Analysis Overview
SHA256
a0dc464d4cce80c660597babf8923ad92308d4a14fafaa54cdc7670e09dd7955
Threat Level: Known bad
The file 2024-01-25_ba912d46e1acfaf79d03097f09a2702c_goldeneye was found to be: Known bad.
Malicious Activity Summary
Kinsing
Auto-generated rule
Auto-generated rule
Modifies Installed Components in the registry
Deletes itself
Executes dropped EXE
Drops file in Windows directory
Unsigned PE
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-01-25 17:36
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-01-25 17:36
Reported
2024-01-25 17:39
Platform
win7-20231215-en
Max time kernel
144s
Max time network
121s
Command Line
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{4256BE8D-89BF-470c-BF07-975D1302F613}\stubpath = "C:\\Windows\\{4256BE8D-89BF-470c-BF07-975D1302F613}.exe" | C:\Windows\{6C3C2157-0D30-4fb0-B373-5170F15179BB}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{FC04DF75-B70F-4349-BB4D-8527F1446938}\stubpath = "C:\\Windows\\{FC04DF75-B70F-4349-BB4D-8527F1446938}.exe" | C:\Windows\{4256BE8D-89BF-470c-BF07-975D1302F613}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{D39524EA-A969-4896-BED0-AC9B3702A241} | C:\Windows\{53CE17B9-5D5F-4791-A413-4010C7ECF99F}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{6039610C-50B8-4cc7-8CF4-6F42B8F780E1} | C:\Windows\{D39524EA-A969-4896-BED0-AC9B3702A241}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{70F64A43-3318-4bcf-AAEC-786F8240203B}\stubpath = "C:\\Windows\\{70F64A43-3318-4bcf-AAEC-786F8240203B}.exe" | C:\Windows\{6039610C-50B8-4cc7-8CF4-6F42B8F780E1}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{204046ED-4538-4740-B41C-0CEF24082813} | C:\Users\Admin\AppData\Local\Temp\2024-01-25_ba912d46e1acfaf79d03097f09a2702c_goldeneye.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{204046ED-4538-4740-B41C-0CEF24082813}\stubpath = "C:\\Windows\\{204046ED-4538-4740-B41C-0CEF24082813}.exe" | C:\Users\Admin\AppData\Local\Temp\2024-01-25_ba912d46e1acfaf79d03097f09a2702c_goldeneye.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{6C3C2157-0D30-4fb0-B373-5170F15179BB} | C:\Windows\{33C06764-CF96-4c23-9BED-BA414C102AA9}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{53CE17B9-5D5F-4791-A413-4010C7ECF99F} | C:\Windows\{F66CF1B8-C598-45ad-82C1-1C1AAC803E2F}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{D39524EA-A969-4896-BED0-AC9B3702A241}\stubpath = "C:\\Windows\\{D39524EA-A969-4896-BED0-AC9B3702A241}.exe" | C:\Windows\{53CE17B9-5D5F-4791-A413-4010C7ECF99F}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{6039610C-50B8-4cc7-8CF4-6F42B8F780E1}\stubpath = "C:\\Windows\\{6039610C-50B8-4cc7-8CF4-6F42B8F780E1}.exe" | C:\Windows\{D39524EA-A969-4896-BED0-AC9B3702A241}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{446CF7C2-059F-4a6f-9E34-2A8B32B42CF1}\stubpath = "C:\\Windows\\{446CF7C2-059F-4a6f-9E34-2A8B32B42CF1}.exe" | C:\Windows\{70F64A43-3318-4bcf-AAEC-786F8240203B}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{33C06764-CF96-4c23-9BED-BA414C102AA9}\stubpath = "C:\\Windows\\{33C06764-CF96-4c23-9BED-BA414C102AA9}.exe" | C:\Windows\{204046ED-4538-4740-B41C-0CEF24082813}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{6C3C2157-0D30-4fb0-B373-5170F15179BB}\stubpath = "C:\\Windows\\{6C3C2157-0D30-4fb0-B373-5170F15179BB}.exe" | C:\Windows\{33C06764-CF96-4c23-9BED-BA414C102AA9}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{F66CF1B8-C598-45ad-82C1-1C1AAC803E2F} | C:\Windows\{FC04DF75-B70F-4349-BB4D-8527F1446938}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{53CE17B9-5D5F-4791-A413-4010C7ECF99F}\stubpath = "C:\\Windows\\{53CE17B9-5D5F-4791-A413-4010C7ECF99F}.exe" | C:\Windows\{F66CF1B8-C598-45ad-82C1-1C1AAC803E2F}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{70F64A43-3318-4bcf-AAEC-786F8240203B} | C:\Windows\{6039610C-50B8-4cc7-8CF4-6F42B8F780E1}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{4256BE8D-89BF-470c-BF07-975D1302F613} | C:\Windows\{6C3C2157-0D30-4fb0-B373-5170F15179BB}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{FC04DF75-B70F-4349-BB4D-8527F1446938} | C:\Windows\{4256BE8D-89BF-470c-BF07-975D1302F613}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{F66CF1B8-C598-45ad-82C1-1C1AAC803E2F}\stubpath = "C:\\Windows\\{F66CF1B8-C598-45ad-82C1-1C1AAC803E2F}.exe" | C:\Windows\{FC04DF75-B70F-4349-BB4D-8527F1446938}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{33C06764-CF96-4c23-9BED-BA414C102AA9} | C:\Windows\{204046ED-4538-4740-B41C-0CEF24082813}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{446CF7C2-059F-4a6f-9E34-2A8B32B42CF1} | C:\Windows\{70F64A43-3318-4bcf-AAEC-786F8240203B}.exe | N/A |
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\cmd.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\{204046ED-4538-4740-B41C-0CEF24082813}.exe | N/A |
| N/A | N/A | C:\Windows\{33C06764-CF96-4c23-9BED-BA414C102AA9}.exe | N/A |
| N/A | N/A | C:\Windows\{6C3C2157-0D30-4fb0-B373-5170F15179BB}.exe | N/A |
| N/A | N/A | C:\Windows\{4256BE8D-89BF-470c-BF07-975D1302F613}.exe | N/A |
| N/A | N/A | C:\Windows\{FC04DF75-B70F-4349-BB4D-8527F1446938}.exe | N/A |
| N/A | N/A | C:\Windows\{F66CF1B8-C598-45ad-82C1-1C1AAC803E2F}.exe | N/A |
| N/A | N/A | C:\Windows\{53CE17B9-5D5F-4791-A413-4010C7ECF99F}.exe | N/A |
| N/A | N/A | C:\Windows\{D39524EA-A969-4896-BED0-AC9B3702A241}.exe | N/A |
| N/A | N/A | C:\Windows\{6039610C-50B8-4cc7-8CF4-6F42B8F780E1}.exe | N/A |
| N/A | N/A | C:\Windows\{70F64A43-3318-4bcf-AAEC-786F8240203B}.exe | N/A |
| N/A | N/A | C:\Windows\{446CF7C2-059F-4a6f-9E34-2A8B32B42CF1}.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\{204046ED-4538-4740-B41C-0CEF24082813}.exe | C:\Users\Admin\AppData\Local\Temp\2024-01-25_ba912d46e1acfaf79d03097f09a2702c_goldeneye.exe | N/A |
| File created | C:\Windows\{4256BE8D-89BF-470c-BF07-975D1302F613}.exe | C:\Windows\{6C3C2157-0D30-4fb0-B373-5170F15179BB}.exe | N/A |
| File created | C:\Windows\{FC04DF75-B70F-4349-BB4D-8527F1446938}.exe | C:\Windows\{4256BE8D-89BF-470c-BF07-975D1302F613}.exe | N/A |
| File created | C:\Windows\{53CE17B9-5D5F-4791-A413-4010C7ECF99F}.exe | C:\Windows\{F66CF1B8-C598-45ad-82C1-1C1AAC803E2F}.exe | N/A |
| File created | C:\Windows\{6039610C-50B8-4cc7-8CF4-6F42B8F780E1}.exe | C:\Windows\{D39524EA-A969-4896-BED0-AC9B3702A241}.exe | N/A |
| File created | C:\Windows\{70F64A43-3318-4bcf-AAEC-786F8240203B}.exe | C:\Windows\{6039610C-50B8-4cc7-8CF4-6F42B8F780E1}.exe | N/A |
| File created | C:\Windows\{446CF7C2-059F-4a6f-9E34-2A8B32B42CF1}.exe | C:\Windows\{70F64A43-3318-4bcf-AAEC-786F8240203B}.exe | N/A |
| File created | C:\Windows\{33C06764-CF96-4c23-9BED-BA414C102AA9}.exe | C:\Windows\{204046ED-4538-4740-B41C-0CEF24082813}.exe | N/A |
| File created | C:\Windows\{6C3C2157-0D30-4fb0-B373-5170F15179BB}.exe | C:\Windows\{33C06764-CF96-4c23-9BED-BA414C102AA9}.exe | N/A |
| File created | C:\Windows\{F66CF1B8-C598-45ad-82C1-1C1AAC803E2F}.exe | C:\Windows\{FC04DF75-B70F-4349-BB4D-8527F1446938}.exe | N/A |
| File created | C:\Windows\{D39524EA-A969-4896-BED0-AC9B3702A241}.exe | C:\Windows\{53CE17B9-5D5F-4791-A413-4010C7ECF99F}.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ba912d46e1acfaf79d03097f09a2702c_goldeneye.exe
"C:\Users\Admin\AppData\Local\Temp\2024-01-25_ba912d46e1acfaf79d03097f09a2702c_goldeneye.exe"
C:\Windows\{204046ED-4538-4740-B41C-0CEF24082813}.exe
C:\Windows\{204046ED-4538-4740-B41C-0CEF24082813}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
C:\Windows\{33C06764-CF96-4c23-9BED-BA414C102AA9}.exe
C:\Windows\{33C06764-CF96-4c23-9BED-BA414C102AA9}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{20404~1.EXE > nul
C:\Windows\{6C3C2157-0D30-4fb0-B373-5170F15179BB}.exe
C:\Windows\{6C3C2157-0D30-4fb0-B373-5170F15179BB}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{33C06~1.EXE > nul
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{6C3C2~1.EXE > nul
C:\Windows\{4256BE8D-89BF-470c-BF07-975D1302F613}.exe
C:\Windows\{4256BE8D-89BF-470c-BF07-975D1302F613}.exe
C:\Windows\{FC04DF75-B70F-4349-BB4D-8527F1446938}.exe
C:\Windows\{FC04DF75-B70F-4349-BB4D-8527F1446938}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{4256B~1.EXE > nul
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{FC04D~1.EXE > nul
C:\Windows\{F66CF1B8-C598-45ad-82C1-1C1AAC803E2F}.exe
C:\Windows\{F66CF1B8-C598-45ad-82C1-1C1AAC803E2F}.exe
C:\Windows\{53CE17B9-5D5F-4791-A413-4010C7ECF99F}.exe
C:\Windows\{53CE17B9-5D5F-4791-A413-4010C7ECF99F}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{F66CF~1.EXE > nul
C:\Windows\{D39524EA-A969-4896-BED0-AC9B3702A241}.exe
C:\Windows\{D39524EA-A969-4896-BED0-AC9B3702A241}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{53CE1~1.EXE > nul
C:\Windows\{6039610C-50B8-4cc7-8CF4-6F42B8F780E1}.exe
C:\Windows\{6039610C-50B8-4cc7-8CF4-6F42B8F780E1}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{D3952~1.EXE > nul
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{60396~1.EXE > nul
C:\Windows\{70F64A43-3318-4bcf-AAEC-786F8240203B}.exe
C:\Windows\{70F64A43-3318-4bcf-AAEC-786F8240203B}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{70F64~1.EXE > nul
C:\Windows\{446CF7C2-059F-4a6f-9E34-2A8B32B42CF1}.exe
C:\Windows\{446CF7C2-059F-4a6f-9E34-2A8B32B42CF1}.exe
Network
Files
C:\Windows\{204046ED-4538-4740-B41C-0CEF24082813}.exe
| MD5 | d1681548f57a7e905544e3afdae41268 |
| SHA1 | 196e3a097a9b264689a8251d0823b032c4c2cfb6 |
| SHA256 | 8872317a370fc34ec1fb0f763f182878ce1fe9e7849e1ee381c18887d73ea704 |
| SHA512 | 28b858da6065a6bc1bbe0007f6f9ab80b0bb6c37a66dbde3ac088c1a09ffb619a492bddaeb98abcf9a2a25c908a2cc8976c31d6e621229f311eb8c914f1cc8a4 |
C:\Windows\{33C06764-CF96-4c23-9BED-BA414C102AA9}.exe
| MD5 | 7447b49fdb68a3dead993273d3ac4d5e |
| SHA1 | 03c9cf286a09c7829b42f09cf0a662629b34a504 |
| SHA256 | b6330b31457a1fa72bcbe748f53a5d4666eeb61694377b61dd3f507edc939c9c |
| SHA512 | b047b154f0f72153fb45bda49f4f0a7fd5071142e284c6642928160fab4505295a5f704bf74eb8a48890ebab2b19e4a6d0f99ca6fb0e8286a4ff71d60fab6834 |
C:\Windows\{6C3C2157-0D30-4fb0-B373-5170F15179BB}.exe
| MD5 | 3c73f7af5954b80e0baf6023885bb4ef |
| SHA1 | 49abe7efb3d648e159b8ff83c3f2b19226eeda46 |
| SHA256 | 8554c68dc2d2be61abd1260bff04aa48c1d9a9f13d8a5fec651caeb258d4f1be |
| SHA512 | ce9b42e9e28e9ca6c734a89c3c50695d96245eb81d201565e692c67de78134adcfcc3d2a8f943d745108d7b3840dfc60b2102167761e6d742c4605ed445abee5 |
C:\Windows\{4256BE8D-89BF-470c-BF07-975D1302F613}.exe
| MD5 | e3116d36623e3d88db9a38f11cfefc54 |
| SHA1 | 335907a1fb60e0b75d8af476c2722673a8816d31 |
| SHA256 | 996ad2583b2b438bde837543eaf84130c060ea5378fa21f7bee2cbc888546ca7 |
| SHA512 | aa1fc7507e677bf6530f3831fc02c80b35ccb51c7812b6f60ed43fdce6f4b5f4ad5f59cd26b846078164e9bb7bd4ae6e252ed7985d1cc9c2ac4581971725fe45 |
C:\Windows\{FC04DF75-B70F-4349-BB4D-8527F1446938}.exe
| MD5 | 6911081714ca4053adc962909842572c |
| SHA1 | daf2aadceace86d72ab4dcbe5908daaa3a907c77 |
| SHA256 | 53a8a139020a18164d4cac5fbf9f9be70d43e7dce22145c4fc89772f5a28e94a |
| SHA512 | 4becf8961324a02aa12d6f4b3ebe43a53bbfd64d8de545560e74efc3db3543370a11919901e25a76af1e0a494089c1068743688744a899604d62501bc854ba6f |
C:\Windows\{F66CF1B8-C598-45ad-82C1-1C1AAC803E2F}.exe
| MD5 | 3da2d172f6b840cbfb992573a1c67fa0 |
| SHA1 | 4269e1240d93746df18bbbffe2a19aaa596ccdde |
| SHA256 | 545370ecafadce51d3c2f99a9d9f8ab16e2a22f92e7b4fd98800644d7a5ad7ab |
| SHA512 | 20698fe5cd92f2ce9e71f8d79e0488c892551951d18cb8bb9af210c2ff44b9fe683f59ca52f672abeafac085386c640ddb54f978664e314aff6368f8e468ccca |
C:\Windows\{53CE17B9-5D5F-4791-A413-4010C7ECF99F}.exe
| MD5 | c62d8296eacfdc087e9c00f09ef69169 |
| SHA1 | 5508ff96abdf56037df49387e0a4ece85da10fd0 |
| SHA256 | 871885ec5d39fd779809fbe204c8be31d588d694b111c3d261c3ccf7047ffbc1 |
| SHA512 | e07ff7eccb0667461a6d8c1eeef5e6c211b575812091bc77fead17ff4cd134492b275c5b49ed23e634703426aff56b1fd2d20bc222d71a3289b9c8a46f2b1570 |
C:\Windows\{D39524EA-A969-4896-BED0-AC9B3702A241}.exe
| MD5 | e5c8cf745316728b5ae9cf9a5032ace4 |
| SHA1 | 38dc4d46acd4e39257063086abf0f4685a078346 |
| SHA256 | 5e14ea9f3faf41b4876454039cf9d26bc26cd4b2c48a8aa579185bb2290563d5 |
| SHA512 | ab38d9876927b84a00a992f704e9d3d43098bcadd72faffeff8899054b58acd77f791ccd788232a282466c5202fccff3899fef6b6c16a6dd48a063d9257f6f23 |
C:\Windows\{6039610C-50B8-4cc7-8CF4-6F42B8F780E1}.exe
| MD5 | 3b18815df039bffde436a31c04991c0f |
| SHA1 | 26f4de68e522cea93ad5efae7739e0ede137d979 |
| SHA256 | fb3df338585fdd8c1bd559e942bd53b606a5ac96abeda28f620d886ad4820649 |
| SHA512 | 29b029fe1b13cd518806151a841848044ce6727905738e0a2d606ec39375c0a0740b80fadf0fd159c5d79846610e30efed76a8f83019a7cc56bc035322fb9290 |
C:\Windows\{6039610C-50B8-4cc7-8CF4-6F42B8F780E1}.exe
| MD5 | 2da380725c265b17b0360128fa811e1c |
| SHA1 | c3918750ca56efb7fb1b5201cc9a450dc8affe2c |
| SHA256 | e106325e3cc84662d636d73531eb3fadda65d5683d26a4f3b141076e35d7685d |
| SHA512 | 24b7bf8a04a35151239c52cfc594785cc3f96b8a11c689fb3e7fe0df13db81a986d6737fd19f3066c4797aa8e7b7f3e0561c39f49628bb0f83bcd3b78c6f7323 |
C:\Windows\{70F64A43-3318-4bcf-AAEC-786F8240203B}.exe
| MD5 | c82363d45350ffc565e77e4dde1981d2 |
| SHA1 | 09225c83b39e742492ba10fdd9cd514e93e0cc32 |
| SHA256 | fc65257a93df557dbfa3004031eb702ed9406af5b89250869ac175ece506d508 |
| SHA512 | 8572f9656f0529ae1bd3c11065ed5d39a0fda939b2a2e770d028020606cdcf5951378f4534a4bc3385e717e43db75d07b16c614f20ab789ffb110d2484a3e07d |
C:\Windows\{446CF7C2-059F-4a6f-9E34-2A8B32B42CF1}.exe
| MD5 | 239d82296c8c6485c0913f12d97a4032 |
| SHA1 | d83f67736731947c3025fcd4d7ac8f5bbdac4b05 |
| SHA256 | 09d744b070bec3d52d3a821096df789de8dab8002b317c5f7c6078dcea135916 |
| SHA512 | e2ed9fe45fd236d54a96e56b13ee12a907718a1607235284056753307dd614be68a03165959ca11c157deccd6f1895d886ab091677bd448cb398e8be3c18c87c |
Analysis: behavioral2
Detonation Overview
Submitted
2024-01-25 17:36
Reported
2024-01-25 17:39
Platform
win10v2004-20231222-en
Max time kernel
149s
Max time network
121s
Command Line
Signatures
Kinsing
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{8551C881-BBDE-4ced-9E91-39DF7869C7E0}\stubpath = "C:\\Windows\\{8551C881-BBDE-4ced-9E91-39DF7869C7E0}.exe" | C:\Windows\{DAD82DD5-53A4-4bf2-BEEF-2BFB20BF160D}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{EBCCADB4-7C44-4862-AB2F-34C1966E9F24} | C:\Windows\{8551C881-BBDE-4ced-9E91-39DF7869C7E0}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{EBCCADB4-7C44-4862-AB2F-34C1966E9F24}\stubpath = "C:\\Windows\\{EBCCADB4-7C44-4862-AB2F-34C1966E9F24}.exe" | C:\Windows\{8551C881-BBDE-4ced-9E91-39DF7869C7E0}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{26002FD4-506F-4c36-8D6F-5EAF6055645E} | C:\Windows\{687CE137-DE99-4efc-BED3-8623A85FCF29}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{72980CFE-CB37-40b6-9963-A224BAC4BB16} | C:\Windows\{8D83283C-F091-4629-82A2-D8E726D4E244}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5426CA61-0DFD-4660-AA3D-8F7AFE38BBF5}\stubpath = "C:\\Windows\\{5426CA61-0DFD-4660-AA3D-8F7AFE38BBF5}.exe" | C:\Windows\{72980CFE-CB37-40b6-9963-A224BAC4BB16}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{687CE137-DE99-4efc-BED3-8623A85FCF29} | C:\Windows\{EBCCADB4-7C44-4862-AB2F-34C1966E9F24}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{26002FD4-506F-4c36-8D6F-5EAF6055645E}\stubpath = "C:\\Windows\\{26002FD4-506F-4c36-8D6F-5EAF6055645E}.exe" | C:\Windows\{687CE137-DE99-4efc-BED3-8623A85FCF29}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{31A19E2F-6C67-4d4d-AE58-83CACB738BF3}\stubpath = "C:\\Windows\\{31A19E2F-6C67-4d4d-AE58-83CACB738BF3}.exe" | C:\Windows\{255AEA71-27D5-465e-B041-DAB523135730}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{2F97DB11-74EE-4363-97E6-0374FBC59718} | C:\Windows\{31A19E2F-6C67-4d4d-AE58-83CACB738BF3}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{8D83283C-F091-4629-82A2-D8E726D4E244} | C:\Windows\{2F97DB11-74EE-4363-97E6-0374FBC59718}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{31A19E2F-6C67-4d4d-AE58-83CACB738BF3} | C:\Windows\{255AEA71-27D5-465e-B041-DAB523135730}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{8D83283C-F091-4629-82A2-D8E726D4E244}\stubpath = "C:\\Windows\\{8D83283C-F091-4629-82A2-D8E726D4E244}.exe" | C:\Windows\{2F97DB11-74EE-4363-97E6-0374FBC59718}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{D0F1EA7A-2F1B-4efa-B788-AC2990267966} | C:\Users\Admin\AppData\Local\Temp\2024-01-25_ba912d46e1acfaf79d03097f09a2702c_goldeneye.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{D0F1EA7A-2F1B-4efa-B788-AC2990267966}\stubpath = "C:\\Windows\\{D0F1EA7A-2F1B-4efa-B788-AC2990267966}.exe" | C:\Users\Admin\AppData\Local\Temp\2024-01-25_ba912d46e1acfaf79d03097f09a2702c_goldeneye.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{DAD82DD5-53A4-4bf2-BEEF-2BFB20BF160D}\stubpath = "C:\\Windows\\{DAD82DD5-53A4-4bf2-BEEF-2BFB20BF160D}.exe" | C:\Windows\{D0F1EA7A-2F1B-4efa-B788-AC2990267966}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{8551C881-BBDE-4ced-9E91-39DF7869C7E0} | C:\Windows\{DAD82DD5-53A4-4bf2-BEEF-2BFB20BF160D}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{687CE137-DE99-4efc-BED3-8623A85FCF29}\stubpath = "C:\\Windows\\{687CE137-DE99-4efc-BED3-8623A85FCF29}.exe" | C:\Windows\{EBCCADB4-7C44-4862-AB2F-34C1966E9F24}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{255AEA71-27D5-465e-B041-DAB523135730}\stubpath = "C:\\Windows\\{255AEA71-27D5-465e-B041-DAB523135730}.exe" | C:\Windows\{26002FD4-506F-4c36-8D6F-5EAF6055645E}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{DAD82DD5-53A4-4bf2-BEEF-2BFB20BF160D} | C:\Windows\{D0F1EA7A-2F1B-4efa-B788-AC2990267966}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{255AEA71-27D5-465e-B041-DAB523135730} | C:\Windows\{26002FD4-506F-4c36-8D6F-5EAF6055645E}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{2F97DB11-74EE-4363-97E6-0374FBC59718}\stubpath = "C:\\Windows\\{2F97DB11-74EE-4363-97E6-0374FBC59718}.exe" | C:\Windows\{31A19E2F-6C67-4d4d-AE58-83CACB738BF3}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{72980CFE-CB37-40b6-9963-A224BAC4BB16}\stubpath = "C:\\Windows\\{72980CFE-CB37-40b6-9963-A224BAC4BB16}.exe" | C:\Windows\{8D83283C-F091-4629-82A2-D8E726D4E244}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5426CA61-0DFD-4660-AA3D-8F7AFE38BBF5} | C:\Windows\{72980CFE-CB37-40b6-9963-A224BAC4BB16}.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\{D0F1EA7A-2F1B-4efa-B788-AC2990267966}.exe | N/A |
| N/A | N/A | C:\Windows\{DAD82DD5-53A4-4bf2-BEEF-2BFB20BF160D}.exe | N/A |
| N/A | N/A | C:\Windows\{8551C881-BBDE-4ced-9E91-39DF7869C7E0}.exe | N/A |
| N/A | N/A | C:\Windows\{EBCCADB4-7C44-4862-AB2F-34C1966E9F24}.exe | N/A |
| N/A | N/A | C:\Windows\{687CE137-DE99-4efc-BED3-8623A85FCF29}.exe | N/A |
| N/A | N/A | C:\Windows\{26002FD4-506F-4c36-8D6F-5EAF6055645E}.exe | N/A |
| N/A | N/A | C:\Windows\{255AEA71-27D5-465e-B041-DAB523135730}.exe | N/A |
| N/A | N/A | C:\Windows\{31A19E2F-6C67-4d4d-AE58-83CACB738BF3}.exe | N/A |
| N/A | N/A | C:\Windows\{2F97DB11-74EE-4363-97E6-0374FBC59718}.exe | N/A |
| N/A | N/A | C:\Windows\{8D83283C-F091-4629-82A2-D8E726D4E244}.exe | N/A |
| N/A | N/A | C:\Windows\{72980CFE-CB37-40b6-9963-A224BAC4BB16}.exe | N/A |
| N/A | N/A | C:\Windows\{5426CA61-0DFD-4660-AA3D-8F7AFE38BBF5}.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\{255AEA71-27D5-465e-B041-DAB523135730}.exe | C:\Windows\{26002FD4-506F-4c36-8D6F-5EAF6055645E}.exe | N/A |
| File created | C:\Windows\{8D83283C-F091-4629-82A2-D8E726D4E244}.exe | C:\Windows\{2F97DB11-74EE-4363-97E6-0374FBC59718}.exe | N/A |
| File created | C:\Windows\{DAD82DD5-53A4-4bf2-BEEF-2BFB20BF160D}.exe | C:\Windows\{D0F1EA7A-2F1B-4efa-B788-AC2990267966}.exe | N/A |
| File created | C:\Windows\{8551C881-BBDE-4ced-9E91-39DF7869C7E0}.exe | C:\Windows\{DAD82DD5-53A4-4bf2-BEEF-2BFB20BF160D}.exe | N/A |
| File created | C:\Windows\{687CE137-DE99-4efc-BED3-8623A85FCF29}.exe | C:\Windows\{EBCCADB4-7C44-4862-AB2F-34C1966E9F24}.exe | N/A |
| File created | C:\Windows\{26002FD4-506F-4c36-8D6F-5EAF6055645E}.exe | C:\Windows\{687CE137-DE99-4efc-BED3-8623A85FCF29}.exe | N/A |
| File created | C:\Windows\{31A19E2F-6C67-4d4d-AE58-83CACB738BF3}.exe | C:\Windows\{255AEA71-27D5-465e-B041-DAB523135730}.exe | N/A |
| File created | C:\Windows\{2F97DB11-74EE-4363-97E6-0374FBC59718}.exe | C:\Windows\{31A19E2F-6C67-4d4d-AE58-83CACB738BF3}.exe | N/A |
| File created | C:\Windows\{72980CFE-CB37-40b6-9963-A224BAC4BB16}.exe | C:\Windows\{8D83283C-F091-4629-82A2-D8E726D4E244}.exe | N/A |
| File created | C:\Windows\{5426CA61-0DFD-4660-AA3D-8F7AFE38BBF5}.exe | C:\Windows\{72980CFE-CB37-40b6-9963-A224BAC4BB16}.exe | N/A |
| File created | C:\Windows\{D0F1EA7A-2F1B-4efa-B788-AC2990267966}.exe | C:\Users\Admin\AppData\Local\Temp\2024-01-25_ba912d46e1acfaf79d03097f09a2702c_goldeneye.exe | N/A |
| File created | C:\Windows\{EBCCADB4-7C44-4862-AB2F-34C1966E9F24}.exe | C:\Windows\{8551C881-BBDE-4ced-9E91-39DF7869C7E0}.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-01-25_ba912d46e1acfaf79d03097f09a2702c_goldeneye.exe
"C:\Users\Admin\AppData\Local\Temp\2024-01-25_ba912d46e1acfaf79d03097f09a2702c_goldeneye.exe"
C:\Windows\{D0F1EA7A-2F1B-4efa-B788-AC2990267966}.exe
C:\Windows\{D0F1EA7A-2F1B-4efa-B788-AC2990267966}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
C:\Windows\{DAD82DD5-53A4-4bf2-BEEF-2BFB20BF160D}.exe
C:\Windows\{DAD82DD5-53A4-4bf2-BEEF-2BFB20BF160D}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{D0F1E~1.EXE > nul
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{DAD82~1.EXE > nul
C:\Windows\{8551C881-BBDE-4ced-9E91-39DF7869C7E0}.exe
C:\Windows\{8551C881-BBDE-4ced-9E91-39DF7869C7E0}.exe
C:\Windows\{EBCCADB4-7C44-4862-AB2F-34C1966E9F24}.exe
C:\Windows\{EBCCADB4-7C44-4862-AB2F-34C1966E9F24}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{8551C~1.EXE > nul
C:\Windows\{687CE137-DE99-4efc-BED3-8623A85FCF29}.exe
C:\Windows\{687CE137-DE99-4efc-BED3-8623A85FCF29}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{EBCCA~1.EXE > nul
C:\Windows\{26002FD4-506F-4c36-8D6F-5EAF6055645E}.exe
C:\Windows\{26002FD4-506F-4c36-8D6F-5EAF6055645E}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{687CE~1.EXE > nul
C:\Windows\{255AEA71-27D5-465e-B041-DAB523135730}.exe
C:\Windows\{255AEA71-27D5-465e-B041-DAB523135730}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{26002~1.EXE > nul
C:\Windows\{31A19E2F-6C67-4d4d-AE58-83CACB738BF3}.exe
C:\Windows\{31A19E2F-6C67-4d4d-AE58-83CACB738BF3}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{255AE~1.EXE > nul
C:\Windows\{2F97DB11-74EE-4363-97E6-0374FBC59718}.exe
C:\Windows\{2F97DB11-74EE-4363-97E6-0374FBC59718}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{31A19~1.EXE > nul
C:\Windows\{8D83283C-F091-4629-82A2-D8E726D4E244}.exe
C:\Windows\{8D83283C-F091-4629-82A2-D8E726D4E244}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{2F97D~1.EXE > nul
C:\Windows\{72980CFE-CB37-40b6-9963-A224BAC4BB16}.exe
C:\Windows\{72980CFE-CB37-40b6-9963-A224BAC4BB16}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{8D832~1.EXE > nul
C:\Windows\{5426CA61-0DFD-4660-AA3D-8F7AFE38BBF5}.exe
C:\Windows\{5426CA61-0DFD-4660-AA3D-8F7AFE38BBF5}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{72980~1.EXE > nul
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.160.77.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
Files
C:\Windows\{D0F1EA7A-2F1B-4efa-B788-AC2990267966}.exe
| MD5 | 3f2c8847ba1bb9983a21e2a618b340eb |
| SHA1 | c1eaa587ec107df27b11de37b9d20eaddaef5a99 |
| SHA256 | f2fdd9b736294e72966c2ab1a8175d82565ec965135e9eac053f67744f843a3b |
| SHA512 | 416c231ef17236c2c779df6309a796a4c7098d5ec1911d53f1084aab26a1a05de6f58d8e5289d2105dd91f82bd63778f3cc8dd62c95e6e98dd8f60d9f4504562 |
C:\Windows\{DAD82DD5-53A4-4bf2-BEEF-2BFB20BF160D}.exe
| MD5 | 3ad93555b272340ce1c232a8f6e90636 |
| SHA1 | c31bcd7ea04d78e5aa27d44bbeffb2809ee72b03 |
| SHA256 | bb169600d6a69eebef5f748d13b3a74de68bd54f732456aaa26096c61402ef9f |
| SHA512 | 29f855402656acc2529153c0fc35809ea71e7319682444d16fd16a2acb32ab5a11d55a3c2c9ab885b89f67ae5fb238e23f379eb00ff1377b9e78d1597e4844fa |
C:\Windows\{8551C881-BBDE-4ced-9E91-39DF7869C7E0}.exe
| MD5 | c6d99bca47238adca0caa6f6c8cb5224 |
| SHA1 | 1efd167492fc97c2ce82b033dbb6e3a72135af20 |
| SHA256 | 6abd9c9eed6f609b22cb67eb8979bfc515733af26995b309ee63af0022e2a72b |
| SHA512 | eb8ff37dadeab539b323ad421debf7b5cb9c6ea579d36dc836575f84dccb00e441365e64143b451bba94ac5f2afa2242930f2f9adc1d6984d8e70f01a8f66528 |
C:\Windows\{EBCCADB4-7C44-4862-AB2F-34C1966E9F24}.exe
| MD5 | d78716954c68dbd11f79d23d871628b7 |
| SHA1 | 9528d6680e522804b965ac27a13122278ce3f27b |
| SHA256 | 045a754c7e47a503c1d331d914a4f3eddc4ec627b2d09f87fc7c7a0d6230667c |
| SHA512 | 5f95d490edd55176b15c6fd851bd3c90170661e6554a600f484bef0587e66eecebe890ef2bce3dc9c72373c0ea9441e105ad8233e0690dea761ab953293f60dc |
C:\Windows\{687CE137-DE99-4efc-BED3-8623A85FCF29}.exe
| MD5 | 2f9de40965eaa1f04679fa3b86b41e42 |
| SHA1 | 74442d5c6a5b5a94f517e70860eb1628d4278202 |
| SHA256 | 2500fa0707570997c2397d8562b3aca6e9ec573c1ecd052a323221bdbcf494e1 |
| SHA512 | e2445bfc1886cc33b09b3a56cf1310abb864d8759d23133f9d85713d6c455d1294e29d8a59724b87f5a17d4ea67f889bc0158d76740ae57161ab0044ccccc779 |
C:\Windows\{26002FD4-506F-4c36-8D6F-5EAF6055645E}.exe
| MD5 | d60d062cc485e375ba2ad9cda175ced9 |
| SHA1 | 144120e50323979917ddedbd72c49ac11e0802ec |
| SHA256 | f0c25b0909bb1a23513e7e0dac60f9e3fa9278e2f18db111f2326e34046a5fb7 |
| SHA512 | 71bd8c206d5793c95f2e3ef6501ccf46d1f9fc958d8540bda7b4f67aa4273a9807a8c0328949fe7624d207c4a778e00173be0e59a238a896116d5dabe3d4cf7b |
C:\Windows\{255AEA71-27D5-465e-B041-DAB523135730}.exe
| MD5 | d160ea73dc890acf1245521155bf6a48 |
| SHA1 | 89139413275bbb67d4c4a939d262b5585b03be3b |
| SHA256 | 6013169d6982817f32312926f38291ac21a4a7e544f83223a5e311f8bdebf5d1 |
| SHA512 | 5c2d6ca02a77bc6f319cd72b090ebd9b8bc62cea1d351eb864ca0e1965b37f5366de5738ff9284979f1cd98cc243958db11d04523aef139c1314ba2504de45cd |
C:\Windows\{31A19E2F-6C67-4d4d-AE58-83CACB738BF3}.exe
| MD5 | e3547d30411c2e30d3a4174a6195cc3a |
| SHA1 | a7c1a725a99d9ee4148d5daee50a0ee820f0ae80 |
| SHA256 | 34ef292f1c40b6207386e04f5d82599d62894b688f865e369a5e5e846ed4d4fc |
| SHA512 | 9c829c0aa971a35db5ee00adee66f46ca8d2530735b1bc0ca591bf51d3f357793b3d825435f061d113d8dc71a7e7a99e84f49258e44e653c75ef2dc0dd11f98a |
C:\Windows\{2F97DB11-74EE-4363-97E6-0374FBC59718}.exe
| MD5 | 1c6c74ee0d04faa923a568d63c572f08 |
| SHA1 | 22dc23ee26b8725c040fef1e32830ccc54d5183e |
| SHA256 | a53fa27a6f9cbd5ad4ad58a1742ed74c3ef7037c5a2b78c60bd2d0c83c22342c |
| SHA512 | 80a4aef67625aad40398c89ab987806b305bbf28ad3e29789d246517fbab1aa6aae8fde2e5c7cec6aac58aea0df8de8ff0c78c92ff3484a92f48a1ff935bb93f |
C:\Windows\{8D83283C-F091-4629-82A2-D8E726D4E244}.exe
| MD5 | 319047231fc6b8b37797b25610084c5c |
| SHA1 | eacf06566d10b615488506fc6ced14d760d5f97e |
| SHA256 | 945c1022d3aa74a9d84a53e025292d20ff7cbbf884ac611a4bd5042ed42bf3ef |
| SHA512 | 76bc7c52ae0e8ff3ce96b800e8b49e68ba8817b545a99c1d572ac70149e980b9a8646606e099194aa01202380ca9591980c98791bae8dfbcf1575b57e9a79570 |
C:\Windows\{72980CFE-CB37-40b6-9963-A224BAC4BB16}.exe
| MD5 | 3f6ab3fae6a914c5136b267790288391 |
| SHA1 | 6d1d9535f7ecc53e441aa4801c6d69636b443b89 |
| SHA256 | 605cfbdf4946f9360fdbc9e5d13cd1a34240ed9990dd65ab286d89a919b50e6e |
| SHA512 | 18a36faae95cefcf4e4f380f52edf888f2c44707d58dd59cde4f571772c0531d32cb2edae1913cd4d718dc37fe5a728640b170729ff017b8553d4d9d3f7f8549 |
C:\Windows\{5426CA61-0DFD-4660-AA3D-8F7AFE38BBF5}.exe
| MD5 | 06afa3ebb3b5a8927b4b33a65407d62a |
| SHA1 | 04e33eaaa56b0aa4fa68a2c8ee26fa347ba41396 |
| SHA256 | 8eaa31fe0505c2933b1c719a18bb8bd2dc8bbcb723dd79377d6b40f4caccad13 |
| SHA512 | e74fc7e6a54804c0ca0020f1787a5e4d5537585311ce3db519239276e3dc8975e627ef1b0f4edb1b00172ceb9b29e4b5b10def2ef32ae63dda6f1d8fc4308050 |