Analysis Overview
SHA256
cb468bfa4b86df6fe53dd138d892972e44f680edc756af3f27d3aa00164b030f
Threat Level: Known bad
The file 2024-01-25_8775b09a69c8c3f6524395e50dd16b35_goldeneye was found to be: Known bad.
Malicious Activity Summary
Kinsing
Auto-generated rule
Auto-generated rule
Modifies Installed Components in the registry
Executes dropped EXE
Deletes itself
Drops file in Windows directory
Unsigned PE
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-01-25 17:32
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-01-25 17:32
Reported
2024-01-25 17:34
Platform
win7-20231215-en
Max time kernel
144s
Max time network
123s
Command Line
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{293E598B-3EDB-4d99-9DC9-D37F7B63B9DA} | C:\Windows\{6F2C881E-E16E-4f87-87C5-C6548E2EE7AD}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{B820563A-83D6-45f4-98EF-7C8FFEEBB448}\stubpath = "C:\\Windows\\{B820563A-83D6-45f4-98EF-7C8FFEEBB448}.exe" | C:\Windows\{B19765E9-D336-4126-8A6D-3E06C52523DD}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{FB426A03-8F75-401c-9DAC-55CE00293E03}\stubpath = "C:\\Windows\\{FB426A03-8F75-401c-9DAC-55CE00293E03}.exe" | C:\Users\Admin\AppData\Local\Temp\2024-01-25_8775b09a69c8c3f6524395e50dd16b35_goldeneye.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{A04B4CC4-106B-4296-A916-FB8E6495EFB4}\stubpath = "C:\\Windows\\{A04B4CC4-106B-4296-A916-FB8E6495EFB4}.exe" | C:\Windows\{BECDE457-6212-413c-BE1C-9B272472E97E}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{7D3E1F4F-36DD-4eee-A163-4A86ED04402E} | C:\Windows\{BB20AB02-581B-4611-91CD-17B0B22A57A1}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{BECDE457-6212-413c-BE1C-9B272472E97E}\stubpath = "C:\\Windows\\{BECDE457-6212-413c-BE1C-9B272472E97E}.exe" | C:\Windows\{F94EB374-0372-4f8a-B6C5-E42FED46C9B8}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{A04B4CC4-106B-4296-A916-FB8E6495EFB4} | C:\Windows\{BECDE457-6212-413c-BE1C-9B272472E97E}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{6F2C881E-E16E-4f87-87C5-C6548E2EE7AD} | C:\Windows\{7D3E1F4F-36DD-4eee-A163-4A86ED04402E}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{FB426A03-8F75-401c-9DAC-55CE00293E03} | C:\Users\Admin\AppData\Local\Temp\2024-01-25_8775b09a69c8c3f6524395e50dd16b35_goldeneye.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{F94EB374-0372-4f8a-B6C5-E42FED46C9B8} | C:\Windows\{FB426A03-8F75-401c-9DAC-55CE00293E03}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{BECDE457-6212-413c-BE1C-9B272472E97E} | C:\Windows\{F94EB374-0372-4f8a-B6C5-E42FED46C9B8}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{7D3E1F4F-36DD-4eee-A163-4A86ED04402E}\stubpath = "C:\\Windows\\{7D3E1F4F-36DD-4eee-A163-4A86ED04402E}.exe" | C:\Windows\{BB20AB02-581B-4611-91CD-17B0B22A57A1}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{B19765E9-D336-4126-8A6D-3E06C52523DD} | C:\Windows\{293E598B-3EDB-4d99-9DC9-D37F7B63B9DA}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{B820563A-83D6-45f4-98EF-7C8FFEEBB448} | C:\Windows\{B19765E9-D336-4126-8A6D-3E06C52523DD}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{D71488F6-9E4A-4b41-9C54-7FDCBC89FB34} | C:\Windows\{B820563A-83D6-45f4-98EF-7C8FFEEBB448}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{F94EB374-0372-4f8a-B6C5-E42FED46C9B8}\stubpath = "C:\\Windows\\{F94EB374-0372-4f8a-B6C5-E42FED46C9B8}.exe" | C:\Windows\{FB426A03-8F75-401c-9DAC-55CE00293E03}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{BB20AB02-581B-4611-91CD-17B0B22A57A1} | C:\Windows\{A04B4CC4-106B-4296-A916-FB8E6495EFB4}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{BB20AB02-581B-4611-91CD-17B0B22A57A1}\stubpath = "C:\\Windows\\{BB20AB02-581B-4611-91CD-17B0B22A57A1}.exe" | C:\Windows\{A04B4CC4-106B-4296-A916-FB8E6495EFB4}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{D71488F6-9E4A-4b41-9C54-7FDCBC89FB34}\stubpath = "C:\\Windows\\{D71488F6-9E4A-4b41-9C54-7FDCBC89FB34}.exe" | C:\Windows\{B820563A-83D6-45f4-98EF-7C8FFEEBB448}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{6F2C881E-E16E-4f87-87C5-C6548E2EE7AD}\stubpath = "C:\\Windows\\{6F2C881E-E16E-4f87-87C5-C6548E2EE7AD}.exe" | C:\Windows\{7D3E1F4F-36DD-4eee-A163-4A86ED04402E}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{293E598B-3EDB-4d99-9DC9-D37F7B63B9DA}\stubpath = "C:\\Windows\\{293E598B-3EDB-4d99-9DC9-D37F7B63B9DA}.exe" | C:\Windows\{6F2C881E-E16E-4f87-87C5-C6548E2EE7AD}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{B19765E9-D336-4126-8A6D-3E06C52523DD}\stubpath = "C:\\Windows\\{B19765E9-D336-4126-8A6D-3E06C52523DD}.exe" | C:\Windows\{293E598B-3EDB-4d99-9DC9-D37F7B63B9DA}.exe | N/A |
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\cmd.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\{FB426A03-8F75-401c-9DAC-55CE00293E03}.exe | N/A |
| N/A | N/A | C:\Windows\{F94EB374-0372-4f8a-B6C5-E42FED46C9B8}.exe | N/A |
| N/A | N/A | C:\Windows\{BECDE457-6212-413c-BE1C-9B272472E97E}.exe | N/A |
| N/A | N/A | C:\Windows\{A04B4CC4-106B-4296-A916-FB8E6495EFB4}.exe | N/A |
| N/A | N/A | C:\Windows\{BB20AB02-581B-4611-91CD-17B0B22A57A1}.exe | N/A |
| N/A | N/A | C:\Windows\{7D3E1F4F-36DD-4eee-A163-4A86ED04402E}.exe | N/A |
| N/A | N/A | C:\Windows\{6F2C881E-E16E-4f87-87C5-C6548E2EE7AD}.exe | N/A |
| N/A | N/A | C:\Windows\{293E598B-3EDB-4d99-9DC9-D37F7B63B9DA}.exe | N/A |
| N/A | N/A | C:\Windows\{B19765E9-D336-4126-8A6D-3E06C52523DD}.exe | N/A |
| N/A | N/A | C:\Windows\{B820563A-83D6-45f4-98EF-7C8FFEEBB448}.exe | N/A |
| N/A | N/A | C:\Windows\{D71488F6-9E4A-4b41-9C54-7FDCBC89FB34}.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\{BB20AB02-581B-4611-91CD-17B0B22A57A1}.exe | C:\Windows\{A04B4CC4-106B-4296-A916-FB8E6495EFB4}.exe | N/A |
| File created | C:\Windows\{293E598B-3EDB-4d99-9DC9-D37F7B63B9DA}.exe | C:\Windows\{6F2C881E-E16E-4f87-87C5-C6548E2EE7AD}.exe | N/A |
| File created | C:\Windows\{B19765E9-D336-4126-8A6D-3E06C52523DD}.exe | C:\Windows\{293E598B-3EDB-4d99-9DC9-D37F7B63B9DA}.exe | N/A |
| File created | C:\Windows\{D71488F6-9E4A-4b41-9C54-7FDCBC89FB34}.exe | C:\Windows\{B820563A-83D6-45f4-98EF-7C8FFEEBB448}.exe | N/A |
| File created | C:\Windows\{F94EB374-0372-4f8a-B6C5-E42FED46C9B8}.exe | C:\Windows\{FB426A03-8F75-401c-9DAC-55CE00293E03}.exe | N/A |
| File created | C:\Windows\{BECDE457-6212-413c-BE1C-9B272472E97E}.exe | C:\Windows\{F94EB374-0372-4f8a-B6C5-E42FED46C9B8}.exe | N/A |
| File created | C:\Windows\{A04B4CC4-106B-4296-A916-FB8E6495EFB4}.exe | C:\Windows\{BECDE457-6212-413c-BE1C-9B272472E97E}.exe | N/A |
| File created | C:\Windows\{7D3E1F4F-36DD-4eee-A163-4A86ED04402E}.exe | C:\Windows\{BB20AB02-581B-4611-91CD-17B0B22A57A1}.exe | N/A |
| File created | C:\Windows\{6F2C881E-E16E-4f87-87C5-C6548E2EE7AD}.exe | C:\Windows\{7D3E1F4F-36DD-4eee-A163-4A86ED04402E}.exe | N/A |
| File created | C:\Windows\{B820563A-83D6-45f4-98EF-7C8FFEEBB448}.exe | C:\Windows\{B19765E9-D336-4126-8A6D-3E06C52523DD}.exe | N/A |
| File created | C:\Windows\{FB426A03-8F75-401c-9DAC-55CE00293E03}.exe | C:\Users\Admin\AppData\Local\Temp\2024-01-25_8775b09a69c8c3f6524395e50dd16b35_goldeneye.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-01-25_8775b09a69c8c3f6524395e50dd16b35_goldeneye.exe
"C:\Users\Admin\AppData\Local\Temp\2024-01-25_8775b09a69c8c3f6524395e50dd16b35_goldeneye.exe"
C:\Windows\{FB426A03-8F75-401c-9DAC-55CE00293E03}.exe
C:\Windows\{FB426A03-8F75-401c-9DAC-55CE00293E03}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
C:\Windows\{F94EB374-0372-4f8a-B6C5-E42FED46C9B8}.exe
C:\Windows\{F94EB374-0372-4f8a-B6C5-E42FED46C9B8}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{FB426~1.EXE > nul
C:\Windows\{BECDE457-6212-413c-BE1C-9B272472E97E}.exe
C:\Windows\{BECDE457-6212-413c-BE1C-9B272472E97E}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{F94EB~1.EXE > nul
C:\Windows\{A04B4CC4-106B-4296-A916-FB8E6495EFB4}.exe
C:\Windows\{A04B4CC4-106B-4296-A916-FB8E6495EFB4}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{BECDE~1.EXE > nul
C:\Windows\{BB20AB02-581B-4611-91CD-17B0B22A57A1}.exe
C:\Windows\{BB20AB02-581B-4611-91CD-17B0B22A57A1}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{A04B4~1.EXE > nul
C:\Windows\{7D3E1F4F-36DD-4eee-A163-4A86ED04402E}.exe
C:\Windows\{7D3E1F4F-36DD-4eee-A163-4A86ED04402E}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{BB20A~1.EXE > nul
C:\Windows\{6F2C881E-E16E-4f87-87C5-C6548E2EE7AD}.exe
C:\Windows\{6F2C881E-E16E-4f87-87C5-C6548E2EE7AD}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{7D3E1~1.EXE > nul
C:\Windows\{293E598B-3EDB-4d99-9DC9-D37F7B63B9DA}.exe
C:\Windows\{293E598B-3EDB-4d99-9DC9-D37F7B63B9DA}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{6F2C8~1.EXE > nul
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{293E5~1.EXE > nul
C:\Windows\{B19765E9-D336-4126-8A6D-3E06C52523DD}.exe
C:\Windows\{B19765E9-D336-4126-8A6D-3E06C52523DD}.exe
C:\Windows\{B820563A-83D6-45f4-98EF-7C8FFEEBB448}.exe
C:\Windows\{B820563A-83D6-45f4-98EF-7C8FFEEBB448}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{B1976~1.EXE > nul
C:\Windows\{D71488F6-9E4A-4b41-9C54-7FDCBC89FB34}.exe
C:\Windows\{D71488F6-9E4A-4b41-9C54-7FDCBC89FB34}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{B8205~1.EXE > nul
Network
Files
C:\Windows\{FB426A03-8F75-401c-9DAC-55CE00293E03}.exe
| MD5 | cb909f2b326b1069854d65d001208b50 |
| SHA1 | 22c37a29b3660b6f5c63484f99049de3f269bb03 |
| SHA256 | 492db32b99e85c3db89802b252e7e1fbabb8d4d8ce85ed412eb24c978129d540 |
| SHA512 | 5755c3fa538c0fe1f69d5310c0458dc62fdb0543b13af60b27dba7ddfcbc908a15c40dd10ae490de3678fc855c5bf0cbaf0e57c56e2b598f4067a4598bba3a96 |
C:\Windows\{F94EB374-0372-4f8a-B6C5-E42FED46C9B8}.exe
| MD5 | 791b2d8bb4699e9acaaf16b6ddae89d1 |
| SHA1 | 3ad31f248149372102241d8016acfa422e418207 |
| SHA256 | 480f6b28babcf8b46f265e4932a777dadc514d03fcaeb5d4f1dddb01f9cffa58 |
| SHA512 | 666a04b7c93876172a1cc6748377e39de80a8d7dae5ef07b5f720917e1d87336eef39a19c0cf2d6bbc885e7d90713ce321209721c5211bb1059efb459a677a9f |
C:\Windows\{BECDE457-6212-413c-BE1C-9B272472E97E}.exe
| MD5 | 7d459d490f5280b726396efac953f6a4 |
| SHA1 | a333e1fef4683ef76b0846f5ee7a191733c5d531 |
| SHA256 | 1941e0f3fa5896a1a2fcb126280efa4b8bcce1930bedf2f77da6f3bfe7f0fe82 |
| SHA512 | dc6babc18e9c4435349e93117ef4b46a11b5dc528fc20260bd8237d855cba19748ccb49c53cf0a8abcd9876156771cdd86d7c6c7a38c6ebeb647dd468629c9a6 |
C:\Windows\{A04B4CC4-106B-4296-A916-FB8E6495EFB4}.exe
| MD5 | 0390cfd62422965f62aa3ac7e243791a |
| SHA1 | a45040e5790d6cadb57711b880167ee6780e9726 |
| SHA256 | 47b50f4e26a8cf3c722288da62a0bbe9f2d5f765aba20728ae72ce8044492b81 |
| SHA512 | b3dbae5e93057cfd34168fe23b557e5404f4bc57d33599c518eb117643f244abfc69168ddfcf5b5945255fa377694cd828f11787d9d16606b195306099b54d86 |
C:\Windows\{BB20AB02-581B-4611-91CD-17B0B22A57A1}.exe
| MD5 | 1572c3dd5999d4c58b97ce737a4b2a5c |
| SHA1 | 625656c2e91dbdfa2eaf6620d9250322437c5091 |
| SHA256 | 820e67eeabdf867b7959e9494a80c5dfc68f1627091eebb1c955eb8c057dc9a7 |
| SHA512 | b3ae30a493ef160f2e49bbb4359bf81d0802f0b5987a824e4ec4a69159cbd80d093f59ba53e32ebe1f76390b31a8065fc6b9f503c3f7d7a836147f1d9b30bbf2 |
C:\Windows\{7D3E1F4F-36DD-4eee-A163-4A86ED04402E}.exe
| MD5 | 4dce689d1cd0b79792a5469bd729f7e8 |
| SHA1 | 90f97799c5ff5c2c004eb5697da9c3076305d234 |
| SHA256 | 4daab7dfd13e0c9d33185b151504159305fb410ca6141469802149e70be80f9c |
| SHA512 | 6ad0fbdb2271e1b3f1e697995ef4b3774d67086fcd216803fe5aaa39419732c5c261de299597dd1dc2c5990a326867806b73d551a795e8db386bd587d92ad037 |
C:\Windows\{6F2C881E-E16E-4f87-87C5-C6548E2EE7AD}.exe
| MD5 | 362232ac6dfae7a465b0dca1743423dc |
| SHA1 | 6d53eac6006e3d678b1da58ce274cc07e89ed739 |
| SHA256 | c7a620abd0610668be38028d027b9072a4f1758471b288d82364989cf81d911a |
| SHA512 | a3c9e19233186004f7893b38594e5144728061860d6856b873f233bc9efc950cb4ac4777a858ea67033534e345933792fc456136b849ea6fbebdb6288e737dac |
C:\Windows\{293E598B-3EDB-4d99-9DC9-D37F7B63B9DA}.exe
| MD5 | 85ac183b7dc1c6d1911e3ed2358279ae |
| SHA1 | cee638535157f050d459942a66e793755ac7e2a0 |
| SHA256 | c08d53846fcd8398e0a14c4f5d441b7d5ff8ba24f9808f91133d356832ce0219 |
| SHA512 | eccfd4037d690cb7700e64c2d0d49f9c2a0f04bdbd57930a0cb2ec09ccd42fa37fc1917706f909a1188c4cc8990241ce8c47650408479c7c3ecb61249edcafc9 |
C:\Windows\{B19765E9-D336-4126-8A6D-3E06C52523DD}.exe
| MD5 | 34c23b8ac3803eb5213bad48ea0d6e5f |
| SHA1 | 478fa1131e0fd3ec24803211d1e207afcc0d9283 |
| SHA256 | 3ab64a7070471a2fe27f9a0b0b055ddc64875470aa8bac03de3c1f3dc567cb5f |
| SHA512 | 8f9dbaf83da8521c3d075422cb3927cdfd2ad8964270a475adcdc13ca4da19ba7811350b73598509c0e2b50bcb34850b08616b17df7d5bb3afcbbc435ca820bf |
C:\Windows\{B820563A-83D6-45f4-98EF-7C8FFEEBB448}.exe
| MD5 | 788935533d968a4f334392200c8a71fb |
| SHA1 | 78d324aa7e68a2808021cced0a389fa5df94f3ed |
| SHA256 | 660031b0131d2fd4fcc6a077abf910873c816832b39aa02c2e2b694bcdff89c3 |
| SHA512 | 368486a2131586ac65483dd15cb46f428c8a4fa1ee3fc86eafa92602d054e661f66128398f51921c053595e9609da64e3170d1e553f9c3ccf442dbeec9469673 |
C:\Windows\{D71488F6-9E4A-4b41-9C54-7FDCBC89FB34}.exe
| MD5 | 87e69f02bdcb5bb30dcbe3753f356447 |
| SHA1 | 4dc37f8b762b87bd6b4e11e9d712b8abecd38cc4 |
| SHA256 | 9edf39d435c35db8df3b3b754233aa541aceff1f4ca21d8690482c8d1b2a7e05 |
| SHA512 | 3b978837776fe0d878750cdad451e032c2f8c68eaec3962b5dd7fda377aefd7108e61876b061d64880bcdb5e56e848d5d78b426fd00e553c45bd0f429672732a |
Analysis: behavioral2
Detonation Overview
Submitted
2024-01-25 17:32
Reported
2024-01-25 17:34
Platform
win10v2004-20231222-en
Max time kernel
149s
Max time network
149s
Command Line
Signatures
Kinsing
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{3B767D51-9771-4d46-B359-6D15FCB9E617}\stubpath = "C:\\Windows\\{3B767D51-9771-4d46-B359-6D15FCB9E617}.exe" | C:\Windows\{FC3357F0-52EC-4554-BE02-CBB23C7DC123}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{3C60291D-16DD-4d87-9E3C-64AF6A80ED84} | C:\Windows\{F3419F77-DA45-49b3-97AA-8716B8351420}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{511F9CF7-EE24-4e66-8379-9218C1D9DBD1} | C:\Windows\{3C60291D-16DD-4d87-9E3C-64AF6A80ED84}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{2EE784A9-CEF6-4d06-8DC6-37BCBF9B4520} | C:\Windows\{511F9CF7-EE24-4e66-8379-9218C1D9DBD1}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{6D8DF831-BFEE-4ecc-9266-191E9025F1A7}\stubpath = "C:\\Windows\\{6D8DF831-BFEE-4ecc-9266-191E9025F1A7}.exe" | C:\Windows\{2EE784A9-CEF6-4d06-8DC6-37BCBF9B4520}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{A1204BD9-1645-45bf-AE89-2FB04D8B40BC} | C:\Windows\{26A9A0F3-4FD1-400a-8E98-297CE8F88658}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{08B58FA4-DE98-4dcb-BBB8-009D1E9828BA} | C:\Windows\{A1204BD9-1645-45bf-AE89-2FB04D8B40BC}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{F3419F77-DA45-49b3-97AA-8716B8351420}\stubpath = "C:\\Windows\\{F3419F77-DA45-49b3-97AA-8716B8351420}.exe" | C:\Windows\{3B767D51-9771-4d46-B359-6D15FCB9E617}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{3C60291D-16DD-4d87-9E3C-64AF6A80ED84}\stubpath = "C:\\Windows\\{3C60291D-16DD-4d87-9E3C-64AF6A80ED84}.exe" | C:\Windows\{F3419F77-DA45-49b3-97AA-8716B8351420}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{09C35F6B-42A7-425d-AA27-B15804EDE4EE} | C:\Windows\{6D8DF831-BFEE-4ecc-9266-191E9025F1A7}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{09C35F6B-42A7-425d-AA27-B15804EDE4EE}\stubpath = "C:\\Windows\\{09C35F6B-42A7-425d-AA27-B15804EDE4EE}.exe" | C:\Windows\{6D8DF831-BFEE-4ecc-9266-191E9025F1A7}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{26A9A0F3-4FD1-400a-8E98-297CE8F88658} | C:\Windows\{09C35F6B-42A7-425d-AA27-B15804EDE4EE}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{A1204BD9-1645-45bf-AE89-2FB04D8B40BC}\stubpath = "C:\\Windows\\{A1204BD9-1645-45bf-AE89-2FB04D8B40BC}.exe" | C:\Windows\{26A9A0F3-4FD1-400a-8E98-297CE8F88658}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{70E1AFB5-215B-4f73-8852-43963DD4AFF6} | C:\Users\Admin\AppData\Local\Temp\2024-01-25_8775b09a69c8c3f6524395e50dd16b35_goldeneye.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{70E1AFB5-215B-4f73-8852-43963DD4AFF6}\stubpath = "C:\\Windows\\{70E1AFB5-215B-4f73-8852-43963DD4AFF6}.exe" | C:\Users\Admin\AppData\Local\Temp\2024-01-25_8775b09a69c8c3f6524395e50dd16b35_goldeneye.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{FC3357F0-52EC-4554-BE02-CBB23C7DC123} | C:\Windows\{70E1AFB5-215B-4f73-8852-43963DD4AFF6}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{3B767D51-9771-4d46-B359-6D15FCB9E617} | C:\Windows\{FC3357F0-52EC-4554-BE02-CBB23C7DC123}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{6D8DF831-BFEE-4ecc-9266-191E9025F1A7} | C:\Windows\{2EE784A9-CEF6-4d06-8DC6-37BCBF9B4520}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{FC3357F0-52EC-4554-BE02-CBB23C7DC123}\stubpath = "C:\\Windows\\{FC3357F0-52EC-4554-BE02-CBB23C7DC123}.exe" | C:\Windows\{70E1AFB5-215B-4f73-8852-43963DD4AFF6}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{F3419F77-DA45-49b3-97AA-8716B8351420} | C:\Windows\{3B767D51-9771-4d46-B359-6D15FCB9E617}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{511F9CF7-EE24-4e66-8379-9218C1D9DBD1}\stubpath = "C:\\Windows\\{511F9CF7-EE24-4e66-8379-9218C1D9DBD1}.exe" | C:\Windows\{3C60291D-16DD-4d87-9E3C-64AF6A80ED84}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{2EE784A9-CEF6-4d06-8DC6-37BCBF9B4520}\stubpath = "C:\\Windows\\{2EE784A9-CEF6-4d06-8DC6-37BCBF9B4520}.exe" | C:\Windows\{511F9CF7-EE24-4e66-8379-9218C1D9DBD1}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{26A9A0F3-4FD1-400a-8E98-297CE8F88658}\stubpath = "C:\\Windows\\{26A9A0F3-4FD1-400a-8E98-297CE8F88658}.exe" | C:\Windows\{09C35F6B-42A7-425d-AA27-B15804EDE4EE}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{08B58FA4-DE98-4dcb-BBB8-009D1E9828BA}\stubpath = "C:\\Windows\\{08B58FA4-DE98-4dcb-BBB8-009D1E9828BA}.exe" | C:\Windows\{A1204BD9-1645-45bf-AE89-2FB04D8B40BC}.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\{70E1AFB5-215B-4f73-8852-43963DD4AFF6}.exe | N/A |
| N/A | N/A | C:\Windows\{FC3357F0-52EC-4554-BE02-CBB23C7DC123}.exe | N/A |
| N/A | N/A | C:\Windows\{3B767D51-9771-4d46-B359-6D15FCB9E617}.exe | N/A |
| N/A | N/A | C:\Windows\{F3419F77-DA45-49b3-97AA-8716B8351420}.exe | N/A |
| N/A | N/A | C:\Windows\{3C60291D-16DD-4d87-9E3C-64AF6A80ED84}.exe | N/A |
| N/A | N/A | C:\Windows\{511F9CF7-EE24-4e66-8379-9218C1D9DBD1}.exe | N/A |
| N/A | N/A | C:\Windows\{2EE784A9-CEF6-4d06-8DC6-37BCBF9B4520}.exe | N/A |
| N/A | N/A | C:\Windows\{6D8DF831-BFEE-4ecc-9266-191E9025F1A7}.exe | N/A |
| N/A | N/A | C:\Windows\{09C35F6B-42A7-425d-AA27-B15804EDE4EE}.exe | N/A |
| N/A | N/A | C:\Windows\{26A9A0F3-4FD1-400a-8E98-297CE8F88658}.exe | N/A |
| N/A | N/A | C:\Windows\{A1204BD9-1645-45bf-AE89-2FB04D8B40BC}.exe | N/A |
| N/A | N/A | C:\Windows\{08B58FA4-DE98-4dcb-BBB8-009D1E9828BA}.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\{09C35F6B-42A7-425d-AA27-B15804EDE4EE}.exe | C:\Windows\{6D8DF831-BFEE-4ecc-9266-191E9025F1A7}.exe | N/A |
| File created | C:\Windows\{26A9A0F3-4FD1-400a-8E98-297CE8F88658}.exe | C:\Windows\{09C35F6B-42A7-425d-AA27-B15804EDE4EE}.exe | N/A |
| File created | C:\Windows\{70E1AFB5-215B-4f73-8852-43963DD4AFF6}.exe | C:\Users\Admin\AppData\Local\Temp\2024-01-25_8775b09a69c8c3f6524395e50dd16b35_goldeneye.exe | N/A |
| File created | C:\Windows\{FC3357F0-52EC-4554-BE02-CBB23C7DC123}.exe | C:\Windows\{70E1AFB5-215B-4f73-8852-43963DD4AFF6}.exe | N/A |
| File created | C:\Windows\{F3419F77-DA45-49b3-97AA-8716B8351420}.exe | C:\Windows\{3B767D51-9771-4d46-B359-6D15FCB9E617}.exe | N/A |
| File created | C:\Windows\{2EE784A9-CEF6-4d06-8DC6-37BCBF9B4520}.exe | C:\Windows\{511F9CF7-EE24-4e66-8379-9218C1D9DBD1}.exe | N/A |
| File created | C:\Windows\{6D8DF831-BFEE-4ecc-9266-191E9025F1A7}.exe | C:\Windows\{2EE784A9-CEF6-4d06-8DC6-37BCBF9B4520}.exe | N/A |
| File created | C:\Windows\{3B767D51-9771-4d46-B359-6D15FCB9E617}.exe | C:\Windows\{FC3357F0-52EC-4554-BE02-CBB23C7DC123}.exe | N/A |
| File created | C:\Windows\{3C60291D-16DD-4d87-9E3C-64AF6A80ED84}.exe | C:\Windows\{F3419F77-DA45-49b3-97AA-8716B8351420}.exe | N/A |
| File created | C:\Windows\{511F9CF7-EE24-4e66-8379-9218C1D9DBD1}.exe | C:\Windows\{3C60291D-16DD-4d87-9E3C-64AF6A80ED84}.exe | N/A |
| File created | C:\Windows\{A1204BD9-1645-45bf-AE89-2FB04D8B40BC}.exe | C:\Windows\{26A9A0F3-4FD1-400a-8E98-297CE8F88658}.exe | N/A |
| File created | C:\Windows\{08B58FA4-DE98-4dcb-BBB8-009D1E9828BA}.exe | C:\Windows\{A1204BD9-1645-45bf-AE89-2FB04D8B40BC}.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-01-25_8775b09a69c8c3f6524395e50dd16b35_goldeneye.exe
"C:\Users\Admin\AppData\Local\Temp\2024-01-25_8775b09a69c8c3f6524395e50dd16b35_goldeneye.exe"
C:\Windows\{70E1AFB5-215B-4f73-8852-43963DD4AFF6}.exe
C:\Windows\{70E1AFB5-215B-4f73-8852-43963DD4AFF6}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
C:\Windows\{FC3357F0-52EC-4554-BE02-CBB23C7DC123}.exe
C:\Windows\{FC3357F0-52EC-4554-BE02-CBB23C7DC123}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{70E1A~1.EXE > nul
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{FC335~1.EXE > nul
C:\Windows\{3B767D51-9771-4d46-B359-6D15FCB9E617}.exe
C:\Windows\{3B767D51-9771-4d46-B359-6D15FCB9E617}.exe
C:\Windows\{F3419F77-DA45-49b3-97AA-8716B8351420}.exe
C:\Windows\{F3419F77-DA45-49b3-97AA-8716B8351420}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{3B767~1.EXE > nul
C:\Windows\{3C60291D-16DD-4d87-9E3C-64AF6A80ED84}.exe
C:\Windows\{3C60291D-16DD-4d87-9E3C-64AF6A80ED84}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{F3419~1.EXE > nul
C:\Windows\{511F9CF7-EE24-4e66-8379-9218C1D9DBD1}.exe
C:\Windows\{511F9CF7-EE24-4e66-8379-9218C1D9DBD1}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{3C602~1.EXE > nul
C:\Windows\{2EE784A9-CEF6-4d06-8DC6-37BCBF9B4520}.exe
C:\Windows\{2EE784A9-CEF6-4d06-8DC6-37BCBF9B4520}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{511F9~1.EXE > nul
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{2EE78~1.EXE > nul
C:\Windows\{6D8DF831-BFEE-4ecc-9266-191E9025F1A7}.exe
C:\Windows\{6D8DF831-BFEE-4ecc-9266-191E9025F1A7}.exe
C:\Windows\{09C35F6B-42A7-425d-AA27-B15804EDE4EE}.exe
C:\Windows\{09C35F6B-42A7-425d-AA27-B15804EDE4EE}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{6D8DF~1.EXE > nul
C:\Windows\{26A9A0F3-4FD1-400a-8E98-297CE8F88658}.exe
C:\Windows\{26A9A0F3-4FD1-400a-8E98-297CE8F88658}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{09C35~1.EXE > nul
C:\Windows\{A1204BD9-1645-45bf-AE89-2FB04D8B40BC}.exe
C:\Windows\{A1204BD9-1645-45bf-AE89-2FB04D8B40BC}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{26A9A~1.EXE > nul
C:\Windows\{08B58FA4-DE98-4dcb-BBB8-009D1E9828BA}.exe
C:\Windows\{08B58FA4-DE98-4dcb-BBB8-009D1E9828BA}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{A1204~1.EXE > nul
Network
| Country | Destination | Domain | Proto |
| NL | 52.142.223.178:80 | tcp | |
| US | 8.8.8.8:53 | 0.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.136.104.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.71.91.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
Files
C:\Windows\{70E1AFB5-215B-4f73-8852-43963DD4AFF6}.exe
| MD5 | a4ca3914bb7dfcc52ef3f879b8de9f82 |
| SHA1 | a9efaa0ae384c094d2273ea2dc7fb2b7fe782189 |
| SHA256 | acbf180ac39049bd2a7db55d1b4457347c23e5c6dfc1a7295ab05aeb27d8e62a |
| SHA512 | 444b5c86f39bf2f40d7186949e6fa11f7183da2ba91f1951ba2bbc4f32fe8d9b253e00e550230b7d1bd03ecfad6a4b353c4f2a45767d701956c40765c6ec320a |
C:\Windows\{FC3357F0-52EC-4554-BE02-CBB23C7DC123}.exe
| MD5 | 650f188a5584a9c7501dcedb061ddae9 |
| SHA1 | c53ebfde4afd8f46df969db474f124cf9d5edd21 |
| SHA256 | d0a0d28eef3140973f3355cc7f01a2334360502a23038a000a4cb27b11d8a566 |
| SHA512 | d96de709debc31279efd47b6b7e40c5812b2359f2db1d944bba81b23c42cac6c589dba1ac21d6602787883567a5e9f25607b495863b93bd18fa8fc5ad2dbdc0e |
C:\Windows\{3B767D51-9771-4d46-B359-6D15FCB9E617}.exe
| MD5 | 5d69d095ef6037af8927750012425a19 |
| SHA1 | 1bf86397176a6e35790b8b0c271d310b38019e46 |
| SHA256 | 170245d63e74f2ae7cf04f818f7b726a3f3bc79e499984e4c9046e2b9b7afc6c |
| SHA512 | d083f2d20732a64a6a1217a0dd4a0dd9e9d6c7d38c62c96a8b008f9f992bbeb50f2e4f8d3607f2260109aeecf23783595cc65ddc0e0a56185875df09d9d9c67f |
C:\Windows\{F3419F77-DA45-49b3-97AA-8716B8351420}.exe
| MD5 | f4d93705292ff4e3d6d5c474738b102e |
| SHA1 | 5a5dc657ef129b3a0ce15bd106ab08a85cfa474c |
| SHA256 | 2424313132a65a328b92cca95b47837fddac9bb3ca1dc12b732cd37cfad9b4b8 |
| SHA512 | 4edc0b537c69a7cdecfaf16e65fe256d7ffb2e1bd7f41f4045fb887cd1c55767d4a4a7e93bcd1e75bf08195d99be1d2186f212be6c281efc0db60d6e5e711ae7 |
C:\Windows\{3C60291D-16DD-4d87-9E3C-64AF6A80ED84}.exe
| MD5 | b12d187ad48b4682ad1003f7e1e72758 |
| SHA1 | bddec28d714281bb42105d9da804417b5aee5573 |
| SHA256 | fefdbc908e441395ea0e99c3b1acfe00e6d7ad5948e6afc3ff911ecf0810a092 |
| SHA512 | eda034082aa0370ea27437007691b293b6965638f87d0ca8f588a1f80c56cdce9c649fccdc0f4b618b94204c1ff0a30be45ebde52ec362420651d00980567782 |
C:\Windows\{511F9CF7-EE24-4e66-8379-9218C1D9DBD1}.exe
| MD5 | f197562c9cc7842c7576aad75f6de253 |
| SHA1 | 1f07fcb0c2cb071dc0842456a9b84c9c2270d517 |
| SHA256 | 4106f07efe527ad217ff4452160a081206affb806f66c20197b009ffa90baadf |
| SHA512 | 228bf00555f15ac6fab98b5e7b6c26680c0cc5e3f0b69f8e9ef7dbf33df4ec883931adb7f93a78ac4c4505aa980ad479e03f35eb1c4836a728d453639a40b097 |
C:\Windows\{2EE784A9-CEF6-4d06-8DC6-37BCBF9B4520}.exe
| MD5 | 20bdfaa551c912f8e0c2cd607fcc1722 |
| SHA1 | a894294c0f0af8dd0c2b9d34b40d818a29646598 |
| SHA256 | 194778f5e616fbd1fbcc0b0f48fa080c468281e7c1db63e437cc09f1578cfc8b |
| SHA512 | cebf29746550507f4f26f6f3a4ed52cdd4780c863090e265509647325003415137ef93529a42e5109721d94209ba80f35f68f24749282385428663415d86464b |
C:\Windows\{6D8DF831-BFEE-4ecc-9266-191E9025F1A7}.exe
| MD5 | 83c0880e95b796b51eb198a45d656893 |
| SHA1 | 8cd1d8bebcb777936ced5e80afc8c65e62f9dc2f |
| SHA256 | ceaec73d64341e8b616c7de666ebe5a2149eb3e03a53a66931506f633d1657ae |
| SHA512 | f70093c7a91a8d228299bf6f82f229165f77795e052bd70d6bf3a329dfb7be54083c7e96b18dcc7eab0c3537bc4145b4e4b618fc5e11c1bf19a53945c29880f9 |
C:\Windows\{09C35F6B-42A7-425d-AA27-B15804EDE4EE}.exe
| MD5 | 1bc34102e21fadc4e20633847933d4ec |
| SHA1 | 10f71dbcaf0e917af045a60372f5dd3424ae2f8c |
| SHA256 | 4840349559c08b54c5cca7e8215b1afbb6a94af04c7d089d6b6fadad825210ab |
| SHA512 | bc000c8586cd9a3b8ca5e6046043bd2c807c8e09b4d73dd1255ca3cc8e57e3f069fc9cae130a5f4c71cf4578a2b2e51641cb82a401735f73a8fb822cc6bc64db |
C:\Windows\{26A9A0F3-4FD1-400a-8E98-297CE8F88658}.exe
| MD5 | d45eb1037dc5d07b25b38f793aa08eb3 |
| SHA1 | 0e7cc406a7b874a944b0d66eb32c18672b7ba5b1 |
| SHA256 | 21b224d7239dea1cb718d514a62a8346aaa265b806fe7c46b8a573a1b1aaba26 |
| SHA512 | 6c82eb4a7534f523dcd8762edd0e35de1677bb120f1e08d39de43658d6e461a3fcbdfa283b0fff66880c069c61b55672e3f3e65b0caefe6b5bffa502c4319869 |
C:\Windows\{A1204BD9-1645-45bf-AE89-2FB04D8B40BC}.exe
| MD5 | ce6c8f843d15a5a978b3c21886880da5 |
| SHA1 | fb28d1a138dec6e2113fb42397913fc36b818fca |
| SHA256 | fbee0bfb7b8c802d7502519480b123da1dfc2433b942ec1a735a857756860064 |
| SHA512 | 7b56758ba7a76904b00ee2016e7708bfbd6b71cd8639f2b8caf2db4ff73ccc1f77f1c2345b26a483160d8fa6bc6ee3ceee5239cbbfb0c71678c47da06cb40f13 |
C:\Windows\{A1204BD9-1645-45bf-AE89-2FB04D8B40BC}.exe
| MD5 | d05caa4b29cc157cbc6592901cae3eb8 |
| SHA1 | 09dfc37d3d574452e8ac5303878e7d20edbc3e23 |
| SHA256 | 5c272aad9ee2497fd8b8b24fde99c86984167d2ae8d10d2bef7216588f46460e |
| SHA512 | 90a0d7920fb085fe0fea7cc1f787f8e123a3e10f56f8f969e533339e0caf0912b78517e931ccf26e3c373840296f65f96f2f1376ae8c22189c2f55d12239b174 |
C:\Windows\{08B58FA4-DE98-4dcb-BBB8-009D1E9828BA}.exe
| MD5 | 5dbf89391f15c6d56f1ee01fb39032d0 |
| SHA1 | ac248e86af35ca4dc62063bbd6739c1d867b7e68 |
| SHA256 | e88ff9a9cb135aefca9edbf90b9a92e7d5e1938ada1c047d5c56ea68bcd76629 |
| SHA512 | 7cd304b318a79f8414d976c9ea47af374d5efca83baac661d5df9722a58e7952c3712d64205ce93530a913c0ba5347e2246661e9709aafd147c1793124f569a3 |