Analysis Overview
SHA256
328fb41538fe7ce487e03ac503d4da4ab047dfa65c72d4dcea6f39223be79983
Threat Level: Known bad
The file 328fb41538fe7ce487e03ac503d4da4ab047dfa65c72d4dcea6f39223be79983 was found to be: Known bad.
Malicious Activity Summary
Auto-generated rule
Auto-generated rule
Modifies Installed Components in the registry
Deletes itself
Executes dropped EXE
Drops file in Windows directory
Unsigned PE
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-01 20:03
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-01 20:03
Reported
2024-06-01 20:06
Platform
win7-20240221-en
Max time kernel
144s
Max time network
123s
Command Line
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{BD6E6FBB-7DAF-428d-9DC6-E2DD898ECBDE} | C:\Windows\{57352ABD-CF91-4347-9A4D-2DBA277A61B9}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{9C50E527-07FD-4c76-A471-A588FD4E4552} | C:\Windows\{6FF595D9-519A-45ef-A7B9-CAF818A6B04E}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{8652973A-9E9A-4337-B900-8AF2A0582249} | C:\Windows\{9C50E527-07FD-4c76-A471-A588FD4E4552}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{827E2511-E15D-43f9-BFD9-CD1888AAA72A} | C:\Windows\{B59C3DF5-88AB-4833-8DEC-CD8BA169A7AB}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{91481A97-0C26-4903-AA71-1C8A7C7A1552} | C:\Windows\{BD6E6FBB-7DAF-428d-9DC6-E2DD898ECBDE}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{6FF595D9-519A-45ef-A7B9-CAF818A6B04E}\stubpath = "C:\\Windows\\{6FF595D9-519A-45ef-A7B9-CAF818A6B04E}.exe" | C:\Windows\{91481A97-0C26-4903-AA71-1C8A7C7A1552}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{583F0504-4668-4df7-862A-A3B7E32BB90E}\stubpath = "C:\\Windows\\{583F0504-4668-4df7-862A-A3B7E32BB90E}.exe" | C:\Users\Admin\AppData\Local\Temp\328fb41538fe7ce487e03ac503d4da4ab047dfa65c72d4dcea6f39223be79983.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{570AB2B4-CAA4-4e83-99DF-98C483A62FF7} | C:\Windows\{583F0504-4668-4df7-862A-A3B7E32BB90E}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{570AB2B4-CAA4-4e83-99DF-98C483A62FF7}\stubpath = "C:\\Windows\\{570AB2B4-CAA4-4e83-99DF-98C483A62FF7}.exe" | C:\Windows\{583F0504-4668-4df7-862A-A3B7E32BB90E}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{57352ABD-CF91-4347-9A4D-2DBA277A61B9}\stubpath = "C:\\Windows\\{57352ABD-CF91-4347-9A4D-2DBA277A61B9}.exe" | C:\Windows\{827E2511-E15D-43f9-BFD9-CD1888AAA72A}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{6FF595D9-519A-45ef-A7B9-CAF818A6B04E} | C:\Windows\{91481A97-0C26-4903-AA71-1C8A7C7A1552}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{9C50E527-07FD-4c76-A471-A588FD4E4552}\stubpath = "C:\\Windows\\{9C50E527-07FD-4c76-A471-A588FD4E4552}.exe" | C:\Windows\{6FF595D9-519A-45ef-A7B9-CAF818A6B04E}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{8652973A-9E9A-4337-B900-8AF2A0582249}\stubpath = "C:\\Windows\\{8652973A-9E9A-4337-B900-8AF2A0582249}.exe" | C:\Windows\{9C50E527-07FD-4c76-A471-A588FD4E4552}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{FB5F4AD3-8F67-48b4-AFAA-263EDE19EAF0}\stubpath = "C:\\Windows\\{FB5F4AD3-8F67-48b4-AFAA-263EDE19EAF0}.exe" | C:\Windows\{8652973A-9E9A-4337-B900-8AF2A0582249}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{583F0504-4668-4df7-862A-A3B7E32BB90E} | C:\Users\Admin\AppData\Local\Temp\328fb41538fe7ce487e03ac503d4da4ab047dfa65c72d4dcea6f39223be79983.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{B59C3DF5-88AB-4833-8DEC-CD8BA169A7AB}\stubpath = "C:\\Windows\\{B59C3DF5-88AB-4833-8DEC-CD8BA169A7AB}.exe" | C:\Windows\{570AB2B4-CAA4-4e83-99DF-98C483A62FF7}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{827E2511-E15D-43f9-BFD9-CD1888AAA72A}\stubpath = "C:\\Windows\\{827E2511-E15D-43f9-BFD9-CD1888AAA72A}.exe" | C:\Windows\{B59C3DF5-88AB-4833-8DEC-CD8BA169A7AB}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{57352ABD-CF91-4347-9A4D-2DBA277A61B9} | C:\Windows\{827E2511-E15D-43f9-BFD9-CD1888AAA72A}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{BD6E6FBB-7DAF-428d-9DC6-E2DD898ECBDE}\stubpath = "C:\\Windows\\{BD6E6FBB-7DAF-428d-9DC6-E2DD898ECBDE}.exe" | C:\Windows\{57352ABD-CF91-4347-9A4D-2DBA277A61B9}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{91481A97-0C26-4903-AA71-1C8A7C7A1552}\stubpath = "C:\\Windows\\{91481A97-0C26-4903-AA71-1C8A7C7A1552}.exe" | C:\Windows\{BD6E6FBB-7DAF-428d-9DC6-E2DD898ECBDE}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{FB5F4AD3-8F67-48b4-AFAA-263EDE19EAF0} | C:\Windows\{8652973A-9E9A-4337-B900-8AF2A0582249}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{B59C3DF5-88AB-4833-8DEC-CD8BA169A7AB} | C:\Windows\{570AB2B4-CAA4-4e83-99DF-98C483A62FF7}.exe | N/A |
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\cmd.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\{583F0504-4668-4df7-862A-A3B7E32BB90E}.exe | N/A |
| N/A | N/A | C:\Windows\{570AB2B4-CAA4-4e83-99DF-98C483A62FF7}.exe | N/A |
| N/A | N/A | C:\Windows\{B59C3DF5-88AB-4833-8DEC-CD8BA169A7AB}.exe | N/A |
| N/A | N/A | C:\Windows\{827E2511-E15D-43f9-BFD9-CD1888AAA72A}.exe | N/A |
| N/A | N/A | C:\Windows\{57352ABD-CF91-4347-9A4D-2DBA277A61B9}.exe | N/A |
| N/A | N/A | C:\Windows\{BD6E6FBB-7DAF-428d-9DC6-E2DD898ECBDE}.exe | N/A |
| N/A | N/A | C:\Windows\{91481A97-0C26-4903-AA71-1C8A7C7A1552}.exe | N/A |
| N/A | N/A | C:\Windows\{6FF595D9-519A-45ef-A7B9-CAF818A6B04E}.exe | N/A |
| N/A | N/A | C:\Windows\{9C50E527-07FD-4c76-A471-A588FD4E4552}.exe | N/A |
| N/A | N/A | C:\Windows\{8652973A-9E9A-4337-B900-8AF2A0582249}.exe | N/A |
| N/A | N/A | C:\Windows\{FB5F4AD3-8F67-48b4-AFAA-263EDE19EAF0}.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\{91481A97-0C26-4903-AA71-1C8A7C7A1552}.exe | C:\Windows\{BD6E6FBB-7DAF-428d-9DC6-E2DD898ECBDE}.exe | N/A |
| File created | C:\Windows\{6FF595D9-519A-45ef-A7B9-CAF818A6B04E}.exe | C:\Windows\{91481A97-0C26-4903-AA71-1C8A7C7A1552}.exe | N/A |
| File created | C:\Windows\{9C50E527-07FD-4c76-A471-A588FD4E4552}.exe | C:\Windows\{6FF595D9-519A-45ef-A7B9-CAF818A6B04E}.exe | N/A |
| File created | C:\Windows\{8652973A-9E9A-4337-B900-8AF2A0582249}.exe | C:\Windows\{9C50E527-07FD-4c76-A471-A588FD4E4552}.exe | N/A |
| File created | C:\Windows\{57352ABD-CF91-4347-9A4D-2DBA277A61B9}.exe | C:\Windows\{827E2511-E15D-43f9-BFD9-CD1888AAA72A}.exe | N/A |
| File created | C:\Windows\{BD6E6FBB-7DAF-428d-9DC6-E2DD898ECBDE}.exe | C:\Windows\{57352ABD-CF91-4347-9A4D-2DBA277A61B9}.exe | N/A |
| File created | C:\Windows\{FB5F4AD3-8F67-48b4-AFAA-263EDE19EAF0}.exe | C:\Windows\{8652973A-9E9A-4337-B900-8AF2A0582249}.exe | N/A |
| File created | C:\Windows\{583F0504-4668-4df7-862A-A3B7E32BB90E}.exe | C:\Users\Admin\AppData\Local\Temp\328fb41538fe7ce487e03ac503d4da4ab047dfa65c72d4dcea6f39223be79983.exe | N/A |
| File created | C:\Windows\{570AB2B4-CAA4-4e83-99DF-98C483A62FF7}.exe | C:\Windows\{583F0504-4668-4df7-862A-A3B7E32BB90E}.exe | N/A |
| File created | C:\Windows\{B59C3DF5-88AB-4833-8DEC-CD8BA169A7AB}.exe | C:\Windows\{570AB2B4-CAA4-4e83-99DF-98C483A62FF7}.exe | N/A |
| File created | C:\Windows\{827E2511-E15D-43f9-BFD9-CD1888AAA72A}.exe | C:\Windows\{B59C3DF5-88AB-4833-8DEC-CD8BA169A7AB}.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\328fb41538fe7ce487e03ac503d4da4ab047dfa65c72d4dcea6f39223be79983.exe
"C:\Users\Admin\AppData\Local\Temp\328fb41538fe7ce487e03ac503d4da4ab047dfa65c72d4dcea6f39223be79983.exe"
C:\Windows\{583F0504-4668-4df7-862A-A3B7E32BB90E}.exe
C:\Windows\{583F0504-4668-4df7-862A-A3B7E32BB90E}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\328FB4~1.EXE > nul
C:\Windows\{570AB2B4-CAA4-4e83-99DF-98C483A62FF7}.exe
C:\Windows\{570AB2B4-CAA4-4e83-99DF-98C483A62FF7}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{583F0~1.EXE > nul
C:\Windows\{B59C3DF5-88AB-4833-8DEC-CD8BA169A7AB}.exe
C:\Windows\{B59C3DF5-88AB-4833-8DEC-CD8BA169A7AB}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{570AB~1.EXE > nul
C:\Windows\{827E2511-E15D-43f9-BFD9-CD1888AAA72A}.exe
C:\Windows\{827E2511-E15D-43f9-BFD9-CD1888AAA72A}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{B59C3~1.EXE > nul
C:\Windows\{57352ABD-CF91-4347-9A4D-2DBA277A61B9}.exe
C:\Windows\{57352ABD-CF91-4347-9A4D-2DBA277A61B9}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{827E2~1.EXE > nul
C:\Windows\{BD6E6FBB-7DAF-428d-9DC6-E2DD898ECBDE}.exe
C:\Windows\{BD6E6FBB-7DAF-428d-9DC6-E2DD898ECBDE}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{57352~1.EXE > nul
C:\Windows\{91481A97-0C26-4903-AA71-1C8A7C7A1552}.exe
C:\Windows\{91481A97-0C26-4903-AA71-1C8A7C7A1552}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{BD6E6~1.EXE > nul
C:\Windows\{6FF595D9-519A-45ef-A7B9-CAF818A6B04E}.exe
C:\Windows\{6FF595D9-519A-45ef-A7B9-CAF818A6B04E}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{91481~1.EXE > nul
C:\Windows\{9C50E527-07FD-4c76-A471-A588FD4E4552}.exe
C:\Windows\{9C50E527-07FD-4c76-A471-A588FD4E4552}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{6FF59~1.EXE > nul
C:\Windows\{8652973A-9E9A-4337-B900-8AF2A0582249}.exe
C:\Windows\{8652973A-9E9A-4337-B900-8AF2A0582249}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{9C50E~1.EXE > nul
C:\Windows\{FB5F4AD3-8F67-48b4-AFAA-263EDE19EAF0}.exe
C:\Windows\{FB5F4AD3-8F67-48b4-AFAA-263EDE19EAF0}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{86529~1.EXE > nul
Network
Files
C:\Windows\{583F0504-4668-4df7-862A-A3B7E32BB90E}.exe
| MD5 | 8ef79a307c0514f7934efa6ff26356fc |
| SHA1 | e7f1f3384aa542cd1b8a3c962c187f516e26009d |
| SHA256 | 07734619d188010d73517565655e9aff5a8e5cfb11d337ef2dfd046377ea4d25 |
| SHA512 | f90d1d94642c8d6ba17ded1c57a55c5aa24081b107acfe0f6f96d44e1877a7b6a4bd128ee9af28c228e194af75012f82031ac823bf56f24ed104327e94b36a03 |
C:\Windows\{570AB2B4-CAA4-4e83-99DF-98C483A62FF7}.exe
| MD5 | 3afcf82d1b8edb5c9090abb7753e444b |
| SHA1 | d9980e74c151c3af9edf1dd67f064aada2d160ce |
| SHA256 | 7a8298e77d312fd5983d6fdc285b14ce2c2840e3a9c790fc01427c7dc9797d51 |
| SHA512 | 232f7823907950d8a26a772977b0c3cd6dc2ecae58b817b2d73291b957758d6d089587ec1be20fef5de5fd86900a5901f709daa5467e6e288b22d060591e3847 |
C:\Windows\{B59C3DF5-88AB-4833-8DEC-CD8BA169A7AB}.exe
| MD5 | 4f49d3221b169d0f443a764c561282cb |
| SHA1 | 3d07752cb308995a80cb876766ed74711d9b7ddb |
| SHA256 | af591d9150a425cba862abc06f4ec24f6903a71cd324861d2532f3e8d31f3387 |
| SHA512 | b45d528f4439eaef642a4a2c8918217d2586b51bc8357ca4bee6d811dd35d9d8f0193a366b798a77ff22176038596faf2c850d44acf0c8d187a8b40174b73f8f |
C:\Windows\{827E2511-E15D-43f9-BFD9-CD1888AAA72A}.exe
| MD5 | 31b404dd80336db87af8e143e4861a89 |
| SHA1 | 33ad0b796161075cee4a8eddec7c1552c20a7a5d |
| SHA256 | c0255909237a8666a8001f37ae7d1384ebe4b949c2cf443defa93367f9fbf12d |
| SHA512 | 8ff7027db772dad7751fed0f4089d862c6264d07f0933282966e9902f75230e719f2394252d9d114c9c69ce49fe500846c2ae88723eda59aedbae9537c6e63e9 |
C:\Windows\{57352ABD-CF91-4347-9A4D-2DBA277A61B9}.exe
| MD5 | 977e5dd93f71f11f74d5d4ea816cf6f9 |
| SHA1 | e986745c4d9f188892cc95dd9d8e98f2217bd359 |
| SHA256 | 67f2a72a657e7f6073449a559de46f24ce925cb2ef436d5d3c01b2bc70ffb12a |
| SHA512 | 399a53a3b0ded53b43e526bc9c56f8f583f1e9f955313c828e28a445eb998bf482ad2b687b28f6524afc0707636621f4d332fda85e14f6cc0bd2b3966634e199 |
C:\Windows\{BD6E6FBB-7DAF-428d-9DC6-E2DD898ECBDE}.exe
| MD5 | 72c09f7f23d748277502275714aeafa1 |
| SHA1 | 81803bbe706c107a69404fad679ea370338808f3 |
| SHA256 | 00ad61d000ac006e238111f34d0613dda329514a69f61b3cb07614ab3c5cb8c2 |
| SHA512 | 819c6a18538e5e25856917f45674926a1de94d53ed1ec1e313860e9f277c765a5e606dfc61728a38fd37ed1fbc99c14c7ca4d05e6e449c92ca93367a7f7f2584 |
C:\Windows\{91481A97-0C26-4903-AA71-1C8A7C7A1552}.exe
| MD5 | 988418e4add61b65a248160e1a56a428 |
| SHA1 | 495dd4940359038d5b3e53aa74534163aad270ba |
| SHA256 | 5add6355bfcc0bb0c879bb88356b929794ddf97bce632377da690c8f657b4377 |
| SHA512 | 926b59c7868108caa467fb6b9042e0850bff243a7eb4fa64dce2b7bec81da05c67c05815173ebaba417e4e3567096b7059ec26acac2facdc0acaeef8322bdee9 |
C:\Windows\{6FF595D9-519A-45ef-A7B9-CAF818A6B04E}.exe
| MD5 | 7e66924e521182f1eb8ae885ddae7938 |
| SHA1 | eef92e542ae9175da4961f84f8ac9ac72daaf70d |
| SHA256 | 9ea41dbb280294aefd2b2ed4993534316fe54e44f7915695b7c3b7c26aec59d6 |
| SHA512 | 93aceaf953211ee8343197257b5913e9dc5f5813ae6f2c43812752f598996a0d7e056e4b5bd97fa15b8ad5601322c81c56f7701d9a8c5c0e63effd237f55b4e8 |
C:\Windows\{9C50E527-07FD-4c76-A471-A588FD4E4552}.exe
| MD5 | 51211d298ef322603045acbe6e77f5ac |
| SHA1 | 44e76636581a54fe0a26c2884c29f01a2c2a05ee |
| SHA256 | 04d001b7a94318308d066e0852008e5fcf28cb8682f99da7262032065a60c6de |
| SHA512 | 7de8ffec4d2bd4f798d4f55424bd1675ee45b9ec4f7e0b85978f89d89d090558749fe37b99f9e5c3b161927ebff1f729ee91591abbea91490e4bb2359ed77b61 |
C:\Windows\{8652973A-9E9A-4337-B900-8AF2A0582249}.exe
| MD5 | 6943f16399b2a8d5e125e001809383d7 |
| SHA1 | 13f2efd26bee2a7f51eae69d3dbc88863f8f2ca4 |
| SHA256 | 657bd5f41c575ba61ab12d6b0c40fb50199feece7d9755caa994dcc35ecac670 |
| SHA512 | e68f4fd31458f53ea26e3ab33cc1c99a2763d620416adf396e5ce1b07fbc436674f539ce71254132aca940d19ab3611afe60635e79c3473090f644b25bdd3cac |
C:\Windows\{FB5F4AD3-8F67-48b4-AFAA-263EDE19EAF0}.exe
| MD5 | abe565f508e135d0e5c6379e4a4fd601 |
| SHA1 | 9eda7b23016c4f44986c4eaa3fe4babdac400238 |
| SHA256 | 723ced98d1c460592ff954c38636466cc855cabad779689b890b3d986b9bccd9 |
| SHA512 | cd0e1c55d646f93755eb45c00f9fe602dfefe0fd9b893636db72ef5560157b1be23a0450e6af8d363445450f7a4ee9a8400fc30340a5c4fd8b67890f03bb0e29 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-01 20:03
Reported
2024-06-01 20:06
Platform
win10v2004-20240508-en
Max time kernel
149s
Max time network
150s
Command Line
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{F3CD81BE-666F-4ad8-BBB0-5D314E634756}\stubpath = "C:\\Windows\\{F3CD81BE-666F-4ad8-BBB0-5D314E634756}.exe" | C:\Windows\{A89A0A96-B505-4753-8214-302EDFFD0D1A}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{6724A17D-E6C6-4b8b-A079-06088FCEAC38} | C:\Windows\{0D8BCD23-6AC9-461a-9FBA-8C6B2BC184E4}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{8E6EA05B-4D0E-417a-834D-C612AD3147F6}\stubpath = "C:\\Windows\\{8E6EA05B-4D0E-417a-834D-C612AD3147F6}.exe" | C:\Windows\{C880EA27-C463-46bf-8BE4-0D584F116BC4}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{C73C5DFC-803B-40aa-9E4E-953DF0EAC785}\stubpath = "C:\\Windows\\{C73C5DFC-803B-40aa-9E4E-953DF0EAC785}.exe" | C:\Windows\{2BF07D9D-2D7D-42d4-BC63-49842053B16C}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{377AA324-DAC6-456d-BFD7-9E025BB67430}\stubpath = "C:\\Windows\\{377AA324-DAC6-456d-BFD7-9E025BB67430}.exe" | C:\Windows\{F3CD81BE-666F-4ad8-BBB0-5D314E634756}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{0D8BCD23-6AC9-461a-9FBA-8C6B2BC184E4} | C:\Windows\{475B84CB-6E53-4d93-99BF-B804DBDF097C}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{0D8BCD23-6AC9-461a-9FBA-8C6B2BC184E4}\stubpath = "C:\\Windows\\{0D8BCD23-6AC9-461a-9FBA-8C6B2BC184E4}.exe" | C:\Windows\{475B84CB-6E53-4d93-99BF-B804DBDF097C}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{6724A17D-E6C6-4b8b-A079-06088FCEAC38}\stubpath = "C:\\Windows\\{6724A17D-E6C6-4b8b-A079-06088FCEAC38}.exe" | C:\Windows\{0D8BCD23-6AC9-461a-9FBA-8C6B2BC184E4}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{2E8F43B6-E5AF-454c-B91E-993D578C4D30}\stubpath = "C:\\Windows\\{2E8F43B6-E5AF-454c-B91E-993D578C4D30}.exe" | C:\Windows\{6724A17D-E6C6-4b8b-A079-06088FCEAC38}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{2BF07D9D-2D7D-42d4-BC63-49842053B16C}\stubpath = "C:\\Windows\\{2BF07D9D-2D7D-42d4-BC63-49842053B16C}.exe" | C:\Windows\{51CA59E9-6FF5-4dc8-9117-73B49F4FD5E8}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{51CA59E9-6FF5-4dc8-9117-73B49F4FD5E8}\stubpath = "C:\\Windows\\{51CA59E9-6FF5-4dc8-9117-73B49F4FD5E8}.exe" | C:\Users\Admin\AppData\Local\Temp\328fb41538fe7ce487e03ac503d4da4ab047dfa65c72d4dcea6f39223be79983.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{C73C5DFC-803B-40aa-9E4E-953DF0EAC785} | C:\Windows\{2BF07D9D-2D7D-42d4-BC63-49842053B16C}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{C880EA27-C463-46bf-8BE4-0D584F116BC4} | C:\Windows\{C73C5DFC-803B-40aa-9E4E-953DF0EAC785}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{2E8F43B6-E5AF-454c-B91E-993D578C4D30} | C:\Windows\{6724A17D-E6C6-4b8b-A079-06088FCEAC38}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{51CA59E9-6FF5-4dc8-9117-73B49F4FD5E8} | C:\Users\Admin\AppData\Local\Temp\328fb41538fe7ce487e03ac503d4da4ab047dfa65c72d4dcea6f39223be79983.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{C880EA27-C463-46bf-8BE4-0D584F116BC4}\stubpath = "C:\\Windows\\{C880EA27-C463-46bf-8BE4-0D584F116BC4}.exe" | C:\Windows\{C73C5DFC-803B-40aa-9E4E-953DF0EAC785}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{8E6EA05B-4D0E-417a-834D-C612AD3147F6} | C:\Windows\{C880EA27-C463-46bf-8BE4-0D584F116BC4}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{A89A0A96-B505-4753-8214-302EDFFD0D1A} | C:\Windows\{8E6EA05B-4D0E-417a-834D-C612AD3147F6}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{A89A0A96-B505-4753-8214-302EDFFD0D1A}\stubpath = "C:\\Windows\\{A89A0A96-B505-4753-8214-302EDFFD0D1A}.exe" | C:\Windows\{8E6EA05B-4D0E-417a-834D-C612AD3147F6}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{F3CD81BE-666F-4ad8-BBB0-5D314E634756} | C:\Windows\{A89A0A96-B505-4753-8214-302EDFFD0D1A}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{377AA324-DAC6-456d-BFD7-9E025BB67430} | C:\Windows\{F3CD81BE-666F-4ad8-BBB0-5D314E634756}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{475B84CB-6E53-4d93-99BF-B804DBDF097C} | C:\Windows\{377AA324-DAC6-456d-BFD7-9E025BB67430}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{2BF07D9D-2D7D-42d4-BC63-49842053B16C} | C:\Windows\{51CA59E9-6FF5-4dc8-9117-73B49F4FD5E8}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{475B84CB-6E53-4d93-99BF-B804DBDF097C}\stubpath = "C:\\Windows\\{475B84CB-6E53-4d93-99BF-B804DBDF097C}.exe" | C:\Windows\{377AA324-DAC6-456d-BFD7-9E025BB67430}.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\{51CA59E9-6FF5-4dc8-9117-73B49F4FD5E8}.exe | N/A |
| N/A | N/A | C:\Windows\{2BF07D9D-2D7D-42d4-BC63-49842053B16C}.exe | N/A |
| N/A | N/A | C:\Windows\{C73C5DFC-803B-40aa-9E4E-953DF0EAC785}.exe | N/A |
| N/A | N/A | C:\Windows\{C880EA27-C463-46bf-8BE4-0D584F116BC4}.exe | N/A |
| N/A | N/A | C:\Windows\{8E6EA05B-4D0E-417a-834D-C612AD3147F6}.exe | N/A |
| N/A | N/A | C:\Windows\{A89A0A96-B505-4753-8214-302EDFFD0D1A}.exe | N/A |
| N/A | N/A | C:\Windows\{F3CD81BE-666F-4ad8-BBB0-5D314E634756}.exe | N/A |
| N/A | N/A | C:\Windows\{377AA324-DAC6-456d-BFD7-9E025BB67430}.exe | N/A |
| N/A | N/A | C:\Windows\{475B84CB-6E53-4d93-99BF-B804DBDF097C}.exe | N/A |
| N/A | N/A | C:\Windows\{0D8BCD23-6AC9-461a-9FBA-8C6B2BC184E4}.exe | N/A |
| N/A | N/A | C:\Windows\{6724A17D-E6C6-4b8b-A079-06088FCEAC38}.exe | N/A |
| N/A | N/A | C:\Windows\{2E8F43B6-E5AF-454c-B91E-993D578C4D30}.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\{C73C5DFC-803B-40aa-9E4E-953DF0EAC785}.exe | C:\Windows\{2BF07D9D-2D7D-42d4-BC63-49842053B16C}.exe | N/A |
| File created | C:\Windows\{6724A17D-E6C6-4b8b-A079-06088FCEAC38}.exe | C:\Windows\{0D8BCD23-6AC9-461a-9FBA-8C6B2BC184E4}.exe | N/A |
| File created | C:\Windows\{51CA59E9-6FF5-4dc8-9117-73B49F4FD5E8}.exe | C:\Users\Admin\AppData\Local\Temp\328fb41538fe7ce487e03ac503d4da4ab047dfa65c72d4dcea6f39223be79983.exe | N/A |
| File created | C:\Windows\{2BF07D9D-2D7D-42d4-BC63-49842053B16C}.exe | C:\Windows\{51CA59E9-6FF5-4dc8-9117-73B49F4FD5E8}.exe | N/A |
| File created | C:\Windows\{C880EA27-C463-46bf-8BE4-0D584F116BC4}.exe | C:\Windows\{C73C5DFC-803B-40aa-9E4E-953DF0EAC785}.exe | N/A |
| File created | C:\Windows\{8E6EA05B-4D0E-417a-834D-C612AD3147F6}.exe | C:\Windows\{C880EA27-C463-46bf-8BE4-0D584F116BC4}.exe | N/A |
| File created | C:\Windows\{A89A0A96-B505-4753-8214-302EDFFD0D1A}.exe | C:\Windows\{8E6EA05B-4D0E-417a-834D-C612AD3147F6}.exe | N/A |
| File created | C:\Windows\{F3CD81BE-666F-4ad8-BBB0-5D314E634756}.exe | C:\Windows\{A89A0A96-B505-4753-8214-302EDFFD0D1A}.exe | N/A |
| File created | C:\Windows\{377AA324-DAC6-456d-BFD7-9E025BB67430}.exe | C:\Windows\{F3CD81BE-666F-4ad8-BBB0-5D314E634756}.exe | N/A |
| File created | C:\Windows\{475B84CB-6E53-4d93-99BF-B804DBDF097C}.exe | C:\Windows\{377AA324-DAC6-456d-BFD7-9E025BB67430}.exe | N/A |
| File created | C:\Windows\{0D8BCD23-6AC9-461a-9FBA-8C6B2BC184E4}.exe | C:\Windows\{475B84CB-6E53-4d93-99BF-B804DBDF097C}.exe | N/A |
| File created | C:\Windows\{2E8F43B6-E5AF-454c-B91E-993D578C4D30}.exe | C:\Windows\{6724A17D-E6C6-4b8b-A079-06088FCEAC38}.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\328fb41538fe7ce487e03ac503d4da4ab047dfa65c72d4dcea6f39223be79983.exe
"C:\Users\Admin\AppData\Local\Temp\328fb41538fe7ce487e03ac503d4da4ab047dfa65c72d4dcea6f39223be79983.exe"
C:\Windows\{51CA59E9-6FF5-4dc8-9117-73B49F4FD5E8}.exe
C:\Windows\{51CA59E9-6FF5-4dc8-9117-73B49F4FD5E8}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\328FB4~1.EXE > nul
C:\Windows\{2BF07D9D-2D7D-42d4-BC63-49842053B16C}.exe
C:\Windows\{2BF07D9D-2D7D-42d4-BC63-49842053B16C}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{51CA5~1.EXE > nul
C:\Windows\{C73C5DFC-803B-40aa-9E4E-953DF0EAC785}.exe
C:\Windows\{C73C5DFC-803B-40aa-9E4E-953DF0EAC785}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{2BF07~1.EXE > nul
C:\Windows\{C880EA27-C463-46bf-8BE4-0D584F116BC4}.exe
C:\Windows\{C880EA27-C463-46bf-8BE4-0D584F116BC4}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{C73C5~1.EXE > nul
C:\Windows\{8E6EA05B-4D0E-417a-834D-C612AD3147F6}.exe
C:\Windows\{8E6EA05B-4D0E-417a-834D-C612AD3147F6}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{C880E~1.EXE > nul
C:\Windows\{A89A0A96-B505-4753-8214-302EDFFD0D1A}.exe
C:\Windows\{A89A0A96-B505-4753-8214-302EDFFD0D1A}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{8E6EA~1.EXE > nul
C:\Windows\{F3CD81BE-666F-4ad8-BBB0-5D314E634756}.exe
C:\Windows\{F3CD81BE-666F-4ad8-BBB0-5D314E634756}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{A89A0~1.EXE > nul
C:\Windows\{377AA324-DAC6-456d-BFD7-9E025BB67430}.exe
C:\Windows\{377AA324-DAC6-456d-BFD7-9E025BB67430}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{F3CD8~1.EXE > nul
C:\Windows\{475B84CB-6E53-4d93-99BF-B804DBDF097C}.exe
C:\Windows\{475B84CB-6E53-4d93-99BF-B804DBDF097C}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{377AA~1.EXE > nul
C:\Windows\{0D8BCD23-6AC9-461a-9FBA-8C6B2BC184E4}.exe
C:\Windows\{0D8BCD23-6AC9-461a-9FBA-8C6B2BC184E4}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{475B8~1.EXE > nul
C:\Windows\{6724A17D-E6C6-4b8b-A079-06088FCEAC38}.exe
C:\Windows\{6724A17D-E6C6-4b8b-A079-06088FCEAC38}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{0D8BC~1.EXE > nul
C:\Windows\{2E8F43B6-E5AF-454c-B91E-993D578C4D30}.exe
C:\Windows\{2E8F43B6-E5AF-454c-B91E-993D578C4D30}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{6724A~1.EXE > nul
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.162.46.104.in-addr.arpa | udp |
Files
C:\Windows\{51CA59E9-6FF5-4dc8-9117-73B49F4FD5E8}.exe
| MD5 | 6d2700d43ab214f5bb945b1109c599d9 |
| SHA1 | 1263dffd884fa619450524b3058c1eeb0cb5e178 |
| SHA256 | 58f5647342fb23e52de8e8f4dabb9e02a834b2c6276f62bb5079060675615366 |
| SHA512 | 1cc8df890b36dbd108b1ca3ea65411b5d1eafbcff4d18632979aa3b5b28469e757e3b26becece3b10056936e4aa9c21ef91a5d4b8fd3fae4547636a6fe6ef7ff |
C:\Windows\{2BF07D9D-2D7D-42d4-BC63-49842053B16C}.exe
| MD5 | fb9fa6901e08ed29ca0e4ec54a27b66a |
| SHA1 | 99ac0efef58918cd8cf5225e7338671444a1dc76 |
| SHA256 | 98b2209488d63e2efafa0bfa4069fd6b36fa32382c3ecd7530d9ce9740a1c212 |
| SHA512 | 0d664bc91ec44172b4223a10be7666bcdc155230920cd6acf97b771d8c2a14c4dcb2c833d221d0734a90897276ffaddf26657c3330ceb1e8028c5706fe2cb68d |
C:\Windows\{C73C5DFC-803B-40aa-9E4E-953DF0EAC785}.exe
| MD5 | a281229ec9b9ebb9ef4a4e33b820b90c |
| SHA1 | 920dbf3bcbe109e43cec76fe8ebec74a8c1b9ae7 |
| SHA256 | 55dca7929eac6405eabc62adde148538b575849772d269db273fa253bf931e45 |
| SHA512 | 4039c1d72508f6bddf103613669ef4f92c5e4ce578ddddab71c1a3b1af28d3100bae9892c0d271f37700156477b3804ef9a3328487f13bc5b6d861da34a8694b |
C:\Windows\{C880EA27-C463-46bf-8BE4-0D584F116BC4}.exe
| MD5 | d6fecf1449760d73a4a3ab18b2b8c220 |
| SHA1 | 1d0e8f33234b401390f00cef3193921493144808 |
| SHA256 | c42ab485d30e8a13b81ec73f9fc3e775baeed5e08cb2538f67a1d0b0147893dc |
| SHA512 | b86b980fda3d40a44d688979a91fbc5a55d3010fed1f48dd342a38a3619bd51b4a9f0a7556b9232e59e858c3299d0ba66552044082f97172274b2dbb1fc366c5 |
C:\Windows\{8E6EA05B-4D0E-417a-834D-C612AD3147F6}.exe
| MD5 | 21f0859469d4b20a5fae45dd36d97681 |
| SHA1 | 54a22929f240db0a65a28576c1211b1637d2cf56 |
| SHA256 | cfb8e2a8fbd7ad3e75498d7784a123871987f6b989b1d319bbb5610d3c8f1016 |
| SHA512 | 113f8419f540966943c269be871e5764a914d188b5eb6fd0cfdbdcb9c316a42bee7569909f9efe50662643356c2c9bedb070b9d71e52434318c39e141e954b81 |
C:\Windows\{A89A0A96-B505-4753-8214-302EDFFD0D1A}.exe
| MD5 | 2310ec4b0e5a155db4071feda377c54b |
| SHA1 | fac5f67df40339ec44915781c45aac5b81932320 |
| SHA256 | 8a984ebccea2244e1c204830e5f1bbce70d76adca0a3ee3501452d230020e6c9 |
| SHA512 | 9da637136be898192af27c5f8473dafc19aed9a89a324890b20f9174d85ca185f88a763e8bba2401ad1ed974e56f8b0e88f32920482bf2a2db8d36290b42ab56 |
C:\Windows\{F3CD81BE-666F-4ad8-BBB0-5D314E634756}.exe
| MD5 | 31b424f2aeb7f298585b569401b805e0 |
| SHA1 | ad7e98bcc10175b6ee1a5fd37a24d66e12158397 |
| SHA256 | 4dc964f34d897e3b9223ba062f4c6d1999a7e3414f682fc3e0830a39887b1ead |
| SHA512 | 018587a261d58e0aa91adbd30cca17309a7b51486fe08f0076f1fde0580f9d3852ee6c55568b1b3f19585594217df38b872992263c3fd81ce2c06755759a5f7d |
C:\Windows\{377AA324-DAC6-456d-BFD7-9E025BB67430}.exe
| MD5 | e6009c9425a572bc42480d766f45c186 |
| SHA1 | 643845a4e37b0cd54f99a86e84c7d614f34dba40 |
| SHA256 | 2562b680ec15ed8610d0bfca107a1ee9b2574c4a44b3a3d9b8462b7886a2bbab |
| SHA512 | 0877e89127977d3336df22529123f0e418cda75d085656742a2a3b6506b3daccd2ce0aa564066abe24ccdad3ed0787ef2d693bee944f7b66d60fc8c86f873957 |
C:\Windows\{475B84CB-6E53-4d93-99BF-B804DBDF097C}.exe
| MD5 | b2dc160dc4ac176fab18183229680489 |
| SHA1 | 8ec186440e344fa0f3b4aa8a25d68ecbd4c4710f |
| SHA256 | b296bfebee036455937a488aec27b2e667d0f06a2417fca4f9f750b195374cb4 |
| SHA512 | be38723f1cde4a2c0060c64a6bd5cd9a2f0e18e0b54fb3f07a4eb1d03827208c38badd8630bbaabbf4b804cb79814bb1aefebffa76bf98f94bb7efae1217122b |
C:\Windows\{0D8BCD23-6AC9-461a-9FBA-8C6B2BC184E4}.exe
| MD5 | dd5f7f1ecf35984973d3759799e7e1be |
| SHA1 | 80cb8c95b0c2adb0223320c4dfdd5f79c9f16d67 |
| SHA256 | ec55af99e27e91f6367a47e1a99ded0926acd3cc8c29199b08703dba435f4d10 |
| SHA512 | 16f2af022d1407a66ad090bebb08de6497df2c8e372117c2bd2d6a84623a23fbf9b9c9840ba950cc2efae689f8df8c863a4ba8a600ae28fe5d4d9a9931c1ddb8 |
C:\Windows\{6724A17D-E6C6-4b8b-A079-06088FCEAC38}.exe
| MD5 | 18ea16050465512f9aae2af01e27c481 |
| SHA1 | ded90b771c7eca7c77e989c1954713abb8c0a69b |
| SHA256 | 22079bde503d3a6ead1cb044a84c9d751892f82f999d4952d48aa363c8fce2ba |
| SHA512 | 86ef288b784d69528278b82c608d50fb7b6c1fd66c5b988c2eb19c9c483044f0d4bcd2a057218230433b9ff3600877abccacd82f7914017d246191257f278dc6 |
C:\Windows\{2E8F43B6-E5AF-454c-B91E-993D578C4D30}.exe
| MD5 | 9ab018879f61459b2ade7a4049f3b746 |
| SHA1 | 68355f5b386fb8dffef310e048ca2ef8b3e7ba58 |
| SHA256 | bec32f36f2b1662aa6f56c646d4e5bb236e756295afb4c5d8b909a5f670c7de3 |
| SHA512 | 4377c6d8ffec6fbd07c9d5fe9e6da4bcfff0c7f17b577efffd79d165a851421859c0909402f588cbb3d87250ceacfc09676f14aed3e129e2dffd399e38a7da64 |