Analysis Overview
SHA256
b5fb24a70bcacc243d2cb1edd521b5b33f627931b10341b3fa172aa06b29cf1e
Threat Level: Known bad
The file b5fb24a70bcacc243d2cb1edd521b5b33f627931b10341b3fa172aa06b29cf1e was found to be: Known bad.
Malicious Activity Summary
Auto-generated rule
Auto-generated rule
Modifies Installed Components in the registry
Deletes itself
Executes dropped EXE
Drops file in Windows directory
Unsigned PE
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-14 03:05
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-14 03:05
Reported
2024-06-14 03:07
Platform
win7-20240508-en
Max time kernel
144s
Max time network
120s
Command Line
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{259A5A8C-18F7-4a82-A003-BE60C889E5A7}\stubpath = "C:\\Windows\\{259A5A8C-18F7-4a82-A003-BE60C889E5A7}.exe" | C:\Windows\{E6592C5D-E8A8-4514-ACDE-1A1BD9617568}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{D9F81885-FCC1-4dd8-8BA4-CADAFF680539} | C:\Windows\{2A6FF509-51A9-4804-831E-6799D3C21FB3}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{DFCE99C5-DBE1-4662-991A-0EC9BDBCFE7A}\stubpath = "C:\\Windows\\{DFCE99C5-DBE1-4662-991A-0EC9BDBCFE7A}.exe" | C:\Windows\{D9F81885-FCC1-4dd8-8BA4-CADAFF680539}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{069B1446-4C8C-4363-88F4-5A31B59F01ED}\stubpath = "C:\\Windows\\{069B1446-4C8C-4363-88F4-5A31B59F01ED}.exe" | C:\Windows\{AD10995C-36BE-4b86-BAB6-A34F3056218E}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{76E42CF1-EB2D-4daf-A24D-8F22DA7E0D52}\stubpath = "C:\\Windows\\{76E42CF1-EB2D-4daf-A24D-8F22DA7E0D52}.exe" | C:\Windows\{25A5C5DE-8C22-492a-ABC4-26CA0B452AF5}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{E6592C5D-E8A8-4514-ACDE-1A1BD9617568} | C:\Windows\{17D68E79-B8F8-42e2-B8D4-BDE715982BC0}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{E6592C5D-E8A8-4514-ACDE-1A1BD9617568}\stubpath = "C:\\Windows\\{E6592C5D-E8A8-4514-ACDE-1A1BD9617568}.exe" | C:\Windows\{17D68E79-B8F8-42e2-B8D4-BDE715982BC0}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{259A5A8C-18F7-4a82-A003-BE60C889E5A7} | C:\Windows\{E6592C5D-E8A8-4514-ACDE-1A1BD9617568}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{D9F81885-FCC1-4dd8-8BA4-CADAFF680539}\stubpath = "C:\\Windows\\{D9F81885-FCC1-4dd8-8BA4-CADAFF680539}.exe" | C:\Windows\{2A6FF509-51A9-4804-831E-6799D3C21FB3}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{A662B479-1715-48a5-B4F6-7DD48E27E719} | C:\Windows\{DFCE99C5-DBE1-4662-991A-0EC9BDBCFE7A}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{AD10995C-36BE-4b86-BAB6-A34F3056218E} | C:\Windows\{A662B479-1715-48a5-B4F6-7DD48E27E719}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{069B1446-4C8C-4363-88F4-5A31B59F01ED} | C:\Windows\{AD10995C-36BE-4b86-BAB6-A34F3056218E}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{25A5C5DE-8C22-492a-ABC4-26CA0B452AF5} | C:\Users\Admin\AppData\Local\Temp\b5fb24a70bcacc243d2cb1edd521b5b33f627931b10341b3fa172aa06b29cf1e.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{25A5C5DE-8C22-492a-ABC4-26CA0B452AF5}\stubpath = "C:\\Windows\\{25A5C5DE-8C22-492a-ABC4-26CA0B452AF5}.exe" | C:\Users\Admin\AppData\Local\Temp\b5fb24a70bcacc243d2cb1edd521b5b33f627931b10341b3fa172aa06b29cf1e.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{17D68E79-B8F8-42e2-B8D4-BDE715982BC0}\stubpath = "C:\\Windows\\{17D68E79-B8F8-42e2-B8D4-BDE715982BC0}.exe" | C:\Windows\{76E42CF1-EB2D-4daf-A24D-8F22DA7E0D52}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{DFCE99C5-DBE1-4662-991A-0EC9BDBCFE7A} | C:\Windows\{D9F81885-FCC1-4dd8-8BA4-CADAFF680539}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{A662B479-1715-48a5-B4F6-7DD48E27E719}\stubpath = "C:\\Windows\\{A662B479-1715-48a5-B4F6-7DD48E27E719}.exe" | C:\Windows\{DFCE99C5-DBE1-4662-991A-0EC9BDBCFE7A}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{76E42CF1-EB2D-4daf-A24D-8F22DA7E0D52} | C:\Windows\{25A5C5DE-8C22-492a-ABC4-26CA0B452AF5}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{17D68E79-B8F8-42e2-B8D4-BDE715982BC0} | C:\Windows\{76E42CF1-EB2D-4daf-A24D-8F22DA7E0D52}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{AD10995C-36BE-4b86-BAB6-A34F3056218E}\stubpath = "C:\\Windows\\{AD10995C-36BE-4b86-BAB6-A34F3056218E}.exe" | C:\Windows\{A662B479-1715-48a5-B4F6-7DD48E27E719}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{2A6FF509-51A9-4804-831E-6799D3C21FB3} | C:\Windows\{259A5A8C-18F7-4a82-A003-BE60C889E5A7}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{2A6FF509-51A9-4804-831E-6799D3C21FB3}\stubpath = "C:\\Windows\\{2A6FF509-51A9-4804-831E-6799D3C21FB3}.exe" | C:\Windows\{259A5A8C-18F7-4a82-A003-BE60C889E5A7}.exe | N/A |
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\cmd.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\{25A5C5DE-8C22-492a-ABC4-26CA0B452AF5}.exe | N/A |
| N/A | N/A | C:\Windows\{76E42CF1-EB2D-4daf-A24D-8F22DA7E0D52}.exe | N/A |
| N/A | N/A | C:\Windows\{17D68E79-B8F8-42e2-B8D4-BDE715982BC0}.exe | N/A |
| N/A | N/A | C:\Windows\{E6592C5D-E8A8-4514-ACDE-1A1BD9617568}.exe | N/A |
| N/A | N/A | C:\Windows\{259A5A8C-18F7-4a82-A003-BE60C889E5A7}.exe | N/A |
| N/A | N/A | C:\Windows\{2A6FF509-51A9-4804-831E-6799D3C21FB3}.exe | N/A |
| N/A | N/A | C:\Windows\{D9F81885-FCC1-4dd8-8BA4-CADAFF680539}.exe | N/A |
| N/A | N/A | C:\Windows\{DFCE99C5-DBE1-4662-991A-0EC9BDBCFE7A}.exe | N/A |
| N/A | N/A | C:\Windows\{A662B479-1715-48a5-B4F6-7DD48E27E719}.exe | N/A |
| N/A | N/A | C:\Windows\{AD10995C-36BE-4b86-BAB6-A34F3056218E}.exe | N/A |
| N/A | N/A | C:\Windows\{069B1446-4C8C-4363-88F4-5A31B59F01ED}.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\{25A5C5DE-8C22-492a-ABC4-26CA0B452AF5}.exe | C:\Users\Admin\AppData\Local\Temp\b5fb24a70bcacc243d2cb1edd521b5b33f627931b10341b3fa172aa06b29cf1e.exe | N/A |
| File created | C:\Windows\{76E42CF1-EB2D-4daf-A24D-8F22DA7E0D52}.exe | C:\Windows\{25A5C5DE-8C22-492a-ABC4-26CA0B452AF5}.exe | N/A |
| File created | C:\Windows\{17D68E79-B8F8-42e2-B8D4-BDE715982BC0}.exe | C:\Windows\{76E42CF1-EB2D-4daf-A24D-8F22DA7E0D52}.exe | N/A |
| File created | C:\Windows\{A662B479-1715-48a5-B4F6-7DD48E27E719}.exe | C:\Windows\{DFCE99C5-DBE1-4662-991A-0EC9BDBCFE7A}.exe | N/A |
| File created | C:\Windows\{AD10995C-36BE-4b86-BAB6-A34F3056218E}.exe | C:\Windows\{A662B479-1715-48a5-B4F6-7DD48E27E719}.exe | N/A |
| File created | C:\Windows\{069B1446-4C8C-4363-88F4-5A31B59F01ED}.exe | C:\Windows\{AD10995C-36BE-4b86-BAB6-A34F3056218E}.exe | N/A |
| File created | C:\Windows\{E6592C5D-E8A8-4514-ACDE-1A1BD9617568}.exe | C:\Windows\{17D68E79-B8F8-42e2-B8D4-BDE715982BC0}.exe | N/A |
| File created | C:\Windows\{259A5A8C-18F7-4a82-A003-BE60C889E5A7}.exe | C:\Windows\{E6592C5D-E8A8-4514-ACDE-1A1BD9617568}.exe | N/A |
| File created | C:\Windows\{2A6FF509-51A9-4804-831E-6799D3C21FB3}.exe | C:\Windows\{259A5A8C-18F7-4a82-A003-BE60C889E5A7}.exe | N/A |
| File created | C:\Windows\{D9F81885-FCC1-4dd8-8BA4-CADAFF680539}.exe | C:\Windows\{2A6FF509-51A9-4804-831E-6799D3C21FB3}.exe | N/A |
| File created | C:\Windows\{DFCE99C5-DBE1-4662-991A-0EC9BDBCFE7A}.exe | C:\Windows\{D9F81885-FCC1-4dd8-8BA4-CADAFF680539}.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\b5fb24a70bcacc243d2cb1edd521b5b33f627931b10341b3fa172aa06b29cf1e.exe
"C:\Users\Admin\AppData\Local\Temp\b5fb24a70bcacc243d2cb1edd521b5b33f627931b10341b3fa172aa06b29cf1e.exe"
C:\Windows\{25A5C5DE-8C22-492a-ABC4-26CA0B452AF5}.exe
C:\Windows\{25A5C5DE-8C22-492a-ABC4-26CA0B452AF5}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\B5FB24~1.EXE > nul
C:\Windows\{76E42CF1-EB2D-4daf-A24D-8F22DA7E0D52}.exe
C:\Windows\{76E42CF1-EB2D-4daf-A24D-8F22DA7E0D52}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{25A5C~1.EXE > nul
C:\Windows\{17D68E79-B8F8-42e2-B8D4-BDE715982BC0}.exe
C:\Windows\{17D68E79-B8F8-42e2-B8D4-BDE715982BC0}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{76E42~1.EXE > nul
C:\Windows\{E6592C5D-E8A8-4514-ACDE-1A1BD9617568}.exe
C:\Windows\{E6592C5D-E8A8-4514-ACDE-1A1BD9617568}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{17D68~1.EXE > nul
C:\Windows\{259A5A8C-18F7-4a82-A003-BE60C889E5A7}.exe
C:\Windows\{259A5A8C-18F7-4a82-A003-BE60C889E5A7}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{E6592~1.EXE > nul
C:\Windows\{2A6FF509-51A9-4804-831E-6799D3C21FB3}.exe
C:\Windows\{2A6FF509-51A9-4804-831E-6799D3C21FB3}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{259A5~1.EXE > nul
C:\Windows\{D9F81885-FCC1-4dd8-8BA4-CADAFF680539}.exe
C:\Windows\{D9F81885-FCC1-4dd8-8BA4-CADAFF680539}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{2A6FF~1.EXE > nul
C:\Windows\{DFCE99C5-DBE1-4662-991A-0EC9BDBCFE7A}.exe
C:\Windows\{DFCE99C5-DBE1-4662-991A-0EC9BDBCFE7A}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{D9F81~1.EXE > nul
C:\Windows\{A662B479-1715-48a5-B4F6-7DD48E27E719}.exe
C:\Windows\{A662B479-1715-48a5-B4F6-7DD48E27E719}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{DFCE9~1.EXE > nul
C:\Windows\{AD10995C-36BE-4b86-BAB6-A34F3056218E}.exe
C:\Windows\{AD10995C-36BE-4b86-BAB6-A34F3056218E}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{A662B~1.EXE > nul
C:\Windows\{069B1446-4C8C-4363-88F4-5A31B59F01ED}.exe
C:\Windows\{069B1446-4C8C-4363-88F4-5A31B59F01ED}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{AD109~1.EXE > nul
Network
Files
C:\Windows\{25A5C5DE-8C22-492a-ABC4-26CA0B452AF5}.exe
| MD5 | 81aa60fb85bf9de688aeaa8545e30914 |
| SHA1 | c09e8f8ecd9a756d68ceeab8101d2e8754dbe75b |
| SHA256 | 8deb9c2f15282fa92c916cfb442cff700b999e94707a2b8a7d7fc6c432aae3a4 |
| SHA512 | a250680427db0033c91c2bcc1aa89f3a0d252e37645dec9f8100f42eb0983cd2f9b944f32871271e3601e8303ab1cf0b52e699ce08709d38dc68d5f0cf7c3fa9 |
C:\Windows\{76E42CF1-EB2D-4daf-A24D-8F22DA7E0D52}.exe
| MD5 | b84b6cf32717e96ba2842192e6189108 |
| SHA1 | 7a076677933b4a2003061c3e3a30981e06727130 |
| SHA256 | 066b93af9d24f642ca7da5b68cd6f644780a671ba3806e12dd761c1da9990d11 |
| SHA512 | 3fbaf8904efef601f8ab3ddefa6128bb3cbedae4782368d6dd9360e5175af5888f1e7eb2ceea17c54a09605dcd20130248e526c7eaad2fd706714d7f82e71028 |
C:\Windows\{17D68E79-B8F8-42e2-B8D4-BDE715982BC0}.exe
| MD5 | 79de93d8564da5e5937789636247edd9 |
| SHA1 | 4cb4f41434c6aa51a5a63ea01ff5b655df90abb6 |
| SHA256 | e3729da92c6b991c8182b0a600ae69416a3251269d7d201c51a26e4e56e4ed83 |
| SHA512 | 9aa3e0a60f4acd662a4e716c2debf60a7f0a012bf9cb4630a21118fa9eb9f712e53c842115aa5dec708d6c550e18b65a97460b5a97311a07653e4cdbc334d7ed |
C:\Windows\{E6592C5D-E8A8-4514-ACDE-1A1BD9617568}.exe
| MD5 | 1568d7dfc830d29b2df3a87e33258903 |
| SHA1 | 733a111501575e054ad915160d04bf3362ac9889 |
| SHA256 | 1b0a5361dffedba7afd1cd0411543ee64a3db2ea05321e66e557b54305476092 |
| SHA512 | 5dfc808e3e32ad604035cb52fa44f9ee19e006641be65acbf004a5e04eed5617ae08a8f49c4db2a4bc038c2f6e088556e4b81ac05ee61cab354bc6d5024355d0 |
C:\Windows\{259A5A8C-18F7-4a82-A003-BE60C889E5A7}.exe
| MD5 | 51d3fd92160df22bae75092c04dddb71 |
| SHA1 | 1cf42c04e4e7511965399abdcfec4096421fee4e |
| SHA256 | 806b4a2b63fbb0767eeec72194dceca0c5c4d74474a493b0492bdfa3a3716e37 |
| SHA512 | 1a3cb419e5b7b4f91ed805f454fbbf5c2ef83fb265a93eb73c55eb508dd25fb835f05ff9c69cade433252a45667749d12d064600aa33694b6928868acca915b5 |
C:\Windows\{2A6FF509-51A9-4804-831E-6799D3C21FB3}.exe
| MD5 | 5ffe0d87b1914e796a1125c4d9f2dfc1 |
| SHA1 | f97c6ea46f4a7521e5869656233e5b9fa130b148 |
| SHA256 | a467df1ba49dd57c570df6b9bf7237f098253f580058499bf303b8e5419be59d |
| SHA512 | 22f3333f8627e5ea98888b5d083ad566e4205d746cad74f503d6530d98599775ba783d6d9d83c26b3a28ce71f595475a864f6a11360db5f479b77bc75e7af8b8 |
C:\Windows\{D9F81885-FCC1-4dd8-8BA4-CADAFF680539}.exe
| MD5 | 33dc4e58a87ed3571f700d434ea90c33 |
| SHA1 | 32450cb1728472ca1450893a13730125bee01a47 |
| SHA256 | 1fd11fe02dfb7438da8ff17c2056febc727e101a689ff35b9d3e662ebacd92fd |
| SHA512 | ce8c342892b0f4e212c5c67613c30282795dff0f9f582d1075bb2f582bded7d592e5de6d3faab305e645e3c824f84299672bc4dace57463dda847111356d565b |
C:\Windows\{DFCE99C5-DBE1-4662-991A-0EC9BDBCFE7A}.exe
| MD5 | a949b5863d5a10bc526b737b44de0e4c |
| SHA1 | 11203a3e0a0e9e11cfdce83bc94dc8275f70d22a |
| SHA256 | 6a39f750dd4b25ee1a2154ed36aa9a15a9ea756e52dec949f6c9ca5118647210 |
| SHA512 | 30d82ef33f5a99beff6fd42543ec5551ab8f7029344f99ff4f617a7e2e6bd85b716b82379db333be49a75a4b2b6ad70975704fce9163c44957b8de30e51dfbab |
C:\Windows\{A662B479-1715-48a5-B4F6-7DD48E27E719}.exe
| MD5 | 4634617007d5e152b5acc7b4c78e4b4d |
| SHA1 | efca3e122b78a42645bbe806e15cc8b7c3fbe35d |
| SHA256 | bbebf1695bd91617c41d4cab80dd843ca904bca112dae0bca88fd0cd0ed9c955 |
| SHA512 | 509a658a7311cfb1b3683f88f5f8b820ac090f116a630ee80f939ff5650542a1c8f3820eff3ec4f0d7a612e7d8482fc29c06f5355ad3502dc1e3bb941f481dcc |
C:\Windows\{AD10995C-36BE-4b86-BAB6-A34F3056218E}.exe
| MD5 | e9b14e1ce4155f2f85c44038a3b3a5e9 |
| SHA1 | 895389fe3b6d9f61f9bd325c54f515bfad781372 |
| SHA256 | 20350e615dabc38b5970bc1254d68730a3a12ec05be0f961900243ce3c3c74f8 |
| SHA512 | 1be150fcc9849091dc036183f7d56e73b9fbc6b97cb76a6307589eb9ccfd2fae5795a1e6b4c110fc4fb3a5ebc3782eab9594562914b2262d4196dee3b25661c0 |
C:\Windows\{069B1446-4C8C-4363-88F4-5A31B59F01ED}.exe
| MD5 | fd63cddc6519b8af0a4af7b23aed4f9f |
| SHA1 | 515dd37f5ed6410b3d2f36817bdfe892d2c68510 |
| SHA256 | cb1069e2018741fcef072710e92e3ad523eeafc5f01d28b9ccd733156adcd3e8 |
| SHA512 | fe777eebcdd4f11f0927c09e4fd802e9ae8eea1632237356712b055edde51813922c042186d4038823258d92ac066ee309b01ed5ddcf7353c6d7fa81b42d6d98 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-14 03:05
Reported
2024-06-14 03:07
Platform
win10v2004-20240611-en
Max time kernel
150s
Max time network
151s
Command Line
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{CD8999F9-FD15-4543-A1E1-D3760AC2A9A6}\stubpath = "C:\\Windows\\{CD8999F9-FD15-4543-A1E1-D3760AC2A9A6}.exe" | C:\Users\Admin\AppData\Local\Temp\b5fb24a70bcacc243d2cb1edd521b5b33f627931b10341b3fa172aa06b29cf1e.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{404E9C52-0403-4a0a-9F1D-9C3EF3890CC5} | C:\Windows\{3FA5A6AA-FD11-464d-9D66-2578F1AA66D8}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{404E9C52-0403-4a0a-9F1D-9C3EF3890CC5}\stubpath = "C:\\Windows\\{404E9C52-0403-4a0a-9F1D-9C3EF3890CC5}.exe" | C:\Windows\{3FA5A6AA-FD11-464d-9D66-2578F1AA66D8}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{965E84A8-3254-450b-ABE2-8312961EE028}\stubpath = "C:\\Windows\\{965E84A8-3254-450b-ABE2-8312961EE028}.exe" | C:\Windows\{404E9C52-0403-4a0a-9F1D-9C3EF3890CC5}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{DACBA9C0-8638-4719-9553-D67F73A8EDBC}\stubpath = "C:\\Windows\\{DACBA9C0-8638-4719-9553-D67F73A8EDBC}.exe" | C:\Windows\{965E84A8-3254-450b-ABE2-8312961EE028}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{B39BB886-2636-4c63-896E-B0D177C341C2}\stubpath = "C:\\Windows\\{B39BB886-2636-4c63-896E-B0D177C341C2}.exe" | C:\Windows\{D2E46E34-80B9-4c10-9A69-4EB00860C6DF}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{91D6BD3F-5E4A-49eb-8207-145A57D33510} | C:\Windows\{B39BB886-2636-4c63-896E-B0D177C341C2}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{CD8999F9-FD15-4543-A1E1-D3760AC2A9A6} | C:\Users\Admin\AppData\Local\Temp\b5fb24a70bcacc243d2cb1edd521b5b33f627931b10341b3fa172aa06b29cf1e.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{9987E3F4-E151-4239-B220-F60801F43B42} | C:\Windows\{145CA368-F170-40b7-951C-A9B2C7AF1545}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{145CA368-F170-40b7-951C-A9B2C7AF1545} | C:\Windows\{6C6A87D1-C252-4a96-A345-A7DE8FEB04A1}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{B39BB886-2636-4c63-896E-B0D177C341C2} | C:\Windows\{D2E46E34-80B9-4c10-9A69-4EB00860C6DF}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{91D6BD3F-5E4A-49eb-8207-145A57D33510}\stubpath = "C:\\Windows\\{91D6BD3F-5E4A-49eb-8207-145A57D33510}.exe" | C:\Windows\{B39BB886-2636-4c63-896E-B0D177C341C2}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{6C6A87D1-C252-4a96-A345-A7DE8FEB04A1} | C:\Windows\{91D6BD3F-5E4A-49eb-8207-145A57D33510}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{145CA368-F170-40b7-951C-A9B2C7AF1545}\stubpath = "C:\\Windows\\{145CA368-F170-40b7-951C-A9B2C7AF1545}.exe" | C:\Windows\{6C6A87D1-C252-4a96-A345-A7DE8FEB04A1}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{9987E3F4-E151-4239-B220-F60801F43B42}\stubpath = "C:\\Windows\\{9987E3F4-E151-4239-B220-F60801F43B42}.exe" | C:\Windows\{145CA368-F170-40b7-951C-A9B2C7AF1545}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{965E84A8-3254-450b-ABE2-8312961EE028} | C:\Windows\{404E9C52-0403-4a0a-9F1D-9C3EF3890CC5}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{6C6A87D1-C252-4a96-A345-A7DE8FEB04A1}\stubpath = "C:\\Windows\\{6C6A87D1-C252-4a96-A345-A7DE8FEB04A1}.exe" | C:\Windows\{91D6BD3F-5E4A-49eb-8207-145A57D33510}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{3FA5A6AA-FD11-464d-9D66-2578F1AA66D8} | C:\Windows\{CD8999F9-FD15-4543-A1E1-D3760AC2A9A6}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{DACBA9C0-8638-4719-9553-D67F73A8EDBC} | C:\Windows\{965E84A8-3254-450b-ABE2-8312961EE028}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{D2E46E34-80B9-4c10-9A69-4EB00860C6DF} | C:\Windows\{DACBA9C0-8638-4719-9553-D67F73A8EDBC}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{D2E46E34-80B9-4c10-9A69-4EB00860C6DF}\stubpath = "C:\\Windows\\{D2E46E34-80B9-4c10-9A69-4EB00860C6DF}.exe" | C:\Windows\{DACBA9C0-8638-4719-9553-D67F73A8EDBC}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{41A14308-816A-4f1a-A517-17AA1F4C6AF2} | C:\Windows\{9987E3F4-E151-4239-B220-F60801F43B42}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{41A14308-816A-4f1a-A517-17AA1F4C6AF2}\stubpath = "C:\\Windows\\{41A14308-816A-4f1a-A517-17AA1F4C6AF2}.exe" | C:\Windows\{9987E3F4-E151-4239-B220-F60801F43B42}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{3FA5A6AA-FD11-464d-9D66-2578F1AA66D8}\stubpath = "C:\\Windows\\{3FA5A6AA-FD11-464d-9D66-2578F1AA66D8}.exe" | C:\Windows\{CD8999F9-FD15-4543-A1E1-D3760AC2A9A6}.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\{CD8999F9-FD15-4543-A1E1-D3760AC2A9A6}.exe | N/A |
| N/A | N/A | C:\Windows\{3FA5A6AA-FD11-464d-9D66-2578F1AA66D8}.exe | N/A |
| N/A | N/A | C:\Windows\{404E9C52-0403-4a0a-9F1D-9C3EF3890CC5}.exe | N/A |
| N/A | N/A | C:\Windows\{965E84A8-3254-450b-ABE2-8312961EE028}.exe | N/A |
| N/A | N/A | C:\Windows\{DACBA9C0-8638-4719-9553-D67F73A8EDBC}.exe | N/A |
| N/A | N/A | C:\Windows\{D2E46E34-80B9-4c10-9A69-4EB00860C6DF}.exe | N/A |
| N/A | N/A | C:\Windows\{B39BB886-2636-4c63-896E-B0D177C341C2}.exe | N/A |
| N/A | N/A | C:\Windows\{91D6BD3F-5E4A-49eb-8207-145A57D33510}.exe | N/A |
| N/A | N/A | C:\Windows\{6C6A87D1-C252-4a96-A345-A7DE8FEB04A1}.exe | N/A |
| N/A | N/A | C:\Windows\{145CA368-F170-40b7-951C-A9B2C7AF1545}.exe | N/A |
| N/A | N/A | C:\Windows\{9987E3F4-E151-4239-B220-F60801F43B42}.exe | N/A |
| N/A | N/A | C:\Windows\{41A14308-816A-4f1a-A517-17AA1F4C6AF2}.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\{145CA368-F170-40b7-951C-A9B2C7AF1545}.exe | C:\Windows\{6C6A87D1-C252-4a96-A345-A7DE8FEB04A1}.exe | N/A |
| File created | C:\Windows\{9987E3F4-E151-4239-B220-F60801F43B42}.exe | C:\Windows\{145CA368-F170-40b7-951C-A9B2C7AF1545}.exe | N/A |
| File created | C:\Windows\{41A14308-816A-4f1a-A517-17AA1F4C6AF2}.exe | C:\Windows\{9987E3F4-E151-4239-B220-F60801F43B42}.exe | N/A |
| File created | C:\Windows\{CD8999F9-FD15-4543-A1E1-D3760AC2A9A6}.exe | C:\Users\Admin\AppData\Local\Temp\b5fb24a70bcacc243d2cb1edd521b5b33f627931b10341b3fa172aa06b29cf1e.exe | N/A |
| File created | C:\Windows\{965E84A8-3254-450b-ABE2-8312961EE028}.exe | C:\Windows\{404E9C52-0403-4a0a-9F1D-9C3EF3890CC5}.exe | N/A |
| File created | C:\Windows\{DACBA9C0-8638-4719-9553-D67F73A8EDBC}.exe | C:\Windows\{965E84A8-3254-450b-ABE2-8312961EE028}.exe | N/A |
| File created | C:\Windows\{D2E46E34-80B9-4c10-9A69-4EB00860C6DF}.exe | C:\Windows\{DACBA9C0-8638-4719-9553-D67F73A8EDBC}.exe | N/A |
| File created | C:\Windows\{6C6A87D1-C252-4a96-A345-A7DE8FEB04A1}.exe | C:\Windows\{91D6BD3F-5E4A-49eb-8207-145A57D33510}.exe | N/A |
| File created | C:\Windows\{3FA5A6AA-FD11-464d-9D66-2578F1AA66D8}.exe | C:\Windows\{CD8999F9-FD15-4543-A1E1-D3760AC2A9A6}.exe | N/A |
| File created | C:\Windows\{404E9C52-0403-4a0a-9F1D-9C3EF3890CC5}.exe | C:\Windows\{3FA5A6AA-FD11-464d-9D66-2578F1AA66D8}.exe | N/A |
| File created | C:\Windows\{B39BB886-2636-4c63-896E-B0D177C341C2}.exe | C:\Windows\{D2E46E34-80B9-4c10-9A69-4EB00860C6DF}.exe | N/A |
| File created | C:\Windows\{91D6BD3F-5E4A-49eb-8207-145A57D33510}.exe | C:\Windows\{B39BB886-2636-4c63-896E-B0D177C341C2}.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\b5fb24a70bcacc243d2cb1edd521b5b33f627931b10341b3fa172aa06b29cf1e.exe
"C:\Users\Admin\AppData\Local\Temp\b5fb24a70bcacc243d2cb1edd521b5b33f627931b10341b3fa172aa06b29cf1e.exe"
C:\Windows\{CD8999F9-FD15-4543-A1E1-D3760AC2A9A6}.exe
C:\Windows\{CD8999F9-FD15-4543-A1E1-D3760AC2A9A6}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\B5FB24~1.EXE > nul
C:\Windows\{3FA5A6AA-FD11-464d-9D66-2578F1AA66D8}.exe
C:\Windows\{3FA5A6AA-FD11-464d-9D66-2578F1AA66D8}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{CD899~1.EXE > nul
C:\Windows\{404E9C52-0403-4a0a-9F1D-9C3EF3890CC5}.exe
C:\Windows\{404E9C52-0403-4a0a-9F1D-9C3EF3890CC5}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{3FA5A~1.EXE > nul
C:\Windows\{965E84A8-3254-450b-ABE2-8312961EE028}.exe
C:\Windows\{965E84A8-3254-450b-ABE2-8312961EE028}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{404E9~1.EXE > nul
C:\Windows\{DACBA9C0-8638-4719-9553-D67F73A8EDBC}.exe
C:\Windows\{DACBA9C0-8638-4719-9553-D67F73A8EDBC}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{965E8~1.EXE > nul
C:\Windows\{D2E46E34-80B9-4c10-9A69-4EB00860C6DF}.exe
C:\Windows\{D2E46E34-80B9-4c10-9A69-4EB00860C6DF}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{DACBA~1.EXE > nul
C:\Windows\{B39BB886-2636-4c63-896E-B0D177C341C2}.exe
C:\Windows\{B39BB886-2636-4c63-896E-B0D177C341C2}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{D2E46~1.EXE > nul
C:\Windows\{91D6BD3F-5E4A-49eb-8207-145A57D33510}.exe
C:\Windows\{91D6BD3F-5E4A-49eb-8207-145A57D33510}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{B39BB~1.EXE > nul
C:\Windows\{6C6A87D1-C252-4a96-A345-A7DE8FEB04A1}.exe
C:\Windows\{6C6A87D1-C252-4a96-A345-A7DE8FEB04A1}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{91D6B~1.EXE > nul
C:\Windows\{145CA368-F170-40b7-951C-A9B2C7AF1545}.exe
C:\Windows\{145CA368-F170-40b7-951C-A9B2C7AF1545}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{6C6A8~1.EXE > nul
C:\Windows\{9987E3F4-E151-4239-B220-F60801F43B42}.exe
C:\Windows\{9987E3F4-E151-4239-B220-F60801F43B42}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{145CA~1.EXE > nul
C:\Windows\{41A14308-816A-4f1a-A517-17AA1F4C6AF2}.exe
C:\Windows\{41A14308-816A-4f1a-A517-17AA1F4C6AF2}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{9987E~1.EXE > nul
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.56.20.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.71.105.51.in-addr.arpa | udp |
Files
C:\Windows\{CD8999F9-FD15-4543-A1E1-D3760AC2A9A6}.exe
| MD5 | 3af0ea2cb53bef62a27ca187a7638eb6 |
| SHA1 | b56bd5271ca9f171c40d33eff5e3ce6f9e29e458 |
| SHA256 | f313776d9b269a51aa3847ae2f8744de73184a1868a0cf4864178c7614ad480b |
| SHA512 | 35426d2267bcbcd8d859a6eb14a029a4c8da64d614b91b08d5a9e096743449721c54bc03f498244a15b265b334f1c1c6d8cb074a34683c4b8aeca18cbac192a8 |
C:\Windows\{3FA5A6AA-FD11-464d-9D66-2578F1AA66D8}.exe
| MD5 | f1d3ec84dfa3b511873e03a96f409000 |
| SHA1 | a67d7ab1ccbaf42e877bc882c931aa7641c89706 |
| SHA256 | 9a9c46a1ffd09739b644ea695a7ce43f6f9876a1e089888a41da89dc4af0ff89 |
| SHA512 | 206a38ffb2fbc095cf686f27ceb5f6f4dd890ecab3789d520d427d359621b5a99264504336cd91faa09770ecf0a4ac330503464cd39e14337f44add9b39002fd |
C:\Windows\{404E9C52-0403-4a0a-9F1D-9C3EF3890CC5}.exe
| MD5 | 7bb052c1f5bda1bda9b8def12b37e999 |
| SHA1 | 2a9613f33a9a4f5a0f79e94210b1e2ed55d32c41 |
| SHA256 | 6577f34d4f23e473b349c3745492a020f1e85eec4a6b65454ccb7d61ef7510a7 |
| SHA512 | b868523dab1485efb1ddd61c4a2a31fe0c4397010ad971568e357369ed9841f7e2f55aba190c4f1cda13f3b7b7dd98c133e0a2f87871ec975f605f7bcecbe6ca |
C:\Windows\{965E84A8-3254-450b-ABE2-8312961EE028}.exe
| MD5 | dcb5dc891651b3e2c98d2c896a3061e9 |
| SHA1 | c93f2536f4c2c22be64563b27c88b5f125105c6a |
| SHA256 | 6aa096d846247c232e03511d0c6b741bec2c373025b7fa226d74e175b89b47f8 |
| SHA512 | e178b850f486939dafb8514cedf341834306fc13e345d06c20bb5b911279df232828133468bd66868d7f79a6ca5269ce2ead3dbd41c272c161230cd701a62aed |
C:\Windows\{DACBA9C0-8638-4719-9553-D67F73A8EDBC}.exe
| MD5 | 2b8d5d293ad794b16b595913ce4a8317 |
| SHA1 | 30e3e9480facce0dee0da8198e66202103529751 |
| SHA256 | d6c2d50d97bbe32d136e77c8bbe837bcbf274c65be84a01dc0a45b31fdd66371 |
| SHA512 | 65fb08bb370ce2291e457849c4f89c3583e310e6b379a8a89b0a84f875bb2d3665eb474e169900ec319650398fd165d59cef8d53d5c32398d8c7e2ac89f28c9c |
C:\Windows\{D2E46E34-80B9-4c10-9A69-4EB00860C6DF}.exe
| MD5 | 8cd125539a536bdf7f69ace5b7313a58 |
| SHA1 | 3a0255ed5151bccc3fdbc8679256ed91edfd4bcf |
| SHA256 | ee468e12e37b93fd6fb0a017c8def9399a687db0ef830b99416b38f69c11b3e3 |
| SHA512 | 60129d4ade0078af17e4692bfe3d07527555e8825a1fa0fd61acdc442eb63de3e42c0b7ed122bef1838125a58dc80259e8ffca59f53e85475716cbed7df73efa |
C:\Windows\{B39BB886-2636-4c63-896E-B0D177C341C2}.exe
| MD5 | bc806940722fc3e138e9f44e964b8d0e |
| SHA1 | 37fe6ed957093ec580befb57b56dec965e0175dc |
| SHA256 | 06d48afaeb0cd60d23649eb6e81ad706db9d0510000b0ad4ae9e7b46f7d2ee10 |
| SHA512 | e92c4b0a89de74b0c4d7c8fdad7b4be1df44db1137a020d3b9a974a67ae9b1625b3f121ff51c634a4dff380b96216f1028956ea01dfebb6a849ca1fe24cd87ac |
C:\Windows\{91D6BD3F-5E4A-49eb-8207-145A57D33510}.exe
| MD5 | 866ccab48d73a75c2e4d26191b42cf7c |
| SHA1 | af7e4c7f091c4cf262849a5f2566958f42d0bf6a |
| SHA256 | 1c3710bdc10009e844cfd8700fa7a26be336140688e1ccabefe533d91f6e1d98 |
| SHA512 | 9c9dc98dae9d9380361862acc3c5f41c75f09be1c8a9ee38f7cf2723132e2b10bbd69b1a59d356d321430caa8390851cdc43f137127ca83290673c16264ec33d |
C:\Windows\{6C6A87D1-C252-4a96-A345-A7DE8FEB04A1}.exe
| MD5 | 7ce252cfcb14c9008a79183c61353fde |
| SHA1 | 1ff30cb84a11c0471c363bc2f514fd38a5bb4801 |
| SHA256 | 0a86e272b2a3e9198898291b09b7b82a1f224470efe94142e7f401a0798182da |
| SHA512 | d31adb9b2ce309906bec8472c26567598c8c700bc293172144768006cf93d1e302ec2f8219a5ead034a84515f7a7203e91543acdaad749a0d4026648a2f1bf3e |
C:\Windows\{145CA368-F170-40b7-951C-A9B2C7AF1545}.exe
| MD5 | d1625cc781eae0dac288d5a256f4604c |
| SHA1 | e00b9e99c96b797236867fcdab32ee2bef2c5fec |
| SHA256 | 0b7634c419f90c45edce08d4418d5b3c02405c5715c40b8874add6b83fe73168 |
| SHA512 | 9ec88d9f965cc467b91e16519647b9fc4cf0f6e79ef991aeab11015411009ae29ab0090ae6e2ad00228e589a5f9822f8141c01bcc34535f85e472ca0023fc20f |
C:\Windows\{9987E3F4-E151-4239-B220-F60801F43B42}.exe
| MD5 | 99caad91a789f1ac5ff476f43676cf90 |
| SHA1 | 0312505f8bc204776483262d49180dd76aecf534 |
| SHA256 | 550677503a0f4246786967fc2ba31239f5dd359e64874e95642e9567df1cc2d1 |
| SHA512 | 2ba6a4512914008425ee479056606eb33e9ca92baf6d4742e1e4c4cf875c85747ab81189ce1a3207de6b284262ec320116c0829b10927f3434baf9092da36ec2 |
C:\Windows\{41A14308-816A-4f1a-A517-17AA1F4C6AF2}.exe
| MD5 | 84d3817765a6f83a6bd6bfa2809ff670 |
| SHA1 | a27c9de7ac3a307bedde9002b0b6cc6d0364fd3f |
| SHA256 | 4daf7d81882bbbb89ecf7fe62a08d5065d64fcaed51cf66ce5b298bc335bee13 |
| SHA512 | 711a867d472e55f2e87f8192f111b6ea9bd15b54e0a178da64af7f5e4edc617c67744960df0c0e02d989167fc4311ab4c99fca53df14a2adbff246517673fbd8 |