Windows\{A30E4369-FBA5-4329-BDA2-5205DD9A56A0}.exe
        33⤵
        Modifies Installed Components in the registry
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:448
        
        C:\Windows\{D82E759D-2CB9-445f-A45A-A43A53728068}.exe
        
        C:\Windows\{D82E759D-2CB9-445f-A45A-A43A53728068}.exe
        34⤵
        Executes dropped EXE
        Drops file in Windows directory
        Suspicious use of AdjustPrivilegeToken
        
        PID:4468
        
        C:\Windows\{1999EBE3-582D-4cd6-AAE9-C66C09D01974}.exe
        
        C:\Windows\{1999EBE3-582D-4cd6-AAE9-C66C09D01974}.exe
        35⤵
        Modifies Installed Components in the registry
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:4800
        
        C:\Windows\{1B9AEBC0-7AE0-4b2f-BF2C-38DDC332D36C}.exe
        
        C:\Windows\{1B9AEBC0-7AE0-4b2f-BF2C-38DDC332D36C}.exe
        36⤵
        Modifies Installed Components in the registry
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:60
        
        C:\Windows\{614AD9CB-5527-4845-83FA-41F6D6CA90B8}.exe
        
        C:\Windows\{614AD9CB-5527-4845-83FA-41F6D6CA90B8}.exe
        37⤵
        Executes dropped EXE
        Drops file in Windows directory
        Suspicious use of AdjustPrivilegeToken
        
        PID:3368
        
        C:\Windows\{D4B320E7-2DC0-4283-B903-574351E35D56}.exe
        
        C:\Windows\{D4B320E7-2DC0-4283-B903-574351E35D56}.exe
        38⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:4432
        
        C:\Windows\{F2D4A0BA-F051-4122-AD91-68D430A5BD72}.exe
        
        C:\Windows\{F2D4A0BA-F051-4122-AD91-68D430A5BD72}.exe
        39⤵
        Executes dropped EXE
        Drops file in Windows directory
        Suspicious use of AdjustPrivilegeToken
        
        PID:2064
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\{F2D4A~1.EXE > nul
        40⤵
        
        PID:4064
        
        C:\Windows\{60B90B0A-D09F-4a53-A3C0-E43464B165A8}.exe
        
        C:\Windows\{60B90B0A-D09F-4a53-A3C0-E43464B165A8}.exe
        40⤵
        Modifies Installed Components in the registry
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:4412
        
        C:\Windows\{1071F5D0-36B8-4549-BDBE-6CDC603E827E}.exe
        
        C:\Windows\{1071F5D0-36B8-4549-BDBE-6CDC603E827E}.exe
        41⤵
        Executes dropped EXE
        Drops file in Windows directory
        Suspicious use of AdjustPrivilegeToken
        
        PID:1748
        
        C:\Windows\{0611703F-E8AB-4e4c-BD68-70DBA26968B5}.exe
        
        C:\Windows\{0611703F-E8AB-4e4c-BD68-70DBA26968B5}.exe
        42⤵
        Executes dropped EXE
        Drops file in Windows directory
        Suspicious use of AdjustPrivilegeToken
        
        PID:1688
        
        C:\Windows\{9308047A-BB91-4887-A82B-CFFBC2B1761F}.exe
        
        C:\Windows\{9308047A-BB91-4887-A82B-CFFBC2B1761F}.exe
        43⤵
        Executes dropped EXE
        Drops file in Windows directory
        Suspicious use of AdjustPrivilegeToken
        
        PID:1544
        
        C:\Windows\{9BCEB2AB-F117-492b-AF1D-E0C0CC8E9709}.exe
        
        C:\Windows\{9BCEB2AB-F117-492b-AF1D-E0C0CC8E9709}.exe
        44⤵
        Executes dropped EXE
        Drops file in Windows directory
        Suspicious use of AdjustPrivilegeToken
        
        PID:840
        
        C:\Windows\{9901F4A6-CE03-43b9-B6FC-F1B94B4A150D}.exe
        
        C:\Windows\{9901F4A6-CE03-43b9-B6FC-F1B94B4A150D}.exe
        45⤵
        Modifies Installed Components in the registry
        Executes dropped EXE
        Drops file in Windows directory
        Suspicious use of AdjustPrivilegeToken
        
        PID:3932
        
        C:\Windows\{C694EE32-1328-431c-A280-785ACF706FBF}.exe
        
        C:\Windows\{C694EE32-1328-431c-A280-785ACF706FBF}.exe
        46⤵
        Modifies Installed Components in the registry
        Executes dropped EXE
        Drops file in Windows directory
        Suspicious use of AdjustPrivilegeToken
        
        PID:3008
        
        C:\Windows\{6F9D0591-73A3-4204-B2C0-8DE474AB40A3}.exe
        
        C:\Windows\{6F9D0591-73A3-4204-B2C0-8DE474AB40A3}.exe
        47⤵
        Executes dropped EXE
        Drops file in Windows directory
        Suspicious use of AdjustPrivilegeToken
        
        PID:2352
        
        C:\Windows\{EBE7BB42-3D47-4312-85E5-472F28A4C46B}.exe
        
        C:\Windows\{EBE7BB42-3D47-4312-85E5-472F28A4C46B}.exe
        48⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:3260
        
        C:\Windows\{C199007B-0109-42d5-B613-08E603677B84}.exe
        
        C:\Windows\{C199007B-0109-42d5-B613-08E603677B84}.exe
        49⤵
        Executes dropped EXE
        Drops file in Windows directory
        Suspicious use of AdjustPrivilegeToken
        
        PID:3772
        
        C:\Windows\{476D9A55-CEC1-46fd-86E6-5DEF3A9EB3D0}.exe
        
        C:\Windows\{476D9A55-CEC1-46fd-86E6-5DEF3A9EB3D0}.exe
        50⤵
        Modifies Installed Components in the registry
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:4316
        
        C:\Windows\{EEA91F35-AE46-4580-B820-C5A468872E5E}.exe
        
        C:\Windows\{EEA91F35-AE46-4580-B820-C5A468872E5E}.exe
        51⤵
        Executes dropped EXE
        Drops file in Windows directory
        Suspicious use of AdjustPrivilegeToken
        
        PID:1924
        
        C:\Windows\{28CF50BA-889B-4356-A040-393F8044CDDE}.exe
        
        C:\Windows\{28CF50BA-889B-4356-A040-393F8044CDDE}.exe
        52⤵
        Executes dropped EXE
        Drops file in Windows directory
        Suspicious use of AdjustPrivilegeToken
        
        PID:2132
        
        C:\Windows\{AC8EB82B-408A-41b8-A0A5-1E0DE1168771}.exe
        
        C:\Windows\{AC8EB82B-408A-41b8-A0A5-1E0DE1168771}.exe
        53⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:4220
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\{AC8EB~1.EXE > nul
        54⤵
        
        PID:2036
        
        C:\Windows\{DAA7086D-4ADF-4e18-8768-F60480334A00}.exe
        
        C:\Windows\{DAA7086D-4ADF-4e18-8768-F60480334A00}.exe
        54⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:4328
        
        C:\Windows\{51044596-100C-4047-A94A-491D1B0EFFF1}.exe
        
        C:\Windows\{51044596-100C-4047-A94A-491D1B0EFFF1}.exe
        55⤵
        Modifies Installed Components in the registry
        Executes dropped EXE
        Drops file in Windows directory
        Suspicious use of AdjustPrivilegeToken
        
        PID:1576
        
        C:\Windows\{D4C575B8-D9C5-413f-A0D9-A8A58D0CE5C7}.exe
        
        C:\Windows\{D4C575B8-D9C5-413f-A0D9-A8A58D0CE5C7}.exe
        56⤵
        Executes dropped EXE
        Drops file in Windows directory
        Suspicious use of AdjustPrivilegeToken
        
        PID:2632
        
        C:\Windows\{1BE5E24C-E129-49bc-8BA6-E970F5FEEB3B}.exe
        
        C:\Windows\{1BE5E24C-E129-49bc-8BA6-E970F5FEEB3B}.exe
        57⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:1920
        
        C:\Windows\{DC610B8F-8123-49ae-9723-F97BCFF0A093}.exe
        
        C:\Windows\{DC610B8F-8123-49ae-9723-F97BCFF0A093}.exe
        58⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:464
        
        C:\Windows\{F2636712-029E-4e2b-986B-1EC9A3C9E860}.exe
        
        C:\Windows\{F2636712-029E-4e2b-986B-1EC9A3C9E860}.exe
        59⤵
        Modifies Installed Components in the registry
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:5032
        
        C:\Windows\{193CD24C-BE53-4f62-80D6-D01E2A417ACA}.exe
        
        C:\Windows\{193CD24C-BE53-4f62-80D6-D01E2A417ACA}.exe
        60⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:2708
        
        C:\Windows\{CF5C5B94-6290-459d-893E-5143D5718ADA}.exe
        
        C:\Windows\{CF5C5B94-6290-459d-893E-5143D5718ADA}.exe
        61⤵
        Modifies Installed Components in the registry
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:4372
        
        C:\Windows\{3C4133BB-AD5F-4072-962A-B9C6C62D46CD}.exe
        
        C:\Windows\{3C4133BB-AD5F-4072-962A-B9C6C62D46CD}.exe
        62⤵
        Modifies Installed Components in the registry
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:392
        
        C:\Windows\{5D240771-72CE-40fa-BA1F-238C4C98C30E}.exe
        
        C:\Windows\{5D240771-72CE-40fa-BA1F-238C4C98C30E}.exe
        63⤵
        Executes dropped EXE
        Drops file in Windows directory
        Suspicious use of AdjustPrivilegeToken
        
        PID:920
        
        C:\Windows\{6C0F95D7-FAC5-46f0-8A43-836C4F52FCEC}.exe
        
        C:\Windows\{6C0F95D7-FAC5-46f0-8A43-836C4F52FCEC}.exe
        64⤵
        Modifies Installed Components in the registry
        Executes dropped EXE
        Drops file in Windows directory
        Suspicious use of AdjustPrivilegeToken
        
        PID:3136
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\{6C0F9~1.EXE > nul
        65⤵
        
        PID:5064
        
        C:\Windows\{3561D533-7893-4184-ABF9-9F1D139185DD}.exe
        
        C:\Windows\{3561D533-7893-4184-ABF9-9F1D139185DD}.exe
        65⤵
        Modifies Installed Components in the registry
        Executes dropped EXE
        Drops file in Windows directory
        
        PID:2356
        
        C:\Windows\{5F05B382-C267-4a62-B166-933E663C1741}.exe
        
        C:\Windows\{5F05B382-C267-4a62-B166-933E663C1741}.exe
        66⤵
        Modifies Installed Components in the registry
        Drops file in Windows directory
        
        PID:3964
        
        C:\Windows\{048DEFA1-F254-4b62-BC97-1E38D21CAE39}.exe
        
        C:\Windows\{048DEFA1-F254-4b62-BC97-1E38D21CAE39}.exe
        67⤵
        Modifies Installed Components in the registry
        Drops file in Windows directory
        
        PID:1048
        
        C:\Windows\{01CBC9BD-64E7-4604-B769-039E278BD93F}.exe
        
        C:\Windows\{01CBC9BD-64E7-4604-B769-039E278BD93F}.exe
        68⤵
        Modifies Installed Components in the registry
        
        PID:3228
        
        C:\Windows\{9BE1C449-6544-408f-8B6E-6317388406F2}.exe
        
        C:\Windows\{9BE1C449-6544-408f-8B6E-6317388406F2}.exe
        69⤵
        Modifies Installed Components in the registry
        Drops file in Windows directory
        
        PID:4224
        
        C:\Windows\{FEBA69D1-D79D-4840-AF03-7422DA19E4AB}.exe
        
        C:\Windows\{FEBA69D1-D79D-4840-AF03-7422DA19E4AB}.exe
        70⤵
        Modifies Installed Components in the registry
        
        PID:1548
        
        C:\Windows\{BF97D121-F614-496d-A761-CA1B0BBE858A}.exe
        
        C:\Windows\{BF97D121-F614-496d-A761-CA1B0BBE858A}.exe
        71⤵
        Modifies Installed Components in the registry
        Drops file in Windows directory
        
        PID:2772
        
        C:\Windows\{2D42FC6C-1807-48ce-95E6-1169A0A36A8F}.exe
        
        C:\Windows\{2D42FC6C-1807-48ce-95E6-1169A0A36A8F}.exe
        72⤵
        
        PID:5112
        
        C:\Windows\{67FA5347-58B9-4d88-8FAD-B37829A629DA}.exe
        
        C:\Windows\{67FA5347-58B9-4d88-8FAD-B37829A629DA}.exe
        73⤵
        Modifies Installed Components in the registry
        Drops file in Windows directory
        
        PID:4516
        
        C:\Windows\{85100AF0-EFC7-4ad8-98EA-7BCD1C48F957}.exe
        
        C:\Windows\{85100AF0-EFC7-4ad8-98EA-7BCD1C48F957}.exe
        74⤵
        Modifies Installed Components in the registry
        
        PID:3640
        
        C:\Windows\{5322F418-B608-4f56-94BC-2FC72A4B8351}.exe
        
        C:\Windows\{5322F418-B608-4f56-94BC-2FC72A4B8351}.exe
        75⤵
        Modifies Installed Components in the registry
        
        PID:864
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\{5322F~1.EXE > nul
        76⤵
        
        PID:4232
        
        C:\Windows\{F7588000-BBEB-4d83-B269-B3069FABE8A3}.exe
        
        C:\Windows\{F7588000-BBEB-4d83-B269-B3069FABE8A3}.exe
        76⤵
        Modifies Installed Components in the registry
        
        PID:2284
        
        C:\Windows\{A010B4F6-528D-49a5-A0B7-4CFF42FC7CED}.exe
        
        C:\Windows\{A010B4F6-528D-49a5-A0B7-4CFF42FC7CED}.exe
        77⤵
        Drops file in Windows directory
        
        PID:4864
        
        C:\Windows\{2EA591CC-1922-44e7-9047-35EF9881449E}.exe
        
        C:\Windows\{2EA591CC-1922-44e7-9047-35EF9881449E}.exe
        78⤵
        Drops file in Windows directory
        
        PID:536
        
        C:\Windows\{A6722B9C-E39C-44bf-AA20-387ACB17DE2C}.exe
        
        C:\Windows\{A6722B9C-E39C-44bf-AA20-387ACB17DE2C}.exe
        79⤵
        Modifies Installed Components in the registry
        Drops file in Windows directory
        
        PID:3224
        
        C:\Windows\{B9A5AA6F-84EE-48c6-9BD7-651A4B3AF061}.exe
        
        C:\Windows\{B9A5AA6F-84EE-48c6-9BD7-651A4B3AF061}.exe
        80⤵
        
        PID:1904
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\{B9A5A~1.EXE > nul
        81⤵
        
        PID:3836
        
        C:\Windows\{FE3DFFE4-1E30-488e-8CC1-C28402A6F684}.exe
        
        C:\Windows\{FE3DFFE4-1E30-488e-8CC1-C28402A6F684}.exe
        81⤵
        Modifies Installed Components in the registry
        
        PID:3452
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\{FE3DF~1.EXE > nul
        82⤵
        
        PID:1560
        
        C:\Windows\{6196EABD-E226-4f32-91BE-42FE8AF727E6}.exe
        
        C:\Windows\{6196EABD-E226-4f32-91BE-42FE8AF727E6}.exe
        82⤵
        Modifies Installed Components in the registry
        
        PID:3652
        
        C:\Windows\{AD3A5B6D-6D7A-4ee3-980D-4EC82546FBE5}.exe
        
        C:\Windows\{AD3A5B6D-6D7A-4ee3-980D-4EC82546FBE5}.exe
        83⤵
        
        PID:4564
        
        C:\Windows\{F80D0298-35EF-4f07-A119-E86ECAC19E2D}.exe
        
        C:\Windows\{F80D0298-35EF-4f07-A119-E86ECAC19E2D}.exe
        84⤵
        
        PID:1000
        
        C:\Windows\{8C583FB5-AB2C-483b-899F-4AF133EB2698}.exe
        
        C:\Windows\{8C583FB5-AB2C-483b-899F-4AF133EB2698}.exe
        85⤵
        Drops file in Windows directory
        
        PID:2408
        
        C:\Windows\{7FB6B5CC-D7AC-4bc5-879D-B9040509B4B4}.exe
        
        C:\Windows\{7FB6B5CC-D7AC-4bc5-879D-B9040509B4B4}.exe
        86⤵
        Modifies Installed Components in the registry
        Drops file in Windows directory
        
        PID:2536
        
        C:\Windows\{B1B19C61-6747-4702-9CEB-5FBFA63A6D22}.exe
        
        C:\Windows\{B1B19C61-6747-4702-9CEB-5FBFA63A6D22}.exe
        87⤵
        Modifies Installed Components in the registry
        
        PID:3516
        
        C:\Windows\{1A34657C-F2F2-46cd-B489-96CB5287E927}.exe
        
        C:\Windows\{1A34657C-F2F2-46cd-B489-96CB5287E927}.exe
        88⤵
        
        PID:456
        
        C:\Windows\{C4B6282E-C515-4b2c-B327-5CE67B26FCA0}.exe
        
        C:\Windows\{C4B6282E-C515-4b2c-B327-5CE67B26FCA0}.exe
        89⤵
        Modifies Installed Components in the registry
        
        PID:3332
        
        C:\Windows\{9072BC53-25BC-4ef3-874B-431E1C0665CA}.exe
        
        C:\Windows\{9072BC53-25BC-4ef3-874B-431E1C0665CA}.exe
        90⤵
        
        PID:1832
        
        C:\Windows\{419DD0D3-0589-4868-AA41-22464314BAF4}.exe
        
        C:\Windows\{419DD0D3-0589-4868-AA41-22464314BAF4}.exe
        91⤵
        
        PID:1532
        
        C:\Windows\{2AAB03A4-EB42-453f-AF8E-9D6FEF771205}.exe
        
        C:\Windows\{2AAB03A4-EB42-453f-AF8E-9D6FEF771205}.exe
        92⤵
        Drops file in Windows directory
        
        PID:4840
        
        C:\Windows\{6BCB9690-BB89-4d77-8763-A3EC7469C0AB}.exe
        
        C:\Windows\{6BCB9690-BB89-4d77-8763-A3EC7469C0AB}.exe
        93⤵
        Drops file in Windows directory
        
        PID:1160
        
        C:\Windows\{08EB6A5D-0F6E-49b3-99E3-106EF192276D}.exe
        
        C:\Windows\{08EB6A5D-0F6E-49b3-99E3-106EF192276D}.exe
        94⤵
        Modifies Installed Components in the registry
        
        PID:1280
        
        C:\Windows\{F55A580E-9DDB-425e-9367-17B31472AD72}.exe
        
        C:\Windows\{F55A580E-9DDB-425e-9367-17B31472AD72}.exe
        95⤵
        Modifies Installed Components in the registry
        Drops file in Windows directory
        
        PID:2684
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\{F55A5~1.EXE > nul
        96⤵
        
        PID:320
        
        C:\Windows\{6CA67982-60ED-45ea-B193-B670F42FEC63}.exe
        
        C:\Windows\{6CA67982-60ED-45ea-B193-B670F42FEC63}.exe
        96⤵
        Modifies Installed Components in the registry
        Drops file in Windows directory
        
        PID:3148
        
        C:\Windows\{47F3B051-112E-42e3-B82B-BFCD40631850}.exe
        
        C:\Windows\{47F3B051-112E-42e3-B82B-BFCD40631850}.exe
        97⤵
        Drops file in Windows directory
        
        PID:5076
        
        C:\Windows\{2DE4009E-4390-432f-9F11-55E38CF7ABF9}.exe
        
        C:\Windows\{2DE4009E-4390-432f-9F11-55E38CF7ABF9}.exe
        98⤵
        
        PID:3852
        
        C:\Windows\{A1A00A11-FAFD-4d5f-BEA5-A121D27DACFD}.exe
        
        C:\Windows\{A1A00A11-FAFD-4d5f-BEA5-A121D27DACFD}.exe
        99⤵
        
        PID:4120
        
        C:\Windows\{DD6C00A7-7556-497b-A1E0-E76951778B81}.exe
        
        C:\Windows\{DD6C00A7-7556-497b-A1E0-E76951778B81}.exe
        100⤵
        
        PID:1380
        
        C:\Windows\{D5311A15-3F09-42b0-A014-90CEDF176D8B}.exe
        
        C:\Windows\{D5311A15-3F09-42b0-A014-90CEDF176D8B}.exe
        101⤵
        Modifies Installed Components in the registry
        Drops file in Windows directory
        
        PID:2368
        
        C:\Windows\{DE83BBF7-D6A6-4a85-B378-AC648CD57B0E}.exe
        
        C:\Windows\{DE83BBF7-D6A6-4a85-B378-AC648CD57B0E}.exe
        102⤵
        Modifies Installed Components in the registry
        
        PID:2824
        
        C:\Windows\{737C6727-4962-4007-8143-F970BB4ADCDD}.exe
        
        C:\Windows\{737C6727-4962-4007-8143-F970BB4ADCDD}.exe
        103⤵
        Drops file in Windows directory
        
        PID:4112
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\{737C6~1.EXE > nul
        104⤵
        
        PID:1640
        
        C:\Windows\{E349FAB7-CF46-480e-9ADF-84915D72F84B}.exe
        
        C:\Windows\{E349FAB7-CF46-480e-9ADF-84915D72F84B}.exe
        104⤵
        Modifies Installed Components in the registry
        
        PID:4220
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\{E349F~1.EXE > nul
        105⤵
        
        PID:3584
        
        C:\Windows\{1D84CCD2-569E-492e-BFE5-854441AE7D55}.exe
        
        C:\Windows\{1D84CCD2-569E-492e-BFE5-854441AE7D55}.exe
        105⤵
        Modifies Installed Components in the registry
        Drops file in Windows directory
        
        PID:2828
        
        C:\Windows\{94CB4ECC-9723-45be-BF96-3EC4B6998D3A}.exe
        
        C:\Windows\{94CB4ECC-9723-45be-BF96-3EC4B6998D3A}.exe
        106⤵
        Drops file in Windows directory
        
        PID:2460
        
        C:\Windows\{731E225D-A552-4d5a-9568-B2061013DE65}.exe
        
        C:\Windows\{731E225D-A552-4d5a-9568-B2061013DE65}.exe
        107⤵
        Drops file in Windows directory
        
        PID:1988
        
        C:\Windows\{02D2C06E-B632-46d9-A40A-15BDAF3C6F62}.exe
        
        C:\Windows\{02D2C06E-B632-46d9-A40A-15BDAF3C6F62}.exe
        108⤵
        Modifies Installed Components in the registry
        
        PID:2616
        
        C:\Windows\{E7B06599-4262-4205-9607-6F8E1CAE72B3}.exe
        
        C:\Windows\{E7B06599-4262-4205-9607-6F8E1CAE72B3}.exe
        109⤵
        Drops file in Windows directory
        
        PID:4312
        
        C:\Windows\{75FB6AE7-6B3C-4c10-B3FC-BBC0B64ADD3F}.exe
        
        C:\Windows\{75FB6AE7-6B3C-4c10-B3FC-BBC0B64ADD3F}.exe
        110⤵
        
        PID:3212
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\{75FB6~1.EXE > nul
        111⤵
        
        PID:2244
        
        C:\Windows\{144EF226-81D8-4cdc-98DC-64F554016DA7}.exe
        
        C:\Windows\{144EF226-81D8-4cdc-98DC-64F554016DA7}.exe
        111⤵
        Drops file in Windows directory
        
        PID:3768
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\{144EF~1.EXE > nul
        112⤵
        
        PID:640
        
        C:\Windows\{53E3F65C-59AA-4619-AC18-9FEB0089B6E4}.exe
        
        C:\Windows\{53E3F65C-59AA-4619-AC18-9FEB0089B6E4}.exe
        112⤵
        
        PID:1928
        
        C:\Windows\{B618FB7A-12CA-4435-ADA2-D5D8A8E6D7D9}.exe
        
        C:\Windows\{B618FB7A-12CA-4435-ADA2-D5D8A8E6D7D9}.exe
        113⤵
        Modifies Installed Components in the registry
        
        PID:4760
        
        C:\Windows\{5560D454-8CA9-4044-88DE-B9C478571C17}.exe
        
        C:\Windows\{5560D454-8CA9-4044-88DE-B9C478571C17}.exe
        114⤵
        
        PID:3488
        
        C:\Windows\{98A5A819-CB40-4dee-995A-1FC2F658A54F}.exe
        
        C:\Windows\{98A5A819-CB40-4dee-995A-1FC2F658A54F}.exe
        115⤵
        Modifies Installed Components in the registry
        
        PID:2180
        
        C:\Windows\{D024CBB8-7AEC-45ba-9C76-C62420B0660A}.exe
        
        C:\Windows\{D024CBB8-7AEC-45ba-9C76-C62420B0660A}.exe
        116⤵
        Drops file in Windows directory
        
        PID:1568
        
        C:\Windows\{125CA564-FFA1-4524-B7AB-E86BA73A21A1}.exe
        
        C:\Windows\{125CA564-FFA1-4524-B7AB-E86BA73A21A1}.exe
        117⤵
        
        PID:4296
        
        C:\Windows\{C469E80C-C08B-4a02-8CB8-D5BE7F2F4BDF}.exe
        
        C:\Windows\{C469E80C-C08B-4a02-8CB8-D5BE7F2F4BDF}.exe
        118⤵
        
        PID:392
        
        C:\Windows\{5F0CD1E8-A199-45cd-9378-7BD6640E4FCA}.exe
        
        C:\Windows\{5F0CD1E8-A199-45cd-9378-7BD6640E4FCA}.exe
        119⤵
        
        PID:512
        
        C:\Windows\{63ED721B-2B41-4a7f-8CB5-B1C8E67BFBE5}.exe
        
        C:\Windows\{63ED721B-2B41-4a7f-8CB5-B1C8E67BFBE5}.exe
        120⤵
        
        PID:2768
        
        C:\Windows\{71E38D6F-7593-4c14-9E91-D2E7412BD345}.exe
        
        C:\Windows\{71E38D6F-7593-4c14-9E91-D2E7412BD345}.exe
        121⤵
        Modifies Installed Components in the registry
        Drops file in Windows directory
        
        PID:3260
        
        C:\Windows\{69FB88E5-686D-496e-8E70-4E655AB52EFA}.exe
        
        C:\Windows\{69FB88E5-686D-496e-8E70-4E655AB52EFA}.exe
        122⤵
        
        PID:3680
        
        C:\Windows\{192A0F91-C351-46fe-9738-F24E5E96E1D8}.exe
        
        C:\Windows\{192A0F91-C351-46fe-9738-F24E5E96E1D8}.exe
        123⤵
        Modifies Installed Components in the registry
        
        PID:2928
        
        C:\Windows\{75B95ED2-07D4-4d12-BB1D-8FE1457AEB4C}.exe
        
        C:\Windows\{75B95ED2-07D4-4d12-BB1D-8FE1457AEB4C}.exe
        124⤵
        
        PID:3636
        
        C:\Windows\{1FEBE480-6D18-419d-8037-73D2D9148FA8}.exe
        
        C:\Windows\{1FEBE480-6D18-419d-8037-73D2D9148FA8}.exe
        125⤵
        
        PID:2388
        
        C:\Windows\{04177901-5F31-48a9-907E-707A1A94D557}.exe
        
        C:\Windows\{04177901-5F31-48a9-907E-707A1A94D557}.exe
        126⤵
        Modifies Installed Components in the registry
        Drops file in Windows directory
        
        PID:5068
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\{04177~1.EXE > nul
        127⤵
        
        PID:2432
        
        C:\Windows\{D75FF857-D7DC-4106-B547-E4921909B342}.exe
        
        C:\Windows\{D75FF857-D7DC-4106-B547-E4921909B342}.exe
        127⤵
        
        PID:4404
        
        C:\Windows\{C1F40730-B92A-48c2-8086-378CA4998F94}.exe
        
        C:\Windows\{C1F40730-B92A-48c2-8086-378CA4998F94}.exe
        128⤵
        Drops file in Windows directory
        
        PID:4776
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\{C1F40~1.EXE > nul
        129⤵
        
        PID:3040
        
        C:\Windows\{B7C1686F-DB7D-443d-8876-7CF2C2AE575B}.exe
        
        C:\Windows\{B7C1686F-DB7D-443d-8876-7CF2C2AE575B}.exe
        129⤵
        
        PID:3028
        
        C:\Windows\{6B773698-C6BA-4d8a-95C6-87D6D4DDD131}.exe
        
        C:\Windows\{6B773698-C6BA-4d8a-95C6-87D6D4DDD131}.exe
        130⤵
        Drops file in Windows directory
        
        PID:1196
        
        C:\Windows\{C4D9C35D-D2F3-4bcb-9593-13C77923E3F1}.exe
        
        C:\Windows\{C4D9C35D-D2F3-4bcb-9593-13C77923E3F1}.exe
        131⤵
        Drops file in Windows directory
        
        PID:2152
        
        C:\Windows\{CAD7BFE8-55A3-433b-AFB8-9DD39EF29274}.exe
        
        C:\Windows\{CAD7BFE8-55A3-433b-AFB8-9DD39EF29274}.exe
        132⤵
        
        PID:2064
        
        C:\Windows\{D9EA5650-CBC0-4c34-B47E-F015AD40E488}.exe
        
        C:\Windows\{D9EA5650-CBC0-4c34-B47E-F015AD40E488}.exe
        133⤵
        
        PID:216
        
        C:\Windows\{F1121953-E275-4a42-A03B-5553BEDD1DB1}.exe
        
        C:\Windows\{F1121953-E275-4a42-A03B-5553BEDD1DB1}.exe
        134⤵
        Drops file in Windows directory
        
        PID:3548
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\{F1121~1.EXE > nul
        135⤵
        
        PID:1280
        
        C:\Windows\{1DD9C550-B543-4be1-A4FC-38859B61A32A}.exe
        
        C:\Windows\{1DD9C550-B543-4be1-A4FC-38859B61A32A}.exe
        135⤵
        Drops file in Windows directory
        
        PID:3016
        
        C:\Windows\{5A495F7A-4466-4868-8B53-4D54BE7CEAE1}.exe
        
        C:\Windows\{5A495F7A-4466-4868-8B53-4D54BE7CEAE1}.exe
        136⤵
        
        PID:2544
        
        C:\Windows\{2120F130-7ADB-4dfc-A946-DB18F5398894}.exe
        
        C:\Windows\{2120F130-7ADB-4dfc-A946-DB18F5398894}.exe
        137⤵
        Drops file in Windows directory
        
        PID:1948
        
        C:\Windows\{FF57100F-EB19-4775-9662-FDDF79F2E8CC}.exe
        
        C:\Windows\{FF57100F-EB19-4775-9662-FDDF79F2E8CC}.exe
        138⤵
        Modifies Installed Components in the registry
        
        PID:2136
        
        C:\Windows\{5F5B32A3-917C-4f7b-A599-09EB1F21FF40}.exe
        
        C:\Windows\{5F5B32A3-917C-4f7b-A599-09EB1F21FF40}.exe
        139⤵
        
        PID:2948
        
        C:\Windows\{C77AF4B3-D8CD-485e-8850-863221E1AD21}.exe
        
        C:\Windows\{C77AF4B3-D8CD-485e-8850-863221E1AD21}.exe
        140⤵
        Modifies Installed Components in the registry
        
        PID:4328
        
        C:\Windows\{DF6697DB-1980-47c9-B84A-368856B0217F}.exe
        
        C:\Windows\{DF6697DB-1980-47c9-B84A-368856B0217F}.exe
        141⤵
        
        PID:4500
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\{DF669~1.EXE > nul
        142⤵
        
        PID:3404
        
        C:\Windows\{64F984EB-DFAC-446f-A1E3-6A50846F7826}.exe
        
        C:\Windows\{64F984EB-DFAC-446f-A1E3-6A50846F7826}.exe
        142⤵
        Modifies Installed Components in the registry
        Drops file in Windows directory
        
        PID:2052
        
        C:\Windows\{15B3CC06-E7A8-45de-8C99-DB550EC6DA1A}.exe
        
        C:\Windows\{15B3CC06-E7A8-45de-8C99-DB550EC6DA1A}.exe
        143⤵
        Modifies Installed Components in the registry
        
        PID:5088
        
        C:\Windows\{E8CB97F1-E987-438e-8F59-9E463BF94E7E}.exe
        
        C:\Windows\{E8CB97F1-E987-438e-8F59-9E463BF94E7E}.exe
        144⤵
        Drops file in Windows directory
        
        PID:1200
        
        C:\Windows\{89BDF0F6-22D8-4073-A2ED-348FB142F1AB}.exe
        
        C:\Windows\{89BDF0F6-22D8-4073-A2ED-348FB142F1AB}.exe
        145⤵
        Modifies Installed Components in the registry
        Drops file in Windows directory
        
        PID:2728
        
        C:\Windows\{EAB514E0-5517-437c-8163-B2A09EE7F38D}.exe
        
        C:\Windows\{EAB514E0-5517-437c-8163-B2A09EE7F38D}.exe
        146⤵
        
        PID:4756
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\{89BDF~1.EXE > nul
        146⤵
        
        PID:4144
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\{E8CB9~1.EXE > nul
        145⤵
        
        PID:1956
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\{15B3C~1.EXE > nul
        144⤵
        
        PID:3184
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\{64F98~1.EXE > nul
        143⤵
        
        PID:2288
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\{C77AF~1.EXE > nul
        141⤵
        
        PID:4568
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\{5F5B3~1.EXE > nul
        140⤵
        
        PID:3236
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\{FF571~1.EXE > nul
        139⤵
        
        PID:2944
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\{2120F~1.EXE > nul
        138⤵
        
        PID:2408
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\{5A495~1.EXE > nul
        137⤵
        
        PID:3892
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\{1DD9C~1.EXE > nul
        136⤵
        
        PID:1208
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\{D9EA5~1.EXE > nul
        134⤵
        
        PID:4752
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\{CAD7B~1.EXE > nul
        133⤵
        
        PID:2812
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\{C4D9C~1.EXE > nul
        132⤵
        
        PID:3772
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\{6B773~1.EXE > nul
        131⤵
        
        PID:2188
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\{B7C16~1.EXE > nul
        130⤵
        
        PID:2220
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\{D75FF~1.EXE > nul
        128⤵
        
        PID:3816
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\{1FEBE~1.EXE > nul
        126⤵
        
        PID:4768
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\{75B95~1.EXE > nul
        125⤵
        
        PID:3568
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\{192A0~1.EXE > nul
        124⤵
        
        PID:228
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\{69FB8~1.EXE > nul
        123⤵
        
        PID:3584
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\{71E38~1.EXE > nul
        122⤵
        
        PID:1944
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\{63ED7~1.EXE > nul
        121⤵
        
        PID:4992
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\{5F0CD~1.EXE > nul
        120⤵
        
        PID:3860
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\{C469E~1.EXE > nul
        119⤵
        
        PID:3160
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\{125CA~1.EXE > nul
        118⤵
        
        PID:2396
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\{D024C~1.EXE > nul
        117⤵
        
        PID:728
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\{98A5A~1.EXE > nul
        116⤵
        
        PID:3952
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\{5560D~1.EXE > nul
        115⤵
        
        PID:1732
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\{B618F~1.EXE > nul
        114⤵
        
        PID:4608
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\{53E3F~1.EXE > nul
        113⤵
        
        PID:2108
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\{E7B06~1.EXE > nul
        110⤵
        
        PID:2820
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\{02D2C~1.EXE > nul
        109⤵
        
        PID:3220
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\{731E2~1.EXE > nul
        108⤵
        
        PID:4008
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\{94CB4~1.EXE > nul
        107⤵
        
        PID:3568
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\{1D84C~1.EXE > nul
        106⤵
        
        PID:1444
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\{DE83B~1.EXE > nul
        103⤵
        
        PID:1648
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\{D5311~1.EXE > nul
        102⤵
        
        PID:1500
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\{DD6C0~1.EXE > nul
        101⤵
        
        PID:4532
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\{A1A00~1.EXE > nul
        100⤵
        
        PID:4460
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\{2DE40~1.EXE > nul
        99⤵
        
        PID:4788
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\{47F3B~1.EXE > nul
        98⤵
        
        PID:3780
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\{6CA67~1.EXE > nul
        97⤵
        
        PID:768
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\{08EB6~1.EXE > nul
        95⤵
        
        PID:4224
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\{6BCB9~1.EXE > nul
        94⤵
        
        PID:4844
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\{2AAB0~1.EXE > nul
        93⤵
        
        PID:4424
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\{419DD~1.EXE > nul
        92⤵
        
        PID:4472
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\{9072B~1.EXE > nul
        91⤵
        
        PID:3656
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\{C4B62~1.EXE > nul
        90⤵
        
        PID:4228
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\{1A346~1.EXE > nul
        89⤵
        
        PID:3500
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\{B1B19~1.EXE > nul
        88⤵
        
        PID:3668
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\{7FB6B~1.EXE > nul
        87⤵
        
        PID:468
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\{8C583~1.EXE > nul
        86⤵
        
        PID:4896
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\{F80D0~1.EXE > nul
        85⤵
        
        PID:2936
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\{AD3A5~1.EXE > nul
        84⤵
        
        PID:3116
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\{6196E~1.EXE > nul
        83⤵
        
        PID:4008
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\{A6722~1.EXE > nul
        80⤵
        
        PID:4588
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\{2EA59~1.EXE > nul
        79⤵
        
        PID:1480
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\{A010B~1.EXE > nul
        78⤵
        
        PID:2100
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\{F7588~1.EXE > nul
        77⤵
        
        PID:3192
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\{85100~1.EXE > nul
        75⤵
        
        PID:688
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\{67FA5~1.EXE > nul
        74⤵
        
        PID:4788
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\{2D42F~1.EXE > nul
        73⤵
        
        PID:4904
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\{BF97D~1.EXE > nul
        72⤵
        
        PID:3812
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\{FEBA6~1.EXE > nul
        71⤵
        
        PID:1932
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\{9BE1C~1.EXE > nul
        70⤵
        
        PID:2684
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\{01CBC~1.EXE > nul
        69⤵
        
        PID:2220
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\{048DE~1.EXE > nul
        68⤵
        
        PID:644
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\{5F05B~1.EXE > nul
        67⤵
        
        PID:232
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\{3561D~1.EXE > nul
        66⤵
        
        PID:3816
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\{5D240~1.EXE > nul
        64⤵
        
        PID:3628
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\{3C413~1.EXE > nul
        63⤵
        
        PID:468
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\{CF5C5~1.EXE > nul
        62⤵
        
        PID:816
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\{193CD~1.EXE > nul
        61⤵
        
        PID:3924
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\{F2636~1.EXE > nul
        60⤵
        
        PID:3588
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\{DC610~1.EXE > nul
        59⤵
        
        PID:4492
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\{1BE5E~1.EXE > nul
        58⤵
        
        PID:2180
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\{D4C57~1.EXE > nul
        57⤵
        
        PID:4476
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\{51044~1.EXE > nul
        56⤵
        
        PID:1664
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\{DAA70~1.EXE > nul
        55⤵
        
        PID:3328
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\{28CF5~1.EXE > nul
        53⤵
        
        PID:4616
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\{EEA91~1.EXE > nul
        52⤵
        
        PID:2744
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\{476D9~1.EXE > nul
        51⤵
        
        PID:400
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\{C1990~1.EXE > nul
        50⤵
        
        PID:4696
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\{EBE7B~1.EXE > nul
        49⤵
        
        PID:2136
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\{6F9D0~1.EXE > nul
        48⤵
        
        PID:4308
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\{C694E~1.EXE > nul
        47⤵
        
        PID:4208
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\{9901F~1.EXE > nul
        46⤵
        
        PID:2164
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\{9BCEB~1.EXE > nul
        45⤵
        
        PID:3948
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\{93080~1.EXE > nul
        44⤵
        
        PID:64
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\{06117~1.EXE > nul
        43⤵
        
        PID:3648
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\{1071F~1.EXE > nul
        42⤵
        
        PID:5012
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\{60B90~1.EXE > nul
        41⤵
        
        PID:3688
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\{D4B32~1.EXE > nul
        39⤵
        
        PID:1028
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\{614AD~1.EXE > nul
        38⤵
        
        PID:228
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\{1B9AE~1.EXE > nul
        37⤵
        
        PID:3944
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\{1999E~1.EXE > nul
        36⤵
        
        PID:1176
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\{D82E7~1.EXE > nul
        35⤵
        
        PID:540
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\{A30E4~1.EXE > nul
        34⤵
        
        PID:3848
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\{9CF9B~1.EXE > nul
        33⤵
        
        PID:2524
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\{02341~1.EXE > nul
        32⤵
        
        PID:1904
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\{67F9B~1.EXE > nul
        31⤵
        
        PID:3776
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\{F2BAF~1.EXE > nul
        30⤵
        
        PID:928
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\{15E94~1.EXE > nul
        29⤵
        
        PID:688
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\{8D6E1~1.EXE > nul
        28⤵
        
        PID:4540
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\{09C11~1.EXE > nul
        27⤵
        
        PID:3968
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\{14C76~1.EXE > nul
        26⤵
        
        PID:4564
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\{5D491~1.EXE > nul
        25⤵
        
        PID:3004
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\{4264E~1.EXE > nul
        24⤵
        
        PID:2964
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\{A83C2~1.EXE > nul
        23⤵
        
        PID:1532
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\{606D3~1.EXE > nul
        22⤵
        
        PID:3076
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\{63014~1.EXE > nul
        21⤵
        
        PID:3628
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\{19B60~1.EXE > nul
        20⤵
        
        PID:4312
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\{94182~1.EXE > nul
        19⤵
        
        PID:8
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\{70C7E~1.EXE > nul
        18⤵
        
        PID:5076
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\{2F7AC~1.EXE > nul
        17⤵
        
        PID:680
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\{37805~1.EXE > nul
        15⤵
        
        PID:1920
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\{0A8B2~1.EXE > nul
        14⤵
        
        PID:4304
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\{959DE~1.EXE > nul
        13⤵
        
        PID:2456
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\{AB8A8~1.EXE > nul
        12⤵
        
        PID:516
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\{439AD~1.EXE > nul
        11⤵
        
        PID:3768
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\{5543F~1.EXE > nul
        10⤵
        
        PID:2772
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\{B2E76~1.EXE > nul
        9⤵
        
        PID:728
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\{99C24~1.EXE > nul
        8⤵
        
        PID:1204
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\{237C8~1.EXE > nul
        7⤵
        
        PID:624
      - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\{7A9B3~1.EXE > nul
        6⤵
        
        PID:4972
    - - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\{513EE~1.EXE > nul
        5⤵
        
        PID:904
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c del C:\Windows\{75B8C~1.EXE > nul
      4⤵
      PID:4252
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c del C:\Windows\{DF391~1.EXE > nul
    3⤵
    PID:5000
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
  2⤵
  PID:808

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\{0234127B-A3A3-49bb-A4C6-5BCC85DC5C90}.exe

Filesize
372KB

MD5
e0bd80de419b13e28b99b3150d1d0dad

SHA1
a042f84dfa1616349d496dafdb4f73e674c3bf63

SHA256
1fb49fb52b2f8dde76d05a2a641b29ff0f1be12967a9dc80e5b564fa26b136f9

SHA512
633772811af9c008f4938b589b772c43bc9a060efca24eb9383f992be738d5ce65e480bc66823c900f81fb8f110d2148d5f90a01453664e37dce2e87ce226d27

Download Submit
C:\Windows\{09C11BC6-B250-483c-99D1-B2149096182D}.exe

Filesize
372KB

MD5
3af78fceca0a1b29cc5290851d4e9d76

SHA1
7ae132e9af64897a38824dde1e12fa2e1510cb5e

SHA256
16d676867a68f2f8ed0935cfbcd6a9966833e2a8363a841494fb6334bd957ec0

SHA512
c5e454ed54d4da40a3fca91cd3b71973120b72ddd0e068cd7fae84e460190971bb7f478a2ce5519bc18ef8cd2a00a3ff39a6d585de04b4ce33f99acb68caf8ce

Download Submit
C:\Windows\{0A8B2D1B-E5BD-4f96-929A-6AC01CB2FDF9}.exe

Filesize
372KB

MD5
b1bd1935f8548f3e2bace3ee117f082a

SHA1
00068c1d51320ddce0b0cab5f1cd514f5a87b6f3

SHA256
e27dfeab607da6e6e595b9835846b46e4e2cd8b8d6d7e6ea095c9ef14e0d269e

SHA512
df0446441d7e949de0b1813e149ccabe66dd1e12cecad296d1a54d45742fa87c62f9bb30e3a41cfe954e9b2ea692df8b46350d59a5a8e9ae6ac7bdb2675e7d2c

Download Submit
C:\Windows\{14C764DF-6268-4c96-A63C-74C5ED126149}.exe

Filesize
372KB

MD5
8ac6dea6ca27911b231c5a234a997e85

SHA1
b764dc1772815503b19aa17dfbbc0907ee2e7456

SHA256
2384e9e71be266cb6f224bccd3ad631146138aa64acb86c1dc2b84bc91375780

SHA512
9f8b3861e51779005c29ad069808190d79f9baa3cb0a083e89907b28600969c4e4727340381e4e4fb89ae8fccff6025db7b6e903fbd1b08d25db73f4ee169d6c

Download Submit
C:\Windows\{15E94F3D-49DC-4aa3-AE56-1B1892ED59A6}.exe

Filesize
372KB

MD5
cdde24de345432a6e037ca1313c38ea4

SHA1
f23505750e6e6ee7362cb14fdd34f7a0ff5a956f

SHA256
5f4e8a38d177b1edb271947072e57d5e75afb1b181d00bccc255e105b5d297bb

SHA512
a71c2a05ca819ad7cd4b11ec6410e0e20cb6be42017c9516edfb78074d28a03923c2d8b2fe46045047e95bad086249f5fb591b37d4fda162398d1d0bdb155415

Download Submit
C:\Windows\{19B60F16-64BD-41db-8392-2708B94BEE97}.exe

Filesize
372KB

MD5
0f37f5cd4ce0bbc1e08e94c058257cd6

SHA1
aeae02420766d403a72f52dd486be9d5f9b303f5

SHA256
d208e013ce6fe80eaa4afb8d978b06679247b39d81c741e9aced127054596f8c

SHA512
89687340a9bf1d21c1b8753ad12c9613f007452dfdc3443f7cd289eb542d2a5fbffedd6343fe5dbc2197eea7d448f72ef2500a334c827c480aa5983eead6607e

Download Submit
C:\Windows\{237C8625-C7F6-4cea-A878-CFAD46A46447}.exe

Filesize
372KB

MD5
e0ad53a13b71296e9a5576efebc731a2

SHA1
cd0fc3ae42e04043158dfe97cacf6a88a37e52be

SHA256
a6db4a4ef5d508259d766d2c302040791dd1d71026ceaf88da122c59f1134c03

SHA512
308ce290448f9cd488dc84a65cf909af3dfe461f901aada48995adb9b40036c5916c78543ff1b1b448946cacdeb20875b1e9c840199d9022b1b98a7fa97367ee

Download Submit
C:\Windows\{2F7AC9A9-7AA0-4132-AF87-1401E3D10BBF}.exe

Filesize
372KB

MD5
82785ecaf0acd496a9d54552f2077ae1

SHA1
e3b0246bed6d01a70810f56e18e1417624a81a81

SHA256
ae2d486e9b467167e0bca58a2f8863976f377809b67043365420a9e47a626e70

SHA512
6aed251e4ae31c99786f26f97b3d7bb60c4d21b405b67222b98c43e85ae70e03f27e76404cbaa4679cc8d0f2ec51e5cf28a8eeb6bbf604e54733ec931e37d977

Download Submit
C:\Windows\{37805C89-366E-4f86-B630-9FA5D3D5603D}.exe

Filesize
372KB

MD5
65edba9e39abdda9cba1668c62a6dc34

SHA1
5f1532b790fded5184b9f1b396933a19d0442b7c

SHA256
f7bcb0026e39b52f9bc2e6c8ff835bf4d92f5683ba290ba99830517802e683a3

SHA512
c2fc38ec82167810ffe24ffbda1f4be128e1e05a3a8c7dc915bdceee3bb6b553c92d068cde6faa8fe2c527fd3478b63d509d1f8b84d3c62cdf827233ab4af9e0

Download Submit
C:\Windows\{4264E937-895A-4d8c-B737-883D14044E25}.exe

Filesize
372KB

MD5
9a0c3125a9df1b6fcfe36ad816cf7b83

SHA1
0a62a098008b40f6df482ded13587e40e670e6bb

SHA256
7ea81801e0ff97818d4dc13f69f3a7a45cb14e10768cab1df0eb90a03659938f

SHA512
9bac023f9e8c2e1a5c5ae77a39ba3ce1ddf6f3fd6b11c858bf73deda26095916a2c5dc82431c34822b1217f1b6dbfa84017e840cdd2af955adf7c00375726039

Download Submit
C:\Windows\{439ADDF5-3153-4332-B3EC-5CEDB2BE56EF}.exe

Filesize
372KB

MD5
2bf28b2c5774874473493d0c2627d017

SHA1
985845aee011f476c4a280121940238c75b12e77

SHA256
15800fe673e1897b6d1ff1dfcdb84794fc33f2241810e7863efa146cd3647f58

SHA512
90c3c3ecfeca548d99e65f5b550f02985df48bbbbba0ecde9b22596e6f211beb5d5de6f46c426bbdad295b6ff4da22d1806cbeb306808e26d9763f612b74e136

Download Submit
C:\Windows\{513EEFE1-C9B8-4611-A61C-64A38814348C}.exe

Filesize
372KB

MD5
d7b262e03b26286da53c045d2ae73ff8

SHA1
dcd442af6c27901b400d31f9413f3e1b2bca615d

SHA256
4d4dacecc49549928af47e80b41f64d4e19aa26cb1274e57c56e345f29c414ac

SHA512
e30b8af64b2fcbec30dce53bf7903f42889822ce066190cbb5a63e488ab155685a68da3e6a35b2331058c860b0c056d67362e8fca392b0b67e87e6440e840d81

Download Submit
C:\Windows\{5543F531-65C6-4c69-9C10-8A739103E095}.exe

Filesize
372KB

MD5
148c59d66ee1c55f92bb974f6be229b2

SHA1
53bf2e7128caffe8c525e87c281e95e89cbb2a60

SHA256
a3d906b73e58b098f59c1146dff504e4b3babe300319d738b414137336b9968a

SHA512
6f47a997a508645d38432fa743b5fede1917af1fe6881f6d5a5da3de3bf0267304ee71475fd0be8a334608d20981c4127054ed7ec884fb86430c28521e03396a

Download Submit
C:\Windows\{5D491113-9898-47e3-AF2B-CEC1E70634A0}.exe

Filesize
372KB

MD5
1d8845e72a69708a15139d73aedc0996

SHA1
77e45d1303a9727bbf1cb606fa0d9802f656302e

SHA256
a6d19170d9e169e5ea35ce6fefb8715859b829d7c9290ea24b65f278d89db52a

SHA512
afbba4d8bc2f216834e95bba0f78746e704f0aa693e1203ebeb77c7f803a945cf179f9769671ec89cbf0166efea58cf1caf80d36da766aa48b7845ad82c7fb64

Download Submit
C:\Windows\{606D3A8D-EDF3-4927-942C-C3595E7E97B4}.exe

Filesize
256KB

MD5
f64a86b6e43fba30cadf1eaa158b51e5

SHA1
6e4aadb242d6d3e3c4004fd6f7cd2185779f873c

SHA256
71c562e6f01db29ebf33f570c3396d269def1c7078646f950fa6ed6241287f66

SHA512
59197e10ab144edd8976fe64441ffc65f02ae9c3b56f8d5ef22af1ae845a5a36ef1f344e25002b63811f3cb957990b14dc1a35624c3c31350a96fd95f91b5ef4

Download Submit
C:\Windows\{606D3A8D-EDF3-4927-942C-C3595E7E97B4}.exe

Filesize
193KB

MD5
1d723cb663bb0a983a5d22b08c2fd94f

SHA1
185f4e64072106d5db162f7ea431a09c6c92adbe

SHA256
4814c4c33ee718d88b07a18ab02795877459d23b9ec4c78f7894f0d12f8f520e

SHA512
a0f238b090c7f27617aac4a02fc5ef471682234752d6151e84ad1d4622caccd832c2d11684d41d566ca3dc713a61553eed7da0660233d187e164774d2cb98d6f

Download Submit
C:\Windows\{630143E4-47E8-4d86-9A6A-345982EF544D}.exe

Filesize
372KB

MD5
4c5275d6f7db062be8699a30750709a2

SHA1
5752711987b399672730ee6cbc79b8dd06488e83

SHA256
27295781ad45dce1c8cec15f5aa1837dfd7a102bf4f6fa111719e9b42aa8c605

SHA512
b06d67fda3a3a5a5113923c6a7f81c07fe8d82c25dd6809a0bf73729ee4d4a5d1f1f4c7ee6afedee6bc07df3f86b7a9b9e1a8753e9c6e23426e452c2f5f10902

Download Submit
C:\Windows\{67F9BD7B-8666-49c8-A45C-70BEF2503590}.exe

Filesize
372KB

MD5
d20e58edf78e2fd29fb9824efd68ac56

SHA1
c38fd9385fc0898fc088a93554da764840cf6d17

SHA256
19bef8ac40e5a0a21a6429bcec5589bc1a399083596a08f5c1f30e94eac25bd5

SHA512
f278f3f22d4c2e05c9ff13e49c4465c7a549ce4fa87efdbd482d45750666bcb1f6be7d9db4aa9b04dbf8d9507b45d44f8ad941ef15c2c7e84be4900744530830

Download Submit
C:\Windows\{69A6DCFA-7E85-4695-994E-6C035CCDA1F6}.exe

Filesize
372KB

MD5
fee6979c8543b01246912e0d7a8afab6

SHA1
d4066fb318dbcdded9ea71e8c72234b71faf6a26

SHA256
e2a207a801027cd04e362e4ca88ee02013cdf07587d6836ec0cbac672f951289

SHA512
642d554a6cf1b16e451fe7225f2107851bc5c6b42420f86c5aa0183c5385897cd03bf381ddbe467163a8514abbc1d444e9aedd5a409ca645ad773f32d94f77c9

Download Submit
C:\Windows\{70C7EC87-AAA2-41f8-9CB1-3C396F8E0017}.exe

Filesize
372KB

MD5
4b818910c35594657e61afe5d072287e

SHA1
f9e8d60362c6c6f2c0c55bc815a1cc93616e6f72

SHA256
06f186a65da6664ca81d15e114ffc7fe1c4fb991671fabb66ab99e73666d4b78

SHA512
e15d6528fd21f5fee3a577d44100723570c5a9981c18d34d26955cece0f067d68000182b397b70bb610eb9ff07a340c1a48c80072db49b8999843f9de2a5bbcf

Download Submit
C:\Windows\{75B8C948-0A7D-4364-8726-08CE364C99B9}.exe

Filesize
372KB

MD5
834ad846637b550c3cd7b27e49f467ce

SHA1
0e18d05a10896082aadd46b4fe3d40f75f4473e6

SHA256
1249485596f55ec4092cd1dba89518c50a3b59bdd98f2e2f004096bc3f1e3a5b

SHA512
c5c02b4ff9bb30fbc4c94b8b3b34a7616ac3a24ec41fa41e34915c42c5f58c0abfd4d2c3276a9adbe9a4aa826bc977843dc3b88ab43aa0f8d07b961d4cd7b700

Download Submit
C:\Windows\{7A9B336D-2183-4406-B391-437BC7E17D67}.exe

Filesize
372KB

MD5
4d685dcfd3fb43ad75473ab373c744b0

SHA1
8b1535512eb61a2caea0b805aa1307b682b03310

SHA256
862b0a0500ad1770c734ace5ecd749218e499ac26097f8e743db13913428e5d4

SHA512
9909d5503406ccf1fb20273abab8142cfb494a5df9419dae39adc0e20043066e9012b4eefb22aa70424fa29d8cf28f651165ab5b65ae1534abdb4ede145d2a0c

Download Submit
C:\Windows\{8D6E1E72-155A-433a-9271-3FC806E134DF}.exe

Filesize
372KB

MD5
9af44577e7684c0708472c472c9037fa

SHA1
0e0674918ebb8e4eec0fd9fb4879456a9aa31062

SHA256
af8341d29595312d032d6b3522002a75fa9a18070e30693b54bef54e7e42e3b5

SHA512
24686e71b3e48d4675bd22733a66f11802beb9ba535e98896dbe9a07bc7f58c667da373d3ac8f69c5fe9647b7f582c1853cde5ea8e0816bd141d941d3ee65b99

Download Submit
C:\Windows\{94182851-CAD0-4ac7-A23E-F0A5CAFE8A77}.exe

Filesize
372KB

MD5
b62f2989c1041e6e977f372048e7d04a

SHA1
dac871da0cb76b50ea894c4efb6d29a448ba2af2

SHA256
20659b1debe7b8672a6828e4692b21de28e82ba04fa83afe892972ec662204f7

SHA512
fa85ead2ede7fdd1f17152c33ca90856f2055ce438c32399b3eba41140c4dd8aed75c7ea640c5d2313e385d9a9e61c15e72357ab9b4b243d1c9e0e533f2da9d8

Download Submit
C:\Windows\{959DE87C-ADB1-408d-A76A-B94415F96EA3}.exe

Filesize
372KB

MD5
0ccf7b65b68baeeb6b72173830051ca6

SHA1
277c38e4d34ea904a6d7b585557ce347ff1aa500

SHA256
97ec728090f53ca1b263296e581647ddd8b3db2d59ac448661cce421082852cd

SHA512
85719c464c11c20c2c1c1d93480466b934c7784caf9eeccc74ec4a5a1b9c15ab5f3cf90e32d704cdaf8ebfed1ef62fc0b03f41dfb67481f1331bea1ed99c5f9e

Download Submit
C:\Windows\{99C24AA5-3F97-49e8-A47F-E14FDCC0E032}.exe

Filesize
372KB

MD5
5f38df3907c4b352ea83493de78be627

SHA1
107c03d030e3c7e93fea60272ed9fc0fdbdae12f

SHA256
f6d1db5f11cdfb7fd1138a63703ff328a39c25ec25d80cfc3cf29b186899db3e

SHA512
deadd124fd340899a960c987f172359d0179cf0e5a1d9bf659b011da6700e8ba5a0bf2f036fc7c4e111059a7a613d34f4385a31ed576f17761bd09979cad015b

Download Submit
C:\Windows\{9CF9B743-4A04-47b9-91FB-469C85AFD002}.exe

Filesize
372KB

MD5
78ab956fa1ea4e4dc84fdb79c8d66b32

SHA1
e677a766fffda8349b70fe52576d1d3b6995db2e

SHA256
3877e1e98f83b2a289392d402a52c886e08867f50c43cab8b7dfee7b26b2e6e2

SHA512
61e44c2f53dbc7fbc1e4997df1dc26aa4e00ab36924f558d8e56252dead90fb35516fa6d69d0d6a167fe1f04cd6fc38de0dba5b442afc5c646152e05861871e0

Download Submit
C:\Windows\{A30E4369-FBA5-4329-BDA2-5205DD9A56A0}.exe

Filesize
372KB

MD5
a7470b1c6f0ffbc11b08fea71459a4a0

SHA1
e29802a23be8bf21e654110ec55753e3a50087b9

SHA256
9c47357aaac27013ce9c25a8b28bcc7a748648f685d186b0554f60ca0abf5614

SHA512
d937673eeb30689153fd817d6955d4046e7af185f2f92968d437e3c5534facf14cada2d08469629379115ff8e9a42d049926b289f91c1499b75074ea3fb501d7

Download Submit
C:\Windows\{A83C2E07-4279-447f-ADD4-2DD8CC36D686}.exe

Filesize
372KB

MD5
2aceaf6b8b6add7a8d988f34d65158dc

SHA1
d81859ab701f976c3ea2b11bc07960d6a248c9f9

SHA256
f334f8c8690da5c6aca9252e8ba6d5959bafe1415eecac7f8cce231efdd9d034

SHA512
cb3fdf66d6e5a08c0324b47f2c9d1812236ae70cef39502c6a4b232cae92129a7548fab8010f8944db8db6a6bedd4b03cb1466d713887fba985ce105740740c9

Download Submit
C:\Windows\{AB8A8841-D03B-4e30-AD8A-6ADACFC7C4DF}.exe

Filesize
372KB

MD5
9214f6397c0b75116236aab424622d0f

SHA1
34d5e633383c6e67e30a4652c9ee34b9cfddfbf9

SHA256
350b9fd3597077440ebc814e6115f9f35d8803ca70b0e9975f8855780fc2ef32

SHA512
f29676801865c0cb26c4930100355941292939b7299667f7424c9f52926536f4277e4d802da735be9ff4a05a75bbe10107907f9aca4098f9b831b0efefa812a5

Download Submit
C:\Windows\{B2E76142-471E-404a-BFE2-553C6A37A7D0}.exe

Filesize
372KB

MD5
345a9ea8b467d259eff6fccab06224a6

SHA1
6291a4636731d2891ca080f906760dece2b26297

SHA256
68a4ed6ccfb6ccfda4313c15b839e8bc3b9c2767651b3eb2e9df1027a633aabc

SHA512
539b94868dd25fdaeb7be100aaeb2b74a42b731e1f766b74bfee4c915a1f750da4180cdd5340fc3476f1851889e3375ac71c5b773e65f417caa11cbd9fb43814

Download Submit
C:\Windows\{DF3916CA-9524-495c-92C0-28EF774EC1CB}.exe

Filesize
372KB

MD5
0512299aa15de4589337282cf6ad3f3a

SHA1
9cd0d3a01964624939e91c27f4b2b0ef6d321621

SHA256
44c951e08b4f4b360c0470c1d2e5814e6ecdc74e2c1cca05fb85e9b01501605c

SHA512
ce6af1cd0e384c0c822e644605b56043e333efd08a21c504a48806fffc7dd98cf73e45bbbf0dbdd8ebad24d1bc737c14373898d762c527ee6dc8903ed2a77f5d

Download Submit
C:\Windows\{F2BAF08F-F96A-43e4-BD8A-9B15AFF66510}.exe

Filesize
372KB

MD5
743dbc4edab0c9f284f844e1275343f1

SHA1
1e29434502ec56718e05e6ada134a9fb5eba8987

SHA256
f37aada2e00689b0d21f128945d87a6a22f7cd1808a4fdcdc624ebb70fa1b37b

SHA512
9f19c1a4b630c3160ffe211d85bc6ccf24b0c13d43b2bbf1245f5c6ef1a9564fe8ef6258095f4f2833043891fcda2ce6fcecdc898811ced3b506cf5d1e7476ef

Download Submit

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads