Analysis Overview
SHA256
20c1f5b05d5cb43caee71a2c91870af3415c008102ab0f54d480f1df4f615b1e
Threat Level: Known bad
The file 2024-03-02_07df5cc6838f279930c33904c850e1db_goldeneye was found to be: Known bad.
Malicious Activity Summary
Auto-generated rule
Auto-generated rule
Modifies Installed Components in the registry
Deletes itself
Executes dropped EXE
Drops file in Windows directory
Unsigned PE
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-03-02 23:21
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-03-02 23:21
Reported
2024-03-02 23:24
Platform
win7-20240215-en
Max time kernel
144s
Max time network
123s
Command Line
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{F7093274-1777-4ac4-B969-E6BE00326EBC} | C:\Windows\{C3C3D896-65C9-4269-B2E0-68CF526001C5}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{349BF865-E6B3-476e-92E2-7DEFAB157E09}\stubpath = "C:\\Windows\\{349BF865-E6B3-476e-92E2-7DEFAB157E09}.exe" | C:\Users\Admin\AppData\Local\Temp\2024-03-02_07df5cc6838f279930c33904c850e1db_goldeneye.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{4FF2C761-D2E2-4581-95D1-C2ABE94D4694}\stubpath = "C:\\Windows\\{4FF2C761-D2E2-4581-95D1-C2ABE94D4694}.exe" | C:\Windows\{5F6A3B75-5CCD-4a75-8079-B64854C42DB7}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{4ACB5DA2-CB29-4044-9E69-59ABF0FC34FD}\stubpath = "C:\\Windows\\{4ACB5DA2-CB29-4044-9E69-59ABF0FC34FD}.exe" | C:\Windows\{C84A3C94-099A-4550-90D4-FEF732FE301E}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{55759448-FCFD-491b-8029-1400D52CA454} | C:\Windows\{4ACB5DA2-CB29-4044-9E69-59ABF0FC34FD}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{55759448-FCFD-491b-8029-1400D52CA454}\stubpath = "C:\\Windows\\{55759448-FCFD-491b-8029-1400D52CA454}.exe" | C:\Windows\{4ACB5DA2-CB29-4044-9E69-59ABF0FC34FD}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{C3C3D896-65C9-4269-B2E0-68CF526001C5} | C:\Windows\{55759448-FCFD-491b-8029-1400D52CA454}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{E0356565-AC7A-46b8-B37E-B4E01826C914} | C:\Windows\{349BF865-E6B3-476e-92E2-7DEFAB157E09}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{D006795E-7BDD-4bef-84E0-C4DF2FD7AD37} | C:\Windows\{4FF2C761-D2E2-4581-95D1-C2ABE94D4694}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{D006795E-7BDD-4bef-84E0-C4DF2FD7AD37}\stubpath = "C:\\Windows\\{D006795E-7BDD-4bef-84E0-C4DF2FD7AD37}.exe" | C:\Windows\{4FF2C761-D2E2-4581-95D1-C2ABE94D4694}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{6F092E89-042A-4a07-A8EF-BE2C0E72E0A0} | C:\Windows\{F7093274-1777-4ac4-B969-E6BE00326EBC}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{E0356565-AC7A-46b8-B37E-B4E01826C914}\stubpath = "C:\\Windows\\{E0356565-AC7A-46b8-B37E-B4E01826C914}.exe" | C:\Windows\{349BF865-E6B3-476e-92E2-7DEFAB157E09}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5F6A3B75-5CCD-4a75-8079-B64854C42DB7}\stubpath = "C:\\Windows\\{5F6A3B75-5CCD-4a75-8079-B64854C42DB7}.exe" | C:\Windows\{E0356565-AC7A-46b8-B37E-B4E01826C914}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{C84A3C94-099A-4550-90D4-FEF732FE301E}\stubpath = "C:\\Windows\\{C84A3C94-099A-4550-90D4-FEF732FE301E}.exe" | C:\Windows\{D006795E-7BDD-4bef-84E0-C4DF2FD7AD37}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{4ACB5DA2-CB29-4044-9E69-59ABF0FC34FD} | C:\Windows\{C84A3C94-099A-4550-90D4-FEF732FE301E}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{C3C3D896-65C9-4269-B2E0-68CF526001C5}\stubpath = "C:\\Windows\\{C3C3D896-65C9-4269-B2E0-68CF526001C5}.exe" | C:\Windows\{55759448-FCFD-491b-8029-1400D52CA454}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{6F092E89-042A-4a07-A8EF-BE2C0E72E0A0}\stubpath = "C:\\Windows\\{6F092E89-042A-4a07-A8EF-BE2C0E72E0A0}.exe" | C:\Windows\{F7093274-1777-4ac4-B969-E6BE00326EBC}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{349BF865-E6B3-476e-92E2-7DEFAB157E09} | C:\Users\Admin\AppData\Local\Temp\2024-03-02_07df5cc6838f279930c33904c850e1db_goldeneye.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5F6A3B75-5CCD-4a75-8079-B64854C42DB7} | C:\Windows\{E0356565-AC7A-46b8-B37E-B4E01826C914}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{4FF2C761-D2E2-4581-95D1-C2ABE94D4694} | C:\Windows\{5F6A3B75-5CCD-4a75-8079-B64854C42DB7}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{C84A3C94-099A-4550-90D4-FEF732FE301E} | C:\Windows\{D006795E-7BDD-4bef-84E0-C4DF2FD7AD37}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{F7093274-1777-4ac4-B969-E6BE00326EBC}\stubpath = "C:\\Windows\\{F7093274-1777-4ac4-B969-E6BE00326EBC}.exe" | C:\Windows\{C3C3D896-65C9-4269-B2E0-68CF526001C5}.exe | N/A |
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\cmd.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\{349BF865-E6B3-476e-92E2-7DEFAB157E09}.exe | N/A |
| N/A | N/A | C:\Windows\{E0356565-AC7A-46b8-B37E-B4E01826C914}.exe | N/A |
| N/A | N/A | C:\Windows\{5F6A3B75-5CCD-4a75-8079-B64854C42DB7}.exe | N/A |
| N/A | N/A | C:\Windows\{4FF2C761-D2E2-4581-95D1-C2ABE94D4694}.exe | N/A |
| N/A | N/A | C:\Windows\{D006795E-7BDD-4bef-84E0-C4DF2FD7AD37}.exe | N/A |
| N/A | N/A | C:\Windows\{C84A3C94-099A-4550-90D4-FEF732FE301E}.exe | N/A |
| N/A | N/A | C:\Windows\{4ACB5DA2-CB29-4044-9E69-59ABF0FC34FD}.exe | N/A |
| N/A | N/A | C:\Windows\{55759448-FCFD-491b-8029-1400D52CA454}.exe | N/A |
| N/A | N/A | C:\Windows\{C3C3D896-65C9-4269-B2E0-68CF526001C5}.exe | N/A |
| N/A | N/A | C:\Windows\{F7093274-1777-4ac4-B969-E6BE00326EBC}.exe | N/A |
| N/A | N/A | C:\Windows\{6F092E89-042A-4a07-A8EF-BE2C0E72E0A0}.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\{349BF865-E6B3-476e-92E2-7DEFAB157E09}.exe | C:\Users\Admin\AppData\Local\Temp\2024-03-02_07df5cc6838f279930c33904c850e1db_goldeneye.exe | N/A |
| File created | C:\Windows\{4FF2C761-D2E2-4581-95D1-C2ABE94D4694}.exe | C:\Windows\{5F6A3B75-5CCD-4a75-8079-B64854C42DB7}.exe | N/A |
| File created | C:\Windows\{55759448-FCFD-491b-8029-1400D52CA454}.exe | C:\Windows\{4ACB5DA2-CB29-4044-9E69-59ABF0FC34FD}.exe | N/A |
| File created | C:\Windows\{C3C3D896-65C9-4269-B2E0-68CF526001C5}.exe | C:\Windows\{55759448-FCFD-491b-8029-1400D52CA454}.exe | N/A |
| File created | C:\Windows\{E0356565-AC7A-46b8-B37E-B4E01826C914}.exe | C:\Windows\{349BF865-E6B3-476e-92E2-7DEFAB157E09}.exe | N/A |
| File created | C:\Windows\{5F6A3B75-5CCD-4a75-8079-B64854C42DB7}.exe | C:\Windows\{E0356565-AC7A-46b8-B37E-B4E01826C914}.exe | N/A |
| File created | C:\Windows\{D006795E-7BDD-4bef-84E0-C4DF2FD7AD37}.exe | C:\Windows\{4FF2C761-D2E2-4581-95D1-C2ABE94D4694}.exe | N/A |
| File created | C:\Windows\{C84A3C94-099A-4550-90D4-FEF732FE301E}.exe | C:\Windows\{D006795E-7BDD-4bef-84E0-C4DF2FD7AD37}.exe | N/A |
| File created | C:\Windows\{4ACB5DA2-CB29-4044-9E69-59ABF0FC34FD}.exe | C:\Windows\{C84A3C94-099A-4550-90D4-FEF732FE301E}.exe | N/A |
| File created | C:\Windows\{F7093274-1777-4ac4-B969-E6BE00326EBC}.exe | C:\Windows\{C3C3D896-65C9-4269-B2E0-68CF526001C5}.exe | N/A |
| File created | C:\Windows\{6F092E89-042A-4a07-A8EF-BE2C0E72E0A0}.exe | C:\Windows\{F7093274-1777-4ac4-B969-E6BE00326EBC}.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-03-02_07df5cc6838f279930c33904c850e1db_goldeneye.exe
"C:\Users\Admin\AppData\Local\Temp\2024-03-02_07df5cc6838f279930c33904c850e1db_goldeneye.exe"
C:\Windows\{349BF865-E6B3-476e-92E2-7DEFAB157E09}.exe
C:\Windows\{349BF865-E6B3-476e-92E2-7DEFAB157E09}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
C:\Windows\{E0356565-AC7A-46b8-B37E-B4E01826C914}.exe
C:\Windows\{E0356565-AC7A-46b8-B37E-B4E01826C914}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{349BF~1.EXE > nul
C:\Windows\{5F6A3B75-5CCD-4a75-8079-B64854C42DB7}.exe
C:\Windows\{5F6A3B75-5CCD-4a75-8079-B64854C42DB7}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{E0356~1.EXE > nul
C:\Windows\{4FF2C761-D2E2-4581-95D1-C2ABE94D4694}.exe
C:\Windows\{4FF2C761-D2E2-4581-95D1-C2ABE94D4694}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{5F6A3~1.EXE > nul
C:\Windows\{D006795E-7BDD-4bef-84E0-C4DF2FD7AD37}.exe
C:\Windows\{D006795E-7BDD-4bef-84E0-C4DF2FD7AD37}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{4FF2C~1.EXE > nul
C:\Windows\{C84A3C94-099A-4550-90D4-FEF732FE301E}.exe
C:\Windows\{C84A3C94-099A-4550-90D4-FEF732FE301E}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{D0067~1.EXE > nul
C:\Windows\{4ACB5DA2-CB29-4044-9E69-59ABF0FC34FD}.exe
C:\Windows\{4ACB5DA2-CB29-4044-9E69-59ABF0FC34FD}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{C84A3~1.EXE > nul
C:\Windows\{55759448-FCFD-491b-8029-1400D52CA454}.exe
C:\Windows\{55759448-FCFD-491b-8029-1400D52CA454}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{4ACB5~1.EXE > nul
C:\Windows\{C3C3D896-65C9-4269-B2E0-68CF526001C5}.exe
C:\Windows\{C3C3D896-65C9-4269-B2E0-68CF526001C5}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{55759~1.EXE > nul
C:\Windows\{F7093274-1777-4ac4-B969-E6BE00326EBC}.exe
C:\Windows\{F7093274-1777-4ac4-B969-E6BE00326EBC}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{C3C3D~1.EXE > nul
C:\Windows\{6F092E89-042A-4a07-A8EF-BE2C0E72E0A0}.exe
C:\Windows\{6F092E89-042A-4a07-A8EF-BE2C0E72E0A0}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{F7093~1.EXE > nul
Network
Files
C:\Windows\{349BF865-E6B3-476e-92E2-7DEFAB157E09}.exe
| MD5 | cb25b0cfcbce8417a444a1818549e343 |
| SHA1 | 3e15d11255b914c0f258733deb2608e44fbd6333 |
| SHA256 | a5a11e872ecc6f0c0e2a9956f7bdad13bb8cb475be309178ed671937bd37ac55 |
| SHA512 | 1543034484d568b647b776e9969aac6dd3d0303255937d1719d8d1532feb20382761598c12a33f2501217437fbae1b4f7426f1620dcfebb4b71922e326d7945a |
C:\Windows\{E0356565-AC7A-46b8-B37E-B4E01826C914}.exe
| MD5 | 9972b236f565d23a0129d52161547462 |
| SHA1 | 9808ba32a2c84e8f6734afa641236c7ce11af06f |
| SHA256 | 4a56bfec3eb1a099db22b3f1e2d48f0a3bbe368768fdb63812708d7e33646512 |
| SHA512 | f2dea232b02786d161ab1ef98a68a002632f36406bb41bb2765d730be54ff07a16f069eb386d8ca50ddb5f3c486776cc558c7a65d7844f7341d66bbab783b853 |
C:\Windows\{5F6A3B75-5CCD-4a75-8079-B64854C42DB7}.exe
| MD5 | 5db3c689872e6469504b0f76a19e31ec |
| SHA1 | 6d98063c96b260568fe10aab43b65eb5351662e1 |
| SHA256 | 51d54906e7415d21e278aaad08ac053ecc4a6ee2216fa614977f9a0e2be0bf3f |
| SHA512 | 84c98954a17a5d338086af1e5eb7575efe8249d497f625dec340c585633759f1f6e5fe9c2d813d550e41bb0bd1ace58a22dcdd45eaf4e5244ed7d49fb558753d |
C:\Windows\{4FF2C761-D2E2-4581-95D1-C2ABE94D4694}.exe
| MD5 | a3f5b5235fc3b8118941866068d937a0 |
| SHA1 | afce5bac60e6a86368e39b28b9f2a5e3e458712b |
| SHA256 | 7b4de28c1827e8656f98b49c248acfcab3aea4b281de37e08a3c7054c9bc0abb |
| SHA512 | fdff73845cceeecbf882d72d33786352297347a5dd318ca4325062c19a6044320550c3dcf197002a05ad5539c0de2542a0ad60996a1c00d3dbf2225bb2e38d92 |
C:\Windows\{D006795E-7BDD-4bef-84E0-C4DF2FD7AD37}.exe
| MD5 | 18151b9edfa5d4de05afdbfc2c7e7524 |
| SHA1 | 7543c574375f583c7a04215fbfdcb20cffe6fc75 |
| SHA256 | 2dd41b6f5f92528c6033d668d382b232c82e4b6835e6c142595788f8fd5c3714 |
| SHA512 | 521dd13cd30ae08768fdf3b12f299a329030512e474b602afe3f73db532d2db7c101f8231ce2693a568a6b96ac50f1f46dbfe52b8c28455b9f0f0c12d7f11f44 |
C:\Windows\{C84A3C94-099A-4550-90D4-FEF732FE301E}.exe
| MD5 | c53cada65f0aae9ddf758daaa5613eaf |
| SHA1 | 9329dc931db3e747bbb69b752d6059f12e207e2a |
| SHA256 | 5e5f086ebe80fb0b0483517f9cddd95737bcc4c60a246db2a8f880872085b81a |
| SHA512 | 544093018bb11f4246ee241f462320bae53c2403ecc598ac63abf879e5a479aeb7d5a4c9e973670abc128fa3a57f7b5ff51f987d7a4b5fd8bdccd3e8ea7ec517 |
C:\Windows\{4ACB5DA2-CB29-4044-9E69-59ABF0FC34FD}.exe
| MD5 | a403e45f00c7ee093696e1840e57f63c |
| SHA1 | 6bc43aabaa9c5caa9a00dd6fbd11000d05c70dbb |
| SHA256 | cd8abe234389dfcb3f196b1a745065510e39c886f220ad3de941bcde527a5de8 |
| SHA512 | 3dfba8762375a6bcfaaa247ce9ab623d8121e8168d04556b46371e71d852e949a14f7a76e31ea9817881740da5a0cfee0b48674bbadb19f5eaf1ad9112b0d8c4 |
C:\Windows\{55759448-FCFD-491b-8029-1400D52CA454}.exe
| MD5 | cbfdf45502c266e02a7bd3d996d32a2e |
| SHA1 | 22db723ef20d8d55271f362036cc27782cd2314b |
| SHA256 | 4188e718c8054ce771cdee46c18697fa3fc7a55ace15a93a5abf793b84575474 |
| SHA512 | 7425d850c173802db952584ff1623526a2cdb0ac5592a7cb0c732cc2821a7e47b05579dc0e4c14b5b9a2c9dce9d02dd3a4f596de277042603cf15dd694800ce2 |
C:\Windows\{C3C3D896-65C9-4269-B2E0-68CF526001C5}.exe
| MD5 | e434399788ed1d3a9f561850554d3882 |
| SHA1 | 2ddb7b08107150f36b0479064f7d3ee3953b5cd1 |
| SHA256 | 95ad3dfabbe06a664113a2e3f5a2f9905209e9b6a3d15d42479815afcd4d4e2c |
| SHA512 | 57f0628ef1319764cbaa3f0009067dbc94cc077269852fb8288e6e658afd2e9d71d62cbd8d55aa860a734d83f2dab4981114b3cde79e4391982ce62deacc3eed |
C:\Windows\{F7093274-1777-4ac4-B969-E6BE00326EBC}.exe
| MD5 | 1cf7581d5a88697cccc4e18e87cc7bb9 |
| SHA1 | b19a93894819855e59315924480436f518fcb46a |
| SHA256 | 751d7f581e8ac21da26b76f1ef096d196c72fe2d539b6b35ff3e556e9b295932 |
| SHA512 | 307b2732ab4fa693b9a4c8c4638375930045e3c82bfb1f32787eb38bc090ec1079ece9561b4f1c9c29da19fc2b0cf80f536609a16c029ad1e9264b2e4f507ef0 |
C:\Windows\{6F092E89-042A-4a07-A8EF-BE2C0E72E0A0}.exe
| MD5 | 5ba6854e805176daad8ec33cbbbb362f |
| SHA1 | 10249623952118c5b5ed62a77398da505a01a96f |
| SHA256 | 83f81b1e659a665d2aec11335c40e6be18cc30d40349e3613b88106bddadef93 |
| SHA512 | 8792aa494af8959119ef04b6cc9644312a2abb885e763e75818e79df3d8f3e44c2050302ec5540ac5a36148757565ef6647f6f6e20d0f0e6df1abf4d7d8683f1 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-03-02 23:21
Reported
2024-03-02 23:24
Platform
win10v2004-20240226-en
Max time kernel
150s
Max time network
151s
Command Line
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{59AFDDD4-18FF-4d0d-91AE-73D597F2539C} | C:\Windows\{8E17A66C-776A-416d-83B7-A9EBD28AE784}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{188CFD5D-417E-455a-80FE-4036922037E3} | C:\Windows\{27279475-5E18-4255-BA3F-39DB88883C10}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{8CB0203D-56F6-4a66-954B-D9AD934A0DB5} | C:\Windows\{4599676F-2902-46ca-BA9C-808AECC7B0D9}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{A9B475B0-0156-4578-ADCB-91EAC79DFFF0}\stubpath = "C:\\Windows\\{A9B475B0-0156-4578-ADCB-91EAC79DFFF0}.exe" | C:\Windows\{8CB0203D-56F6-4a66-954B-D9AD934A0DB5}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{7B52BA59-1776-425f-89E6-7DB4A83B6079} | C:\Windows\{A9B475B0-0156-4578-ADCB-91EAC79DFFF0}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{8E17A66C-776A-416d-83B7-A9EBD28AE784}\stubpath = "C:\\Windows\\{8E17A66C-776A-416d-83B7-A9EBD28AE784}.exe" | C:\Windows\{7B52BA59-1776-425f-89E6-7DB4A83B6079}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{59AFDDD4-18FF-4d0d-91AE-73D597F2539C}\stubpath = "C:\\Windows\\{59AFDDD4-18FF-4d0d-91AE-73D597F2539C}.exe" | C:\Windows\{8E17A66C-776A-416d-83B7-A9EBD28AE784}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{188CFD5D-417E-455a-80FE-4036922037E3}\stubpath = "C:\\Windows\\{188CFD5D-417E-455a-80FE-4036922037E3}.exe" | C:\Windows\{27279475-5E18-4255-BA3F-39DB88883C10}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{9C34C1CC-B3E7-4b49-99AE-7C8FB001316B} | C:\Windows\{188CFD5D-417E-455a-80FE-4036922037E3}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{9C34C1CC-B3E7-4b49-99AE-7C8FB001316B}\stubpath = "C:\\Windows\\{9C34C1CC-B3E7-4b49-99AE-7C8FB001316B}.exe" | C:\Windows\{188CFD5D-417E-455a-80FE-4036922037E3}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{41079BEB-0797-4979-B8B4-1463829E8964} | C:\Users\Admin\AppData\Local\Temp\2024-03-02_07df5cc6838f279930c33904c850e1db_goldeneye.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{E233E4B6-F8F1-4162-9080-DA5239FAB902}\stubpath = "C:\\Windows\\{E233E4B6-F8F1-4162-9080-DA5239FAB902}.exe" | C:\Windows\{41079BEB-0797-4979-B8B4-1463829E8964}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{A9B475B0-0156-4578-ADCB-91EAC79DFFF0} | C:\Windows\{8CB0203D-56F6-4a66-954B-D9AD934A0DB5}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{55327C1F-113D-415c-B775-53944E266C8B} | C:\Windows\{9C34C1CC-B3E7-4b49-99AE-7C8FB001316B}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{41079BEB-0797-4979-B8B4-1463829E8964}\stubpath = "C:\\Windows\\{41079BEB-0797-4979-B8B4-1463829E8964}.exe" | C:\Users\Admin\AppData\Local\Temp\2024-03-02_07df5cc6838f279930c33904c850e1db_goldeneye.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{8E17A66C-776A-416d-83B7-A9EBD28AE784} | C:\Windows\{7B52BA59-1776-425f-89E6-7DB4A83B6079}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{27279475-5E18-4255-BA3F-39DB88883C10}\stubpath = "C:\\Windows\\{27279475-5E18-4255-BA3F-39DB88883C10}.exe" | C:\Windows\{59AFDDD4-18FF-4d0d-91AE-73D597F2539C}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{8CB0203D-56F6-4a66-954B-D9AD934A0DB5}\stubpath = "C:\\Windows\\{8CB0203D-56F6-4a66-954B-D9AD934A0DB5}.exe" | C:\Windows\{4599676F-2902-46ca-BA9C-808AECC7B0D9}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{7B52BA59-1776-425f-89E6-7DB4A83B6079}\stubpath = "C:\\Windows\\{7B52BA59-1776-425f-89E6-7DB4A83B6079}.exe" | C:\Windows\{A9B475B0-0156-4578-ADCB-91EAC79DFFF0}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{27279475-5E18-4255-BA3F-39DB88883C10} | C:\Windows\{59AFDDD4-18FF-4d0d-91AE-73D597F2539C}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{E233E4B6-F8F1-4162-9080-DA5239FAB902} | C:\Windows\{41079BEB-0797-4979-B8B4-1463829E8964}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{4599676F-2902-46ca-BA9C-808AECC7B0D9} | C:\Windows\{E233E4B6-F8F1-4162-9080-DA5239FAB902}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{4599676F-2902-46ca-BA9C-808AECC7B0D9}\stubpath = "C:\\Windows\\{4599676F-2902-46ca-BA9C-808AECC7B0D9}.exe" | C:\Windows\{E233E4B6-F8F1-4162-9080-DA5239FAB902}.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\{41079BEB-0797-4979-B8B4-1463829E8964}.exe | N/A |
| N/A | N/A | C:\Windows\{E233E4B6-F8F1-4162-9080-DA5239FAB902}.exe | N/A |
| N/A | N/A | C:\Windows\{4599676F-2902-46ca-BA9C-808AECC7B0D9}.exe | N/A |
| N/A | N/A | C:\Windows\{8CB0203D-56F6-4a66-954B-D9AD934A0DB5}.exe | N/A |
| N/A | N/A | C:\Windows\{A9B475B0-0156-4578-ADCB-91EAC79DFFF0}.exe | N/A |
| N/A | N/A | C:\Windows\{7B52BA59-1776-425f-89E6-7DB4A83B6079}.exe | N/A |
| N/A | N/A | C:\Windows\{8E17A66C-776A-416d-83B7-A9EBD28AE784}.exe | N/A |
| N/A | N/A | C:\Windows\{59AFDDD4-18FF-4d0d-91AE-73D597F2539C}.exe | N/A |
| N/A | N/A | C:\Windows\{27279475-5E18-4255-BA3F-39DB88883C10}.exe | N/A |
| N/A | N/A | C:\Windows\{188CFD5D-417E-455a-80FE-4036922037E3}.exe | N/A |
| N/A | N/A | C:\Windows\{9C34C1CC-B3E7-4b49-99AE-7C8FB001316B}.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\{8CB0203D-56F6-4a66-954B-D9AD934A0DB5}.exe | C:\Windows\{4599676F-2902-46ca-BA9C-808AECC7B0D9}.exe | N/A |
| File created | C:\Windows\{27279475-5E18-4255-BA3F-39DB88883C10}.exe | C:\Windows\{59AFDDD4-18FF-4d0d-91AE-73D597F2539C}.exe | N/A |
| File created | C:\Windows\{41079BEB-0797-4979-B8B4-1463829E8964}.exe | C:\Users\Admin\AppData\Local\Temp\2024-03-02_07df5cc6838f279930c33904c850e1db_goldeneye.exe | N/A |
| File created | C:\Windows\{E233E4B6-F8F1-4162-9080-DA5239FAB902}.exe | C:\Windows\{41079BEB-0797-4979-B8B4-1463829E8964}.exe | N/A |
| File created | C:\Windows\{4599676F-2902-46ca-BA9C-808AECC7B0D9}.exe | C:\Windows\{E233E4B6-F8F1-4162-9080-DA5239FAB902}.exe | N/A |
| File created | C:\Windows\{A9B475B0-0156-4578-ADCB-91EAC79DFFF0}.exe | C:\Windows\{8CB0203D-56F6-4a66-954B-D9AD934A0DB5}.exe | N/A |
| File created | C:\Windows\{7B52BA59-1776-425f-89E6-7DB4A83B6079}.exe | C:\Windows\{A9B475B0-0156-4578-ADCB-91EAC79DFFF0}.exe | N/A |
| File created | C:\Windows\{8E17A66C-776A-416d-83B7-A9EBD28AE784}.exe | C:\Windows\{7B52BA59-1776-425f-89E6-7DB4A83B6079}.exe | N/A |
| File created | C:\Windows\{59AFDDD4-18FF-4d0d-91AE-73D597F2539C}.exe | C:\Windows\{8E17A66C-776A-416d-83B7-A9EBD28AE784}.exe | N/A |
| File created | C:\Windows\{188CFD5D-417E-455a-80FE-4036922037E3}.exe | C:\Windows\{27279475-5E18-4255-BA3F-39DB88883C10}.exe | N/A |
| File created | C:\Windows\{9C34C1CC-B3E7-4b49-99AE-7C8FB001316B}.exe | C:\Windows\{188CFD5D-417E-455a-80FE-4036922037E3}.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-03-02_07df5cc6838f279930c33904c850e1db_goldeneye.exe
"C:\Users\Admin\AppData\Local\Temp\2024-03-02_07df5cc6838f279930c33904c850e1db_goldeneye.exe"
C:\Windows\{41079BEB-0797-4979-B8B4-1463829E8964}.exe
C:\Windows\{41079BEB-0797-4979-B8B4-1463829E8964}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
C:\Windows\{E233E4B6-F8F1-4162-9080-DA5239FAB902}.exe
C:\Windows\{E233E4B6-F8F1-4162-9080-DA5239FAB902}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{41079~1.EXE > nul
C:\Windows\{4599676F-2902-46ca-BA9C-808AECC7B0D9}.exe
C:\Windows\{4599676F-2902-46ca-BA9C-808AECC7B0D9}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{E233E~1.EXE > nul
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4472 --field-trial-handle=2280,i,1836084024518340990,18250262151825427757,262144 --variations-seed-version /prefetch:8
C:\Windows\{8CB0203D-56F6-4a66-954B-D9AD934A0DB5}.exe
C:\Windows\{8CB0203D-56F6-4a66-954B-D9AD934A0DB5}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{45996~1.EXE > nul
C:\Windows\{A9B475B0-0156-4578-ADCB-91EAC79DFFF0}.exe
C:\Windows\{A9B475B0-0156-4578-ADCB-91EAC79DFFF0}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{8CB02~1.EXE > nul
C:\Windows\{7B52BA59-1776-425f-89E6-7DB4A83B6079}.exe
C:\Windows\{7B52BA59-1776-425f-89E6-7DB4A83B6079}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{A9B47~1.EXE > nul
C:\Windows\{8E17A66C-776A-416d-83B7-A9EBD28AE784}.exe
C:\Windows\{8E17A66C-776A-416d-83B7-A9EBD28AE784}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{7B52B~1.EXE > nul
C:\Windows\{59AFDDD4-18FF-4d0d-91AE-73D597F2539C}.exe
C:\Windows\{59AFDDD4-18FF-4d0d-91AE-73D597F2539C}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{8E17A~1.EXE > nul
C:\Windows\{27279475-5E18-4255-BA3F-39DB88883C10}.exe
C:\Windows\{27279475-5E18-4255-BA3F-39DB88883C10}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{59AFD~1.EXE > nul
C:\Windows\{188CFD5D-417E-455a-80FE-4036922037E3}.exe
C:\Windows\{188CFD5D-417E-455a-80FE-4036922037E3}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{27279~1.EXE > nul
C:\Windows\{9C34C1CC-B3E7-4b49-99AE-7C8FB001316B}.exe
C:\Windows\{9C34C1CC-B3E7-4b49-99AE-7C8FB001316B}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{188CF~1.EXE > nul
C:\Windows\{55327C1F-113D-415c-B775-53944E266C8B}.exe
C:\Windows\{55327C1F-113D-415c-B775-53944E266C8B}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{9C34C~1.EXE > nul
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 71.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.228.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.110.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.200:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| GB | 142.250.187.202:443 | tcp | |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.71.91.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.204.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.173.189.20.in-addr.arpa | udp |
Files
C:\Windows\{41079BEB-0797-4979-B8B4-1463829E8964}.exe
| MD5 | 88d04b107bcd3eab68613f40a428af6e |
| SHA1 | 07bea16a9870b6f3d8752b94130ff7f496e529a2 |
| SHA256 | 459a15d91b42da890e8897d0e783b7fc19a64bb6aee19739f82eacb0f0a7cc7e |
| SHA512 | 71faf1118bb18b7ae19e1386358ebcbce8df10705c53de3600d7f3e1acff3e8b8cf1ffef441c34fb2b028e7924f6dee6d84671886fea1891686fd3858f005505 |
C:\Windows\{E233E4B6-F8F1-4162-9080-DA5239FAB902}.exe
| MD5 | 3bcf5d071e436d662733535c8f93ed4a |
| SHA1 | 274eadeb3ae84ee63d0c90c38bf19565ce3249b5 |
| SHA256 | de718c7ad1cd9df737b96dec285c41a5d2d02283d5c2d4db9ae1d1e6dc335fae |
| SHA512 | e869ba2dc6fe2a93f79ca42f8e6d575a19b8512ebfca65720becf2c6fafd8f09d2adcc5f70c01dd65ee8b01b99cf252dc7c6191fdcdd1c20d05eaddfb73d2182 |
C:\Windows\{4599676F-2902-46ca-BA9C-808AECC7B0D9}.exe
| MD5 | 4c7d8353aa8d61ff84eb2c0fab2ff149 |
| SHA1 | 9d8e735da283193eb01b08eb7b8365f013da48ab |
| SHA256 | 2835115d6f4fc52845ff17225223ac5e4c5075b85e78c98dec593b28ca05feaa |
| SHA512 | 0cf99664468e7fd18d7d858b7d6a16c908377911a5d2029121215628339f674bfd7ba31b85f7ad55511a04f99057460f15ea9643f73ce488de9da68ef49cb92e |
C:\Windows\{8CB0203D-56F6-4a66-954B-D9AD934A0DB5}.exe
| MD5 | 97f79c95fe30860ca9d17bb71ed413c9 |
| SHA1 | da25338feb702ad9d3dee1a720fe8f3af55ee812 |
| SHA256 | 9d4d65b0f9d820e74031a514b2c3b9f2e7c93c74d1f62470eae06c2b455f0237 |
| SHA512 | aa953d28d626a3dcae07b57178507dce4077eb42f0e7fdbf09e25c745c75e01b680e2eda14cddcc71f31fa69a293f373bf09bbd2bd6a1d3f8a497c0c1341c4cb |
C:\Windows\{A9B475B0-0156-4578-ADCB-91EAC79DFFF0}.exe
| MD5 | 9a86691eceab19743ba7daac40099ddd |
| SHA1 | f8319320e6644c490871a176d16bcc86eb599f72 |
| SHA256 | b91ed8fc47fd914ebd22c1b39a61a18f2c56769a7fbba299f432a4856bb67346 |
| SHA512 | b4d0d08e7a042ce0df084508e84a4e1529109b7cbdb040c9ad7d2c87a26c5686462d509af28de57b7aebb8d5cc696649d2f0bb33db31200b9f4a0b4050198c7b |
C:\Windows\{7B52BA59-1776-425f-89E6-7DB4A83B6079}.exe
| MD5 | 0f6e1d9e5c5f76acce46c1f187d87f74 |
| SHA1 | 969c2cc845e19700104172035b0cfc52a7de6e2d |
| SHA256 | e385df1415ec7e531b1551e24fec5f74a2b32810ce7ca17b48bfa8935cb35338 |
| SHA512 | 89a54b2b9a612fc0db58c2eb51d275814741c9148e2e286a614af7cd5d345ace2d993fcf02cd89c6c0bb5693074d77152c968edd1c998cc7bf8b1aece7dbe6ba |
C:\Windows\{8E17A66C-776A-416d-83B7-A9EBD28AE784}.exe
| MD5 | c3835bb14faad522fe804fe3aa286a30 |
| SHA1 | 44b240695643419d2929ffb8c6393bbec3dfb759 |
| SHA256 | 82bfc0025d2c168b404912fbd2cf1cac3d7ece6a8322a378f11051916eef17f1 |
| SHA512 | 8425341a3916309c6275e93580922bc05016320016855a194c346fcea6c449d4e005f5a80bcb7625537f5d575ea9300b2bc9fa031fa0329bf88a4ba427ca2af3 |
C:\Windows\{59AFDDD4-18FF-4d0d-91AE-73D597F2539C}.exe
| MD5 | d50272bbdabf94c656c963302f32597b |
| SHA1 | b728abe3c9b15fc28ee4241f816c1d27b22a03fe |
| SHA256 | 09779308126d9add168f09852e50350d942c884cd0a4dd4641a107e3a564b22a |
| SHA512 | 30c5fe480317ceac07f5a39de022850a41e574b4be9d436e08a5e9cf4fa46d4331c3cef435860f1f7d7a166911ace7eb2a05aa5348bd8e077a53d0323a1c53fe |
C:\Windows\{27279475-5E18-4255-BA3F-39DB88883C10}.exe
| MD5 | 06d7e288e2e225274a6ee9dec1697e4c |
| SHA1 | e016fde46fc695f6e48c0e65cbf59651950aad96 |
| SHA256 | 8500afb1e76a1ea7f1b9de82ccaef5112a6c56f81f73979d516c84ef9625efe4 |
| SHA512 | d8029ed11d3139269de76e9324122b9c2c6f43e94759c5cbd6ac123f5f560d5e2f8d1bab0d04382f9fc7323a44c68cde9a24742b7a585f918202b181ac09c7f3 |
C:\Windows\{188CFD5D-417E-455a-80FE-4036922037E3}.exe
| MD5 | 73696f50ba20f50033bd42c69de24135 |
| SHA1 | 2e357efd09d5d403f401fcffcf8e347d14f9df6a |
| SHA256 | 1e07fe01c0b2c1f5e04a133ecde1f41ed0ef09ddcc17c8a338a431ca12c1c3ec |
| SHA512 | 8f7f2310cd3a6e2f31c64b16e85dd5ae296163d273768a1eeedabb2c84bd7fcb6e5fc726477f1b136a36649d4c8b773b036c397c9752c0ae704c3085c423007f |
C:\Windows\{9C34C1CC-B3E7-4b49-99AE-7C8FB001316B}.exe
| MD5 | b27a9e4d1be9a28d4c3e2dbd9125b28e |
| SHA1 | d629e1f9faf3b11200d327b945a825429716ce5c |
| SHA256 | 4d9dacd4345cc77aa2db7cfeda3fe243a4bec0b02f5077a6e848407ec021666f |
| SHA512 | da0984d0160f29dfb26e8e80b19df029ef620e580df99cbfa3b5fb5b7c55bf2f070f069067bde2a5f294acb33c43724534e2c41317d7835aa8b2a5c00cd85b15 |
C:\Windows\{55327C1F-113D-415c-B775-53944E266C8B}.exe
| MD5 | ad16bd8b7f8f1a1e6c12118c8581ee92 |
| SHA1 | 7febe6500a84f840fd11320c549f3d10f20d125e |
| SHA256 | 43bc36a9bc431b87ad5dd2beb73bd8bda833c29297bce02d48c1391e1f40207c |
| SHA512 | 05b63192e0476225f1f2ff8e0ca1ea696023b21bbb7badd8d41dd6243981bf076a257b5834c85c2e1652b40db09815d37a654bbe8aa3b231fd3ae398102f005f |