Analysis Overview
SHA256
9d3ffb3396fcb525cc9f30a72c318b4e563603a76f2479f40c15204515272992
Threat Level: Known bad
The file 9d3ffb3396fcb525cc9f30a72c318b4e563603a76f2479f40c15204515272992 was found to be: Known bad.
Malicious Activity Summary
Auto-generated rule
Auto-generated rule
Modifies Installed Components in the registry
Deletes itself
Executes dropped EXE
Drops file in Windows directory
Unsigned PE
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-06 23:47
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-06 23:47
Reported
2024-04-06 23:49
Platform
win7-20240215-en
Max time kernel
144s
Max time network
122s
Command Line
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{9A5B7F9C-F1CC-4308-8A72-841D608134DD} | C:\Windows\{962BEC83-3606-44ac-8B2B-A9E3AD09EA02}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{1D7967DA-C048-4b68-8FFA-05F885A504EE}\stubpath = "C:\\Windows\\{1D7967DA-C048-4b68-8FFA-05F885A504EE}.exe" | C:\Windows\{4AD4D70F-089F-4759-90BE-C483EB296BDE}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{251E656D-2A9D-4ee9-95C1-E7430166BDCC} | C:\Windows\{7351A6A1-F0B9-43d9-973E-C10E1FB8FF95}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{251E656D-2A9D-4ee9-95C1-E7430166BDCC}\stubpath = "C:\\Windows\\{251E656D-2A9D-4ee9-95C1-E7430166BDCC}.exe" | C:\Windows\{7351A6A1-F0B9-43d9-973E-C10E1FB8FF95}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{14C173F7-D690-4276-8AB2-F5B7DA92BFCF} | C:\Windows\{E31361BD-CE47-4da6-958D-C9DDB0FEF032}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{962BEC83-3606-44ac-8B2B-A9E3AD09EA02} | C:\Windows\{14C173F7-D690-4276-8AB2-F5B7DA92BFCF}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{7351A6A1-F0B9-43d9-973E-C10E1FB8FF95}\stubpath = "C:\\Windows\\{7351A6A1-F0B9-43d9-973E-C10E1FB8FF95}.exe" | C:\Windows\{296D62F2-7388-4349-8E9C-3CB44282905C}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{1D7967DA-C048-4b68-8FFA-05F885A504EE} | C:\Windows\{4AD4D70F-089F-4759-90BE-C483EB296BDE}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{17E85704-1CFF-4da4-A70B-E292A7AA019D} | C:\Windows\{1D7967DA-C048-4b68-8FFA-05F885A504EE}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{E31361BD-CE47-4da6-958D-C9DDB0FEF032} | C:\Windows\{17E85704-1CFF-4da4-A70B-E292A7AA019D}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{E31361BD-CE47-4da6-958D-C9DDB0FEF032}\stubpath = "C:\\Windows\\{E31361BD-CE47-4da6-958D-C9DDB0FEF032}.exe" | C:\Windows\{17E85704-1CFF-4da4-A70B-E292A7AA019D}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{14C173F7-D690-4276-8AB2-F5B7DA92BFCF}\stubpath = "C:\\Windows\\{14C173F7-D690-4276-8AB2-F5B7DA92BFCF}.exe" | C:\Windows\{E31361BD-CE47-4da6-958D-C9DDB0FEF032}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{ECCF4529-720E-42ab-B126-5963F8F9A5B5}\stubpath = "C:\\Windows\\{ECCF4529-720E-42ab-B126-5963F8F9A5B5}.exe" | C:\Windows\{9A5B7F9C-F1CC-4308-8A72-841D608134DD}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{296D62F2-7388-4349-8E9C-3CB44282905C}\stubpath = "C:\\Windows\\{296D62F2-7388-4349-8E9C-3CB44282905C}.exe" | C:\Users\Admin\AppData\Local\Temp\9d3ffb3396fcb525cc9f30a72c318b4e563603a76f2479f40c15204515272992.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{7351A6A1-F0B9-43d9-973E-C10E1FB8FF95} | C:\Windows\{296D62F2-7388-4349-8E9C-3CB44282905C}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{4AD4D70F-089F-4759-90BE-C483EB296BDE} | C:\Windows\{251E656D-2A9D-4ee9-95C1-E7430166BDCC}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{4AD4D70F-089F-4759-90BE-C483EB296BDE}\stubpath = "C:\\Windows\\{4AD4D70F-089F-4759-90BE-C483EB296BDE}.exe" | C:\Windows\{251E656D-2A9D-4ee9-95C1-E7430166BDCC}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{17E85704-1CFF-4da4-A70B-E292A7AA019D}\stubpath = "C:\\Windows\\{17E85704-1CFF-4da4-A70B-E292A7AA019D}.exe" | C:\Windows\{1D7967DA-C048-4b68-8FFA-05F885A504EE}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{962BEC83-3606-44ac-8B2B-A9E3AD09EA02}\stubpath = "C:\\Windows\\{962BEC83-3606-44ac-8B2B-A9E3AD09EA02}.exe" | C:\Windows\{14C173F7-D690-4276-8AB2-F5B7DA92BFCF}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{9A5B7F9C-F1CC-4308-8A72-841D608134DD}\stubpath = "C:\\Windows\\{9A5B7F9C-F1CC-4308-8A72-841D608134DD}.exe" | C:\Windows\{962BEC83-3606-44ac-8B2B-A9E3AD09EA02}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{ECCF4529-720E-42ab-B126-5963F8F9A5B5} | C:\Windows\{9A5B7F9C-F1CC-4308-8A72-841D608134DD}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{296D62F2-7388-4349-8E9C-3CB44282905C} | C:\Users\Admin\AppData\Local\Temp\9d3ffb3396fcb525cc9f30a72c318b4e563603a76f2479f40c15204515272992.exe | N/A |
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\cmd.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\{296D62F2-7388-4349-8E9C-3CB44282905C}.exe | N/A |
| N/A | N/A | C:\Windows\{7351A6A1-F0B9-43d9-973E-C10E1FB8FF95}.exe | N/A |
| N/A | N/A | C:\Windows\{251E656D-2A9D-4ee9-95C1-E7430166BDCC}.exe | N/A |
| N/A | N/A | C:\Windows\{4AD4D70F-089F-4759-90BE-C483EB296BDE}.exe | N/A |
| N/A | N/A | C:\Windows\{1D7967DA-C048-4b68-8FFA-05F885A504EE}.exe | N/A |
| N/A | N/A | C:\Windows\{17E85704-1CFF-4da4-A70B-E292A7AA019D}.exe | N/A |
| N/A | N/A | C:\Windows\{E31361BD-CE47-4da6-958D-C9DDB0FEF032}.exe | N/A |
| N/A | N/A | C:\Windows\{14C173F7-D690-4276-8AB2-F5B7DA92BFCF}.exe | N/A |
| N/A | N/A | C:\Windows\{962BEC83-3606-44ac-8B2B-A9E3AD09EA02}.exe | N/A |
| N/A | N/A | C:\Windows\{9A5B7F9C-F1CC-4308-8A72-841D608134DD}.exe | N/A |
| N/A | N/A | C:\Windows\{ECCF4529-720E-42ab-B126-5963F8F9A5B5}.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\{9A5B7F9C-F1CC-4308-8A72-841D608134DD}.exe | C:\Windows\{962BEC83-3606-44ac-8B2B-A9E3AD09EA02}.exe | N/A |
| File created | C:\Windows\{ECCF4529-720E-42ab-B126-5963F8F9A5B5}.exe | C:\Windows\{9A5B7F9C-F1CC-4308-8A72-841D608134DD}.exe | N/A |
| File created | C:\Windows\{7351A6A1-F0B9-43d9-973E-C10E1FB8FF95}.exe | C:\Windows\{296D62F2-7388-4349-8E9C-3CB44282905C}.exe | N/A |
| File created | C:\Windows\{4AD4D70F-089F-4759-90BE-C483EB296BDE}.exe | C:\Windows\{251E656D-2A9D-4ee9-95C1-E7430166BDCC}.exe | N/A |
| File created | C:\Windows\{1D7967DA-C048-4b68-8FFA-05F885A504EE}.exe | C:\Windows\{4AD4D70F-089F-4759-90BE-C483EB296BDE}.exe | N/A |
| File created | C:\Windows\{17E85704-1CFF-4da4-A70B-E292A7AA019D}.exe | C:\Windows\{1D7967DA-C048-4b68-8FFA-05F885A504EE}.exe | N/A |
| File created | C:\Windows\{962BEC83-3606-44ac-8B2B-A9E3AD09EA02}.exe | C:\Windows\{14C173F7-D690-4276-8AB2-F5B7DA92BFCF}.exe | N/A |
| File created | C:\Windows\{296D62F2-7388-4349-8E9C-3CB44282905C}.exe | C:\Users\Admin\AppData\Local\Temp\9d3ffb3396fcb525cc9f30a72c318b4e563603a76f2479f40c15204515272992.exe | N/A |
| File created | C:\Windows\{251E656D-2A9D-4ee9-95C1-E7430166BDCC}.exe | C:\Windows\{7351A6A1-F0B9-43d9-973E-C10E1FB8FF95}.exe | N/A |
| File created | C:\Windows\{E31361BD-CE47-4da6-958D-C9DDB0FEF032}.exe | C:\Windows\{17E85704-1CFF-4da4-A70B-E292A7AA019D}.exe | N/A |
| File created | C:\Windows\{14C173F7-D690-4276-8AB2-F5B7DA92BFCF}.exe | C:\Windows\{E31361BD-CE47-4da6-958D-C9DDB0FEF032}.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\9d3ffb3396fcb525cc9f30a72c318b4e563603a76f2479f40c15204515272992.exe
"C:\Users\Admin\AppData\Local\Temp\9d3ffb3396fcb525cc9f30a72c318b4e563603a76f2479f40c15204515272992.exe"
C:\Windows\{296D62F2-7388-4349-8E9C-3CB44282905C}.exe
C:\Windows\{296D62F2-7388-4349-8E9C-3CB44282905C}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\9D3FFB~1.EXE > nul
C:\Windows\{7351A6A1-F0B9-43d9-973E-C10E1FB8FF95}.exe
C:\Windows\{7351A6A1-F0B9-43d9-973E-C10E1FB8FF95}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{296D6~1.EXE > nul
C:\Windows\{251E656D-2A9D-4ee9-95C1-E7430166BDCC}.exe
C:\Windows\{251E656D-2A9D-4ee9-95C1-E7430166BDCC}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{7351A~1.EXE > nul
C:\Windows\{4AD4D70F-089F-4759-90BE-C483EB296BDE}.exe
C:\Windows\{4AD4D70F-089F-4759-90BE-C483EB296BDE}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{251E6~1.EXE > nul
C:\Windows\{1D7967DA-C048-4b68-8FFA-05F885A504EE}.exe
C:\Windows\{1D7967DA-C048-4b68-8FFA-05F885A504EE}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{4AD4D~1.EXE > nul
C:\Windows\{17E85704-1CFF-4da4-A70B-E292A7AA019D}.exe
C:\Windows\{17E85704-1CFF-4da4-A70B-E292A7AA019D}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{1D796~1.EXE > nul
C:\Windows\{E31361BD-CE47-4da6-958D-C9DDB0FEF032}.exe
C:\Windows\{E31361BD-CE47-4da6-958D-C9DDB0FEF032}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{17E85~1.EXE > nul
C:\Windows\{14C173F7-D690-4276-8AB2-F5B7DA92BFCF}.exe
C:\Windows\{14C173F7-D690-4276-8AB2-F5B7DA92BFCF}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{E3136~1.EXE > nul
C:\Windows\{962BEC83-3606-44ac-8B2B-A9E3AD09EA02}.exe
C:\Windows\{962BEC83-3606-44ac-8B2B-A9E3AD09EA02}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{14C17~1.EXE > nul
C:\Windows\{9A5B7F9C-F1CC-4308-8A72-841D608134DD}.exe
C:\Windows\{9A5B7F9C-F1CC-4308-8A72-841D608134DD}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{962BE~1.EXE > nul
C:\Windows\{ECCF4529-720E-42ab-B126-5963F8F9A5B5}.exe
C:\Windows\{ECCF4529-720E-42ab-B126-5963F8F9A5B5}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{9A5B7~1.EXE > nul
Network
Files
C:\Windows\{296D62F2-7388-4349-8E9C-3CB44282905C}.exe
| MD5 | 0a24ab7cbc982ab8b43cd018e00e0e9c |
| SHA1 | ea06f27c7205f7cc27000befc86a22ab31708203 |
| SHA256 | 1cc8d0fdb4fd09e100a287102f87a2c5adbe2f7de446c9dc1cbf025624acdfc8 |
| SHA512 | 1888a242bc245cbc69608e0c939c4ae83e7b75ec0568535e87ad592e02c3b93024ad81a73e34b9ab6faf6bb3dcc5bd9709781608a4e1ed9b1dc4cf7838584456 |
C:\Windows\{7351A6A1-F0B9-43d9-973E-C10E1FB8FF95}.exe
| MD5 | 1f58259bab3ae1ae0108c5540d24b74c |
| SHA1 | 26c5cab5e9816d5610b023cf6943acd4cac2521f |
| SHA256 | b9e1921efe9cb18091fb7b7091f920586bbfdf7ca873007c46b0784b69a1b455 |
| SHA512 | 29d361e588a41af2c5bb42cdb3a47a3d216a4c9bc44083412636374776efb31b2141faebd651ccf964a2aeb75f7b2d7c9b868777bac84ae24a5c0513520b60fa |
C:\Windows\{251E656D-2A9D-4ee9-95C1-E7430166BDCC}.exe
| MD5 | 12422c16cc7f7559c947a41aa5e50f4f |
| SHA1 | 62b84a461067d429ada0b0d8aa746073601bdcaa |
| SHA256 | c731580c5b8c77a37e88d5656823c3f8d11807d16c2069df7ac94420d20eaa0c |
| SHA512 | 3170a03a543b4897d0cc95696147b30f3771a1c62dd777488542a38d217ede81e04c3c952654eff766bce02929cc55d81766eaf2ce77ca07332b05eda06b2d1c |
C:\Windows\{4AD4D70F-089F-4759-90BE-C483EB296BDE}.exe
| MD5 | 52bbd8a27eb392551c7f4bc1f786bb5b |
| SHA1 | e0c1cb6fbd85c74b4e60aa82b7f7e6334861627b |
| SHA256 | 5082edfae17a3226852e1b7ecf91b37676ac12d1adad76d3f75102aac56824a1 |
| SHA512 | 7c7d591da40d9c66d9328dd70f537daa66a91936fc67244b65e38fd41386d9376a97c6efcf5a1640c20492272147ed2228485464f261b6aee63840990fa540f3 |
C:\Windows\{1D7967DA-C048-4b68-8FFA-05F885A504EE}.exe
| MD5 | 0e7e3115af3b10b07681bd05cee5cf90 |
| SHA1 | d266d9c04f15d951ebc625b2826c83b4fbbac32e |
| SHA256 | 8403a9d2ded90223e17957282836d451842311a8fe8886e9f0c271ecd6c778e7 |
| SHA512 | 96a566d7518793a666f4c654f5a59d451eb68085c1b1041c82cb2d99cb8ed6ea70756b2027cce0c5313e0b3b51f9b8306daa4f021e2042a3bc923b0386f5b9f2 |
C:\Windows\{17E85704-1CFF-4da4-A70B-E292A7AA019D}.exe
| MD5 | 3873494f635510ec4be212717d8a2e13 |
| SHA1 | 5251b058dd436a4a08850854cb62a7ab9a78dfcb |
| SHA256 | 8f1a9bcc2bcea6ed95fa539de3c902dad30636bdb188f53601b0989e1f9fd4e4 |
| SHA512 | 1e2a27cae271acbec3668a9ecf92d2f9e22b5e49dcf2f2db3e89f8b58ab8fac01a60ccea6cb67727bb8af9d812636220465a9ad56cf7346ee9e4b29465692b09 |
C:\Windows\{E31361BD-CE47-4da6-958D-C9DDB0FEF032}.exe
| MD5 | d5a296797f1cbc7d3b21d6dcb690fb95 |
| SHA1 | 63937d8bea0e03f57bc51e6aebee9f225e76f971 |
| SHA256 | c57df8bb5c76123e5f53613d3be499137275f7fb0a9ca4df389e572b6293a8ea |
| SHA512 | 987dd902761a02bcc29348490cfe595b1b9ff982c7e8bc17044027026f34732da8c3dde4b09aab273f3036228a029fe0cca22bfdb1ef5035c3ceeaafe9f48d27 |
C:\Windows\{14C173F7-D690-4276-8AB2-F5B7DA92BFCF}.exe
| MD5 | cec701bbda6c683406c03acc3ceacdf0 |
| SHA1 | 41e4325ed4c583db14f9bf99387e116ced1e3fcd |
| SHA256 | c1bdfafec8c124ffd597e2300a1ac87ccb50dc7b420843f09aeb356ea8fa3815 |
| SHA512 | 23046290fd8c70eac5c282b15ca95ddace5eb2b497eee6b559e23dbf8e021a090280b87002bc1a51742c15f4c3fd5ab7b9acf21435be40f23bf2157a333b540e |
C:\Windows\{962BEC83-3606-44ac-8B2B-A9E3AD09EA02}.exe
| MD5 | 426cb80c7afadd16de90bce47883499f |
| SHA1 | 1f8441eb8bedcc2dc87710ea2d55a64eeb845184 |
| SHA256 | 32808ab857c42a46d4bf51b139facb6840b52f420e928282710bf2f721c7505a |
| SHA512 | f84508ff41b9062d1eeba43bdd31352f4f5fe26236c135ff0b0ef79f557f313e21c77587f0d187ef45845f985200fc42b6bc64067b0166215e59bbf8ea9f805d |
C:\Windows\{9A5B7F9C-F1CC-4308-8A72-841D608134DD}.exe
| MD5 | a148be00c5ac3a6f0047aa1fe22d80cd |
| SHA1 | 344688e63c2a049a954318432a62b36f501041d3 |
| SHA256 | 79a49eba91a8a845c99a16ce3595091f4d630a82ff7a4a3b72ee1cff9cc148ea |
| SHA512 | 869c97dc05dbd3b83a37e2dcb40f6fc089f6748229421f1e75e1852e7fa7c9aedfe619230de9bf3fee8196bf9cca78620c9ae4fb3926f6869ecc8bd2d1c26a46 |
C:\Windows\{ECCF4529-720E-42ab-B126-5963F8F9A5B5}.exe
| MD5 | 4d0e35de2806f288d94a83f47592ff18 |
| SHA1 | 01d346a7573e52953873800fa0569a7ab4c0ff82 |
| SHA256 | 77a45c698c5c783068a9310acdbddd272c0d3285f0e717a14f23c058f73b6d36 |
| SHA512 | a42c0387f1b5f490fe88ee5076e341ef9d6683f0ef719d5bd8c657a0b8e08db2b69b51a1c895148c5d22440deb3968f65329ecf3680baab6863339b7780548bf |
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-06 23:47
Reported
2024-04-06 23:49
Platform
win10v2004-20231215-en
Max time kernel
149s
Max time network
149s
Command Line
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{0B9E80A4-BD7C-4846-A0C1-095531EF52D3} | C:\Windows\{98160805-914D-4429-B9C7-E7CE6F6D47A9}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{0B9E80A4-BD7C-4846-A0C1-095531EF52D3}\stubpath = "C:\\Windows\\{0B9E80A4-BD7C-4846-A0C1-095531EF52D3}.exe" | C:\Windows\{98160805-914D-4429-B9C7-E7CE6F6D47A9}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{8C60B2D6-81F0-4cfd-90B1-942FA42C9B9F} | C:\Users\Admin\AppData\Local\Temp\9d3ffb3396fcb525cc9f30a72c318b4e563603a76f2479f40c15204515272992.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{F616B968-A0B2-413c-AE02-9A977F36C27E}\stubpath = "C:\\Windows\\{F616B968-A0B2-413c-AE02-9A977F36C27E}.exe" | C:\Windows\{757A4BCD-4680-4812-9C1D-6A3B57AD8DA5}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{356015AB-922D-4168-BA8E-CE88BA550C70} | C:\Windows\{F0A907DB-B593-4275-82B0-1B82BC5317DB}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{F616B968-A0B2-413c-AE02-9A977F36C27E} | C:\Windows\{757A4BCD-4680-4812-9C1D-6A3B57AD8DA5}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{A32C73EF-45E9-4846-8B3C-D8B9D6319A68}\stubpath = "C:\\Windows\\{A32C73EF-45E9-4846-8B3C-D8B9D6319A68}.exe" | C:\Windows\{F616B968-A0B2-413c-AE02-9A977F36C27E}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{D2D721A9-F279-4e7f-92EB-46B46B7DEBDB}\stubpath = "C:\\Windows\\{D2D721A9-F279-4e7f-92EB-46B46B7DEBDB}.exe" | C:\Windows\{92D1951D-F876-4adb-AC3E-FCA03ED5CE46}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{F0A907DB-B593-4275-82B0-1B82BC5317DB} | C:\Windows\{A32C73EF-45E9-4846-8B3C-D8B9D6319A68}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{F0A907DB-B593-4275-82B0-1B82BC5317DB}\stubpath = "C:\\Windows\\{F0A907DB-B593-4275-82B0-1B82BC5317DB}.exe" | C:\Windows\{A32C73EF-45E9-4846-8B3C-D8B9D6319A68}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{356015AB-922D-4168-BA8E-CE88BA550C70}\stubpath = "C:\\Windows\\{356015AB-922D-4168-BA8E-CE88BA550C70}.exe" | C:\Windows\{F0A907DB-B593-4275-82B0-1B82BC5317DB}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{EBC67108-F3C5-44ea-BD05-AD1C4CA22E8D} | C:\Windows\{356015AB-922D-4168-BA8E-CE88BA550C70}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{EBC67108-F3C5-44ea-BD05-AD1C4CA22E8D}\stubpath = "C:\\Windows\\{EBC67108-F3C5-44ea-BD05-AD1C4CA22E8D}.exe" | C:\Windows\{356015AB-922D-4168-BA8E-CE88BA550C70}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{1A013FF4-4D48-46c9-B9B0-040BD7A7BB34} | C:\Windows\{8C60B2D6-81F0-4cfd-90B1-942FA42C9B9F}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{1A013FF4-4D48-46c9-B9B0-040BD7A7BB34}\stubpath = "C:\\Windows\\{1A013FF4-4D48-46c9-B9B0-040BD7A7BB34}.exe" | C:\Windows\{8C60B2D6-81F0-4cfd-90B1-942FA42C9B9F}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{A32C73EF-45E9-4846-8B3C-D8B9D6319A68} | C:\Windows\{F616B968-A0B2-413c-AE02-9A977F36C27E}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{92D1951D-F876-4adb-AC3E-FCA03ED5CE46}\stubpath = "C:\\Windows\\{92D1951D-F876-4adb-AC3E-FCA03ED5CE46}.exe" | C:\Windows\{0B9E80A4-BD7C-4846-A0C1-095531EF52D3}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{D2D721A9-F279-4e7f-92EB-46B46B7DEBDB} | C:\Windows\{92D1951D-F876-4adb-AC3E-FCA03ED5CE46}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{98160805-914D-4429-B9C7-E7CE6F6D47A9} | C:\Windows\{EBC67108-F3C5-44ea-BD05-AD1C4CA22E8D}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{98160805-914D-4429-B9C7-E7CE6F6D47A9}\stubpath = "C:\\Windows\\{98160805-914D-4429-B9C7-E7CE6F6D47A9}.exe" | C:\Windows\{EBC67108-F3C5-44ea-BD05-AD1C4CA22E8D}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{92D1951D-F876-4adb-AC3E-FCA03ED5CE46} | C:\Windows\{0B9E80A4-BD7C-4846-A0C1-095531EF52D3}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{8C60B2D6-81F0-4cfd-90B1-942FA42C9B9F}\stubpath = "C:\\Windows\\{8C60B2D6-81F0-4cfd-90B1-942FA42C9B9F}.exe" | C:\Users\Admin\AppData\Local\Temp\9d3ffb3396fcb525cc9f30a72c318b4e563603a76f2479f40c15204515272992.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{757A4BCD-4680-4812-9C1D-6A3B57AD8DA5} | C:\Windows\{1A013FF4-4D48-46c9-B9B0-040BD7A7BB34}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{757A4BCD-4680-4812-9C1D-6A3B57AD8DA5}\stubpath = "C:\\Windows\\{757A4BCD-4680-4812-9C1D-6A3B57AD8DA5}.exe" | C:\Windows\{1A013FF4-4D48-46c9-B9B0-040BD7A7BB34}.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\{8C60B2D6-81F0-4cfd-90B1-942FA42C9B9F}.exe | N/A |
| N/A | N/A | C:\Windows\{1A013FF4-4D48-46c9-B9B0-040BD7A7BB34}.exe | N/A |
| N/A | N/A | C:\Windows\{757A4BCD-4680-4812-9C1D-6A3B57AD8DA5}.exe | N/A |
| N/A | N/A | C:\Windows\{F616B968-A0B2-413c-AE02-9A977F36C27E}.exe | N/A |
| N/A | N/A | C:\Windows\{A32C73EF-45E9-4846-8B3C-D8B9D6319A68}.exe | N/A |
| N/A | N/A | C:\Windows\{F0A907DB-B593-4275-82B0-1B82BC5317DB}.exe | N/A |
| N/A | N/A | C:\Windows\{356015AB-922D-4168-BA8E-CE88BA550C70}.exe | N/A |
| N/A | N/A | C:\Windows\{EBC67108-F3C5-44ea-BD05-AD1C4CA22E8D}.exe | N/A |
| N/A | N/A | C:\Windows\{98160805-914D-4429-B9C7-E7CE6F6D47A9}.exe | N/A |
| N/A | N/A | C:\Windows\{0B9E80A4-BD7C-4846-A0C1-095531EF52D3}.exe | N/A |
| N/A | N/A | C:\Windows\{92D1951D-F876-4adb-AC3E-FCA03ED5CE46}.exe | N/A |
| N/A | N/A | C:\Windows\{D2D721A9-F279-4e7f-92EB-46B46B7DEBDB}.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\{8C60B2D6-81F0-4cfd-90B1-942FA42C9B9F}.exe | C:\Users\Admin\AppData\Local\Temp\9d3ffb3396fcb525cc9f30a72c318b4e563603a76f2479f40c15204515272992.exe | N/A |
| File created | C:\Windows\{757A4BCD-4680-4812-9C1D-6A3B57AD8DA5}.exe | C:\Windows\{1A013FF4-4D48-46c9-B9B0-040BD7A7BB34}.exe | N/A |
| File created | C:\Windows\{356015AB-922D-4168-BA8E-CE88BA550C70}.exe | C:\Windows\{F0A907DB-B593-4275-82B0-1B82BC5317DB}.exe | N/A |
| File created | C:\Windows\{98160805-914D-4429-B9C7-E7CE6F6D47A9}.exe | C:\Windows\{EBC67108-F3C5-44ea-BD05-AD1C4CA22E8D}.exe | N/A |
| File created | C:\Windows\{0B9E80A4-BD7C-4846-A0C1-095531EF52D3}.exe | C:\Windows\{98160805-914D-4429-B9C7-E7CE6F6D47A9}.exe | N/A |
| File created | C:\Windows\{D2D721A9-F279-4e7f-92EB-46B46B7DEBDB}.exe | C:\Windows\{92D1951D-F876-4adb-AC3E-FCA03ED5CE46}.exe | N/A |
| File created | C:\Windows\{1A013FF4-4D48-46c9-B9B0-040BD7A7BB34}.exe | C:\Windows\{8C60B2D6-81F0-4cfd-90B1-942FA42C9B9F}.exe | N/A |
| File created | C:\Windows\{F616B968-A0B2-413c-AE02-9A977F36C27E}.exe | C:\Windows\{757A4BCD-4680-4812-9C1D-6A3B57AD8DA5}.exe | N/A |
| File created | C:\Windows\{A32C73EF-45E9-4846-8B3C-D8B9D6319A68}.exe | C:\Windows\{F616B968-A0B2-413c-AE02-9A977F36C27E}.exe | N/A |
| File created | C:\Windows\{F0A907DB-B593-4275-82B0-1B82BC5317DB}.exe | C:\Windows\{A32C73EF-45E9-4846-8B3C-D8B9D6319A68}.exe | N/A |
| File created | C:\Windows\{EBC67108-F3C5-44ea-BD05-AD1C4CA22E8D}.exe | C:\Windows\{356015AB-922D-4168-BA8E-CE88BA550C70}.exe | N/A |
| File created | C:\Windows\{92D1951D-F876-4adb-AC3E-FCA03ED5CE46}.exe | C:\Windows\{0B9E80A4-BD7C-4846-A0C1-095531EF52D3}.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\9d3ffb3396fcb525cc9f30a72c318b4e563603a76f2479f40c15204515272992.exe
"C:\Users\Admin\AppData\Local\Temp\9d3ffb3396fcb525cc9f30a72c318b4e563603a76f2479f40c15204515272992.exe"
C:\Windows\{8C60B2D6-81F0-4cfd-90B1-942FA42C9B9F}.exe
C:\Windows\{8C60B2D6-81F0-4cfd-90B1-942FA42C9B9F}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\9D3FFB~1.EXE > nul
C:\Windows\{1A013FF4-4D48-46c9-B9B0-040BD7A7BB34}.exe
C:\Windows\{1A013FF4-4D48-46c9-B9B0-040BD7A7BB34}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{8C60B~1.EXE > nul
C:\Windows\{757A4BCD-4680-4812-9C1D-6A3B57AD8DA5}.exe
C:\Windows\{757A4BCD-4680-4812-9C1D-6A3B57AD8DA5}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{1A013~1.EXE > nul
C:\Windows\{F616B968-A0B2-413c-AE02-9A977F36C27E}.exe
C:\Windows\{F616B968-A0B2-413c-AE02-9A977F36C27E}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{757A4~1.EXE > nul
C:\Windows\{A32C73EF-45E9-4846-8B3C-D8B9D6319A68}.exe
C:\Windows\{A32C73EF-45E9-4846-8B3C-D8B9D6319A68}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{F616B~1.EXE > nul
C:\Windows\{F0A907DB-B593-4275-82B0-1B82BC5317DB}.exe
C:\Windows\{F0A907DB-B593-4275-82B0-1B82BC5317DB}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{A32C7~1.EXE > nul
C:\Windows\{356015AB-922D-4168-BA8E-CE88BA550C70}.exe
C:\Windows\{356015AB-922D-4168-BA8E-CE88BA550C70}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{F0A90~1.EXE > nul
C:\Windows\{EBC67108-F3C5-44ea-BD05-AD1C4CA22E8D}.exe
C:\Windows\{EBC67108-F3C5-44ea-BD05-AD1C4CA22E8D}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{35601~1.EXE > nul
C:\Windows\{98160805-914D-4429-B9C7-E7CE6F6D47A9}.exe
C:\Windows\{98160805-914D-4429-B9C7-E7CE6F6D47A9}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{EBC67~1.EXE > nul
C:\Windows\{0B9E80A4-BD7C-4846-A0C1-095531EF52D3}.exe
C:\Windows\{0B9E80A4-BD7C-4846-A0C1-095531EF52D3}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{98160~1.EXE > nul
C:\Windows\{92D1951D-F876-4adb-AC3E-FCA03ED5CE46}.exe
C:\Windows\{92D1951D-F876-4adb-AC3E-FCA03ED5CE46}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{0B9E8~1.EXE > nul
C:\Windows\{D2D721A9-F279-4e7f-92EB-46B46B7DEBDB}.exe
C:\Windows\{D2D721A9-F279-4e7f-92EB-46B46B7DEBDB}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{92D19~1.EXE > nul
Network
| Country | Destination | Domain | Proto |
| GB | 23.44.234.16:80 | tcp | |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.223.142.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.1.37.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.239.69.13.in-addr.arpa | udp |
Files
C:\Windows\{8C60B2D6-81F0-4cfd-90B1-942FA42C9B9F}.exe
| MD5 | 4bbbab46959d5880a7702fdbe31d9f2c |
| SHA1 | 129a5da5f34041d996f674b0deabc9dfd854db57 |
| SHA256 | c3c398e5ceb8f5135836b2a39ba8cb90059c30bd99fc45d417027432977639ab |
| SHA512 | f8e253f5a3d7f9ec5686a05b75365d910e2874033257de0df1a852ebbc6a2eef3074d7dd7008087ec6ed7dc872220b67c9002de709def236813a6c1786084cdf |
C:\Windows\{1A013FF4-4D48-46c9-B9B0-040BD7A7BB34}.exe
| MD5 | 73a0bda610aec4a74cc88198d9506b63 |
| SHA1 | 6b15af46c41cb5ecba24d040a0c37160a3019f6d |
| SHA256 | de523d555b10052e4b312a66cebf7597c2161c2f48837e6010ad13ac90ffa248 |
| SHA512 | 71ce035ebae24159e90b23490948ce3ec41392a3bcd6c05f7fbe2a8884a1b914cbf6e628782ff713e58c534d4db1989ee2de75fcbeffb7a9972a5cdc379e46d0 |
C:\Windows\{757A4BCD-4680-4812-9C1D-6A3B57AD8DA5}.exe
| MD5 | 742d97993cfaac41fe027562fd4f7a38 |
| SHA1 | e7fbe60c24299583acc22fdf3b789ec61dafabb1 |
| SHA256 | 0f2f023b13e21b8d4ae8fc9f2cde3fa0b7c0d7a07171410c775476898edaa34b |
| SHA512 | b2b1a3fe046ff1206cdf5710874a150fc4cbc89742319c7296ea4446be4b2ac8ff6a2d2719410308366bce8efa0f185e805f79ad269f11741574c5cc30398e36 |
C:\Windows\{F616B968-A0B2-413c-AE02-9A977F36C27E}.exe
| MD5 | 3559fd01643d766124ec4d97ff1d8d23 |
| SHA1 | fccd300d716584fb4161c56fa51f2fa2ffc99715 |
| SHA256 | e96bebe88b38fec477595371481179f1e985d96e58080e285f953958a4f958ba |
| SHA512 | b2154174dee03a8c9b76edf4332a5f4af629c936d70b6148380f3f15bec30c42dae2d1c9d8173982166d5cc10903c6f81022b1d9966c89edb5150b0745b3202a |
C:\Windows\{A32C73EF-45E9-4846-8B3C-D8B9D6319A68}.exe
| MD5 | 6fe9d11a0e070b0c8dc4330b5088aee3 |
| SHA1 | b4e74cdb5f5aba4e56d82ee8ed1dd3d80fc81f80 |
| SHA256 | 03820abe8db6c2b61d31c850d5eea1881b1680e94a3292fe216e96091d6df8bc |
| SHA512 | 0db91ef7afc95d9fff69b0f42bac90b7ceb1451dcf3a6aacc18c4faa65ef072cb667215931cd52b7230c822517493054e450546224bef84d6dd8f3be917aec79 |
C:\Windows\{F0A907DB-B593-4275-82B0-1B82BC5317DB}.exe
| MD5 | 31e084c7f6224b7c8fbfb3ea01cdbcac |
| SHA1 | 4a453fa81fe2288fae184e82ed0db3fd952a1800 |
| SHA256 | 52f88e6dbe615bdf93f98c7332229d27f704d3b2e54afcbcf7fee8361f12d7d6 |
| SHA512 | 261fd05499bd4ad717e23c7db7fd5dc28e80ec9ba95239d62b5193655e22475f5b6b64f5f09a91dc577278a4bd39f8d4506b010c01aeb95bdbbf7e3fa0fa1da4 |
C:\Windows\{356015AB-922D-4168-BA8E-CE88BA550C70}.exe
| MD5 | 73b0cb40e2caedbecca6c24459edc291 |
| SHA1 | 1b572c2992272c687f1a1b798d224dc977f80137 |
| SHA256 | b8b6d78788b70e5483a93d65e1abc9939d313aa0d3cd1f2203ebb545607f50fd |
| SHA512 | 1025b1d272266e77d9d1260e3af469460781d8395855da37755c063ec4266a9e945699a24eec3492175f73b75aa76a057b0e32d7b207e09d3086daf27fac3ef4 |
C:\Windows\{EBC67108-F3C5-44ea-BD05-AD1C4CA22E8D}.exe
| MD5 | e71791efa8f064a7f82feae091111e7d |
| SHA1 | 45f8b15596e93240b5cd2a2800142d0a8effddb7 |
| SHA256 | 549cd4ad997c19426ee43ff266618422f7e15f375a81a2d5975f062fef50e778 |
| SHA512 | e18043d479e2889cd75ad74353d41d48d09aa433b81de6c6254540cba20a40d4ddbdff99ed81f993e3b0e97cae2d964744016b9f779c126a2dc2d750a5ad1192 |
C:\Windows\{98160805-914D-4429-B9C7-E7CE6F6D47A9}.exe
| MD5 | dca5b88a213c2124bddc2df9a24fb20a |
| SHA1 | d044710fcda876244696dcfe799a78cf141a5cb7 |
| SHA256 | fd42986c0b25f1638df263e03ae76db48a37b1519f2cb46fb111bee45ba32973 |
| SHA512 | 59ad0d3670b949f565409f38fbfb3c14d0b6dfa446e8b89069a759e93ba182bdc22416b54f251602c59c75ffec2a0a3d7e98fe8fa192c469f3af36d79d807df5 |
C:\Windows\{0B9E80A4-BD7C-4846-A0C1-095531EF52D3}.exe
| MD5 | 12e90355047c0064095ff430a5924a8f |
| SHA1 | 3953c93e1a2e9cfc5edd188ebc6e8e0ae2bbb567 |
| SHA256 | f032e184335bc1471138d3d337ee42f5f4e73d4af6464ce99efb82892e9a972b |
| SHA512 | 47225d2f8b27b164286a074395f332001e3b43822bad47717ed6cd7f2138c3fcb9373739f42e99e72330d4dc97ccbbd808cee0ad593dab8b855cb5dd18590558 |
C:\Windows\{92D1951D-F876-4adb-AC3E-FCA03ED5CE46}.exe
| MD5 | a43d236fc225bcd64a060a0955f0a067 |
| SHA1 | b2c1724e44c1217d85eeda65b997812c7e2cd68f |
| SHA256 | f79f189ec73cd9a478a7b53d35ccd0934d021e74c19082feea11497da544d701 |
| SHA512 | 7b7d7200f872304b81219115861a2bd19599e40adfdccfd837a1ba20c6354f5d363beed8aef1b90c76f4fc4da7eda93d798b81b9dcf3a3e720206716d0757038 |
C:\Windows\{D2D721A9-F279-4e7f-92EB-46B46B7DEBDB}.exe
| MD5 | 0da87e8626d50f3b00c2190f50e7f702 |
| SHA1 | 50412176c435195cea329c50fad9fa853d53766f |
| SHA256 | 889e4857ea455d58787c5eaa4610b7c87113495d6735651086aec578c880c694 |
| SHA512 | faa9411e7e3a7f5456a2d56d341a2db7299d8f6d70fef4d24538b3bbf20aad9d0b92d3523b28ef5cf3a8a1a6aab15797ad4d0b95a68e4e8372c8344e5b6221ed |