Analysis Overview
SHA256
73a7aea95d6e7f8a274bfed7b82ef7bd0c2faa8a042c8f59cdf44f7b73491df5
Threat Level: Known bad
The file 2024-03-02_1f57b3b2e0426da9841dcf20c031e1cd_goldeneye was found to be: Known bad.
Malicious Activity Summary
Auto-generated rule
Auto-generated rule
Modifies Installed Components in the registry
Executes dropped EXE
Deletes itself
Drops file in Windows directory
Unsigned PE
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-03-02 23:23
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-03-02 23:23
Reported
2024-03-02 23:26
Platform
win7-20240221-en
Max time kernel
149s
Max time network
124s
Command Line
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{89494701-917B-4d69-8BED-1BB7753C5AF0} | C:\Windows\{33ECD5B9-E5B1-466f-9941-09DE1C5F220D}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{EC1B66EA-A08D-469a-8F58-3EFA8123E4A1} | C:\Windows\{89494701-917B-4d69-8BED-1BB7753C5AF0}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{F457DAC7-26F7-4c0c-A1CA-7B2D1C9169E9} | C:\Users\Admin\AppData\Local\Temp\2024-03-02_1f57b3b2e0426da9841dcf20c031e1cd_goldeneye.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{4160388C-A54B-48e5-AFD9-EA793FA0A672} | C:\Windows\{444EF7BA-BE70-4446-85C4-5A830E9ABDDD}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{33ECD5B9-E5B1-466f-9941-09DE1C5F220D}\stubpath = "C:\\Windows\\{33ECD5B9-E5B1-466f-9941-09DE1C5F220D}.exe" | C:\Windows\{1BA58297-FFD3-44db-A01C-C17A5F501696}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{33ECD5B9-E5B1-466f-9941-09DE1C5F220D} | C:\Windows\{1BA58297-FFD3-44db-A01C-C17A5F501696}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{89494701-917B-4d69-8BED-1BB7753C5AF0}\stubpath = "C:\\Windows\\{89494701-917B-4d69-8BED-1BB7753C5AF0}.exe" | C:\Windows\{33ECD5B9-E5B1-466f-9941-09DE1C5F220D}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{EC1B66EA-A08D-469a-8F58-3EFA8123E4A1}\stubpath = "C:\\Windows\\{EC1B66EA-A08D-469a-8F58-3EFA8123E4A1}.exe" | C:\Windows\{89494701-917B-4d69-8BED-1BB7753C5AF0}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{A65D97F5-C01B-46e6-963A-B83CF1CEDD59} | C:\Windows\{DA80D9EC-FEC2-4e2e-ADEE-A555836E78C2}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{C6ADCE41-3B0D-4494-B7B6-F2B7920A2C86} | C:\Windows\{A65D97F5-C01B-46e6-963A-B83CF1CEDD59}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{F457DAC7-26F7-4c0c-A1CA-7B2D1C9169E9}\stubpath = "C:\\Windows\\{F457DAC7-26F7-4c0c-A1CA-7B2D1C9169E9}.exe" | C:\Users\Admin\AppData\Local\Temp\2024-03-02_1f57b3b2e0426da9841dcf20c031e1cd_goldeneye.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{4160388C-A54B-48e5-AFD9-EA793FA0A672}\stubpath = "C:\\Windows\\{4160388C-A54B-48e5-AFD9-EA793FA0A672}.exe" | C:\Windows\{444EF7BA-BE70-4446-85C4-5A830E9ABDDD}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{BC102FD7-B054-4e21-BE16-B24A9E98ECB6}\stubpath = "C:\\Windows\\{BC102FD7-B054-4e21-BE16-B24A9E98ECB6}.exe" | C:\Windows\{4160388C-A54B-48e5-AFD9-EA793FA0A672}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{9B6FA4E9-8460-4cbe-850F-098448677A80} | C:\Windows\{C6ADCE41-3B0D-4494-B7B6-F2B7920A2C86}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{9B6FA4E9-8460-4cbe-850F-098448677A80}\stubpath = "C:\\Windows\\{9B6FA4E9-8460-4cbe-850F-098448677A80}.exe" | C:\Windows\{C6ADCE41-3B0D-4494-B7B6-F2B7920A2C86}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{1BA58297-FFD3-44db-A01C-C17A5F501696} | C:\Windows\{BC102FD7-B054-4e21-BE16-B24A9E98ECB6}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{1BA58297-FFD3-44db-A01C-C17A5F501696}\stubpath = "C:\\Windows\\{1BA58297-FFD3-44db-A01C-C17A5F501696}.exe" | C:\Windows\{BC102FD7-B054-4e21-BE16-B24A9E98ECB6}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{A65D97F5-C01B-46e6-963A-B83CF1CEDD59}\stubpath = "C:\\Windows\\{A65D97F5-C01B-46e6-963A-B83CF1CEDD59}.exe" | C:\Windows\{DA80D9EC-FEC2-4e2e-ADEE-A555836E78C2}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{444EF7BA-BE70-4446-85C4-5A830E9ABDDD} | C:\Windows\{F457DAC7-26F7-4c0c-A1CA-7B2D1C9169E9}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{444EF7BA-BE70-4446-85C4-5A830E9ABDDD}\stubpath = "C:\\Windows\\{444EF7BA-BE70-4446-85C4-5A830E9ABDDD}.exe" | C:\Windows\{F457DAC7-26F7-4c0c-A1CA-7B2D1C9169E9}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{BC102FD7-B054-4e21-BE16-B24A9E98ECB6} | C:\Windows\{4160388C-A54B-48e5-AFD9-EA793FA0A672}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{DA80D9EC-FEC2-4e2e-ADEE-A555836E78C2} | C:\Windows\{EC1B66EA-A08D-469a-8F58-3EFA8123E4A1}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{DA80D9EC-FEC2-4e2e-ADEE-A555836E78C2}\stubpath = "C:\\Windows\\{DA80D9EC-FEC2-4e2e-ADEE-A555836E78C2}.exe" | C:\Windows\{EC1B66EA-A08D-469a-8F58-3EFA8123E4A1}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{C6ADCE41-3B0D-4494-B7B6-F2B7920A2C86}\stubpath = "C:\\Windows\\{C6ADCE41-3B0D-4494-B7B6-F2B7920A2C86}.exe" | C:\Windows\{A65D97F5-C01B-46e6-963A-B83CF1CEDD59}.exe | N/A |
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\cmd.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\{F457DAC7-26F7-4c0c-A1CA-7B2D1C9169E9}.exe | N/A |
| N/A | N/A | C:\Windows\{444EF7BA-BE70-4446-85C4-5A830E9ABDDD}.exe | N/A |
| N/A | N/A | C:\Windows\{4160388C-A54B-48e5-AFD9-EA793FA0A672}.exe | N/A |
| N/A | N/A | C:\Windows\{BC102FD7-B054-4e21-BE16-B24A9E98ECB6}.exe | N/A |
| N/A | N/A | C:\Windows\{1BA58297-FFD3-44db-A01C-C17A5F501696}.exe | N/A |
| N/A | N/A | C:\Windows\{33ECD5B9-E5B1-466f-9941-09DE1C5F220D}.exe | N/A |
| N/A | N/A | C:\Windows\{89494701-917B-4d69-8BED-1BB7753C5AF0}.exe | N/A |
| N/A | N/A | C:\Windows\{EC1B66EA-A08D-469a-8F58-3EFA8123E4A1}.exe | N/A |
| N/A | N/A | C:\Windows\{DA80D9EC-FEC2-4e2e-ADEE-A555836E78C2}.exe | N/A |
| N/A | N/A | C:\Windows\{A65D97F5-C01B-46e6-963A-B83CF1CEDD59}.exe | N/A |
| N/A | N/A | C:\Windows\{C6ADCE41-3B0D-4494-B7B6-F2B7920A2C86}.exe | N/A |
| N/A | N/A | C:\Windows\{9B6FA4E9-8460-4cbe-850F-098448677A80}.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\{444EF7BA-BE70-4446-85C4-5A830E9ABDDD}.exe | C:\Windows\{F457DAC7-26F7-4c0c-A1CA-7B2D1C9169E9}.exe | N/A |
| File created | C:\Windows\{BC102FD7-B054-4e21-BE16-B24A9E98ECB6}.exe | C:\Windows\{4160388C-A54B-48e5-AFD9-EA793FA0A672}.exe | N/A |
| File created | C:\Windows\{A65D97F5-C01B-46e6-963A-B83CF1CEDD59}.exe | C:\Windows\{DA80D9EC-FEC2-4e2e-ADEE-A555836E78C2}.exe | N/A |
| File created | C:\Windows\{33ECD5B9-E5B1-466f-9941-09DE1C5F220D}.exe | C:\Windows\{1BA58297-FFD3-44db-A01C-C17A5F501696}.exe | N/A |
| File created | C:\Windows\{89494701-917B-4d69-8BED-1BB7753C5AF0}.exe | C:\Windows\{33ECD5B9-E5B1-466f-9941-09DE1C5F220D}.exe | N/A |
| File created | C:\Windows\{EC1B66EA-A08D-469a-8F58-3EFA8123E4A1}.exe | C:\Windows\{89494701-917B-4d69-8BED-1BB7753C5AF0}.exe | N/A |
| File created | C:\Windows\{DA80D9EC-FEC2-4e2e-ADEE-A555836E78C2}.exe | C:\Windows\{EC1B66EA-A08D-469a-8F58-3EFA8123E4A1}.exe | N/A |
| File created | C:\Windows\{C6ADCE41-3B0D-4494-B7B6-F2B7920A2C86}.exe | C:\Windows\{A65D97F5-C01B-46e6-963A-B83CF1CEDD59}.exe | N/A |
| File created | C:\Windows\{F457DAC7-26F7-4c0c-A1CA-7B2D1C9169E9}.exe | C:\Users\Admin\AppData\Local\Temp\2024-03-02_1f57b3b2e0426da9841dcf20c031e1cd_goldeneye.exe | N/A |
| File created | C:\Windows\{4160388C-A54B-48e5-AFD9-EA793FA0A672}.exe | C:\Windows\{444EF7BA-BE70-4446-85C4-5A830E9ABDDD}.exe | N/A |
| File created | C:\Windows\{1BA58297-FFD3-44db-A01C-C17A5F501696}.exe | C:\Windows\{BC102FD7-B054-4e21-BE16-B24A9E98ECB6}.exe | N/A |
| File created | C:\Windows\{9B6FA4E9-8460-4cbe-850F-098448677A80}.exe | C:\Windows\{C6ADCE41-3B0D-4494-B7B6-F2B7920A2C86}.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-03-02_1f57b3b2e0426da9841dcf20c031e1cd_goldeneye.exe
"C:\Users\Admin\AppData\Local\Temp\2024-03-02_1f57b3b2e0426da9841dcf20c031e1cd_goldeneye.exe"
C:\Windows\{F457DAC7-26F7-4c0c-A1CA-7B2D1C9169E9}.exe
C:\Windows\{F457DAC7-26F7-4c0c-A1CA-7B2D1C9169E9}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
C:\Windows\{444EF7BA-BE70-4446-85C4-5A830E9ABDDD}.exe
C:\Windows\{444EF7BA-BE70-4446-85C4-5A830E9ABDDD}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{F457D~1.EXE > nul
C:\Windows\{4160388C-A54B-48e5-AFD9-EA793FA0A672}.exe
C:\Windows\{4160388C-A54B-48e5-AFD9-EA793FA0A672}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{444EF~1.EXE > nul
C:\Windows\{BC102FD7-B054-4e21-BE16-B24A9E98ECB6}.exe
C:\Windows\{BC102FD7-B054-4e21-BE16-B24A9E98ECB6}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{41603~1.EXE > nul
C:\Windows\{1BA58297-FFD3-44db-A01C-C17A5F501696}.exe
C:\Windows\{1BA58297-FFD3-44db-A01C-C17A5F501696}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{BC102~1.EXE > nul
C:\Windows\{33ECD5B9-E5B1-466f-9941-09DE1C5F220D}.exe
C:\Windows\{33ECD5B9-E5B1-466f-9941-09DE1C5F220D}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{1BA58~1.EXE > nul
C:\Windows\{89494701-917B-4d69-8BED-1BB7753C5AF0}.exe
C:\Windows\{89494701-917B-4d69-8BED-1BB7753C5AF0}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{33ECD~1.EXE > nul
C:\Windows\{EC1B66EA-A08D-469a-8F58-3EFA8123E4A1}.exe
C:\Windows\{EC1B66EA-A08D-469a-8F58-3EFA8123E4A1}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{89494~1.EXE > nul
C:\Windows\{DA80D9EC-FEC2-4e2e-ADEE-A555836E78C2}.exe
C:\Windows\{DA80D9EC-FEC2-4e2e-ADEE-A555836E78C2}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{EC1B6~1.EXE > nul
C:\Windows\{A65D97F5-C01B-46e6-963A-B83CF1CEDD59}.exe
C:\Windows\{A65D97F5-C01B-46e6-963A-B83CF1CEDD59}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{DA80D~1.EXE > nul
C:\Windows\{C6ADCE41-3B0D-4494-B7B6-F2B7920A2C86}.exe
C:\Windows\{C6ADCE41-3B0D-4494-B7B6-F2B7920A2C86}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{A65D9~1.EXE > nul
C:\Windows\{9B6FA4E9-8460-4cbe-850F-098448677A80}.exe
C:\Windows\{9B6FA4E9-8460-4cbe-850F-098448677A80}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{C6ADC~1.EXE > nul
Network
Files
C:\Windows\{F457DAC7-26F7-4c0c-A1CA-7B2D1C9169E9}.exe
| MD5 | 19dd66d6e03731e853c3f913fad3c9dc |
| SHA1 | aa609fb963cbd978869d3ce807347fd1cb0be3b0 |
| SHA256 | c69c08cdc5d4386a2e2ab8ef11611a037365b2326ef132eda3e7c1d855adb910 |
| SHA512 | 9bd46b04b8f0df0c4270ea1e783a057dcc388ab850d5688fc5430039b82c63670fe67ce508c79e14ab32560820c294d32fdc2c36007c5b75a4cad1c12daf7110 |
C:\Windows\{444EF7BA-BE70-4446-85C4-5A830E9ABDDD}.exe
| MD5 | 2341cdd9bc2e637c5115066e12ccff20 |
| SHA1 | b5810615d4c594ca570d478205d44d9e91148678 |
| SHA256 | 807151ad9b9ea2c66d773a7228e4e46f2b55204b135f44df6ce0d1cd4a6d1655 |
| SHA512 | df80a65bbdece33de8d313c49eba293bb6e3b3aa5d31e8a430260e4e0a730c37f8381e8ef932e2f90b0249d295974dbbad73211fe36e1e6948903f0dd2cfcd1b |
C:\Windows\{4160388C-A54B-48e5-AFD9-EA793FA0A672}.exe
| MD5 | e0b202ca06201b76882c9db30c08bdc8 |
| SHA1 | 30adcb217d05127aaa4652a6ffee4715e3022878 |
| SHA256 | 20ab1c1862250e33e425101a689d68290d93c9550826a36ee463d507f4174161 |
| SHA512 | 667765d06ba99c74b341504d75c2a2708de2e2d4b509f3bb4ebad7e48f53ce59bf84e6d2d148d902fe0c496e6000ce4265260c3756a47a0be36b7a9df3187027 |
C:\Windows\{BC102FD7-B054-4e21-BE16-B24A9E98ECB6}.exe
| MD5 | e05cd6bdd459afa849c9756e3ade185f |
| SHA1 | 08e0e380bf10083a192406ed37e1d0fdf694cef2 |
| SHA256 | f8362220290937a7b8812a72e6f0e7e137612b22b9ae881e8359309e4538380b |
| SHA512 | 8dc0fccf9ff2a6f2646a5cbdbfcc91e8e2c99b18f89245b6c9a02e21f4899dfdb7ccc434b09cd439ff1223a691fb87105c86e675d57879ce9daef2b4c46b992f |
C:\Windows\{1BA58297-FFD3-44db-A01C-C17A5F501696}.exe
| MD5 | 6fe04b71d10145c6009b2c3c85286b2a |
| SHA1 | 0068efbc843801259e4c936340960657aa60d8dc |
| SHA256 | f28bac4c095c1bdcd778d6cfcc53187624fd5ed67088e5f6b4231bc9e4c16a65 |
| SHA512 | ad2e19b639973b55b05a70b5e3b00d85cbbc501325d320ffa45b24bff51f62d573c1183ec7e7c5e886637948bdb15ef8fb5a8d65ade2c207358fca1f102e48a9 |
C:\Windows\{33ECD5B9-E5B1-466f-9941-09DE1C5F220D}.exe
| MD5 | 3da95a11d54d8085456a3968ca46e144 |
| SHA1 | bd2b53da278aa6ae87e41ee1facb7d127ea1824a |
| SHA256 | bc1325d5485ee19ca10cfc00256c8e32f6d03951b99ee801c3b2b69245cc051c |
| SHA512 | f07e470747c786d6cf492b73c79c88246149d956e6ef437dec681c326806e7ed7d9a07a8b279a00750d7045965da184e9119b19aff69bbfa4b9bbc8aa469a761 |
C:\Windows\{89494701-917B-4d69-8BED-1BB7753C5AF0}.exe
| MD5 | ed12772c6d0118d7d50b1bdf2945282a |
| SHA1 | 195d7dbd4f120352f6a5aef223dc8cbb633a0ac7 |
| SHA256 | 78ddd048682a6b9fdd72119575b7d3ba2f2443861f7dd610bb2ef71f374c8f4a |
| SHA512 | b7d4d10b050c4f5d5cde79950d5d857ba0c44ce9ec17701361d5525683757b5466e9750e3b0adae0d66e8cb0e12ae464bc08a397719cd88c399d113a6dd5801e |
C:\Windows\{EC1B66EA-A08D-469a-8F58-3EFA8123E4A1}.exe
| MD5 | 177e436badb9c1cad8bd2b2969a1b814 |
| SHA1 | d418bd3d46896b6b73b1666b28640c6454511a69 |
| SHA256 | 666abdf44b0fa1a81922d82d2fb61a9d57b1e1a9f1be8eab3838799abfe7b5f0 |
| SHA512 | 14c05e57f58a5553a856bb84b17f6b5d83ee6ad463c884455bedcd3bd4481da7e861a7d61a519491d2b5e351f51e14c03cd1c6a66206ee95f1aec83a50691847 |
C:\Windows\{DA80D9EC-FEC2-4e2e-ADEE-A555836E78C2}.exe
| MD5 | 4029006a148c5110ee41e6c750753dce |
| SHA1 | 7852be8e1e2b611de2e3b396d71dd12f3346cc30 |
| SHA256 | 2e8d6f8ad94e213213a79ddccf14ae19c0fe754ded2e25da2572c71176458b26 |
| SHA512 | 309cc28350bc00e588f57f6284f14d6f7f5c8045f29b733f41cb0bd9e1c9c6437c58dcd11b766bbb2f210203120affdc971a1b2b70827fc874bc5b415bb49d39 |
C:\Windows\{A65D97F5-C01B-46e6-963A-B83CF1CEDD59}.exe
| MD5 | 49d618031aa706f84e5f3844ee78a692 |
| SHA1 | 0f468c6741f934f31364e07743212c1ebc5a0570 |
| SHA256 | 780344dcb308065ac7ab4b8778792e9e37d5e5c32b3012960cbb116f13b5d6d4 |
| SHA512 | 7def4b301e955e95dbf0879d4ecda59f32b47f5878f1ff6db1b14047c04c3cf1a638f0f36b2a1da77272cd24d5a5958597373deee90da0a2fc552992ec2a89af |
C:\Windows\{C6ADCE41-3B0D-4494-B7B6-F2B7920A2C86}.exe
| MD5 | 613f2ad97542a487a26f360089250e84 |
| SHA1 | fc009aa0e33b8338e62f57edf6f9760925a93651 |
| SHA256 | 5df7133ca0186d6b350b44c9014d8b8c3d50bd4c489049170f8010134d7e9bd4 |
| SHA512 | 2f5baef724c7cec113cd4692eaa7014d1f1f74f57222ab3ff722020e8ce3032097583053bce8c825831039d7298ef594c3a1406e4a013dcb21df9aeade3244a9 |
C:\Windows\{9B6FA4E9-8460-4cbe-850F-098448677A80}.exe
| MD5 | fb4538c26575f82251a6b1f3caed779b |
| SHA1 | 884b180ed9e29a53749ce3bb86668fe1e2a9d0c1 |
| SHA256 | 3da6c6fe57ccf4b60787a0d5280426cce802dabdbe5a05436e690202c66db02f |
| SHA512 | 2b01d8425155191e2361df215e44ee6945ba65530bac73ee8d9a6479c773c31dc0e4701508e8d6f62563fa0ea686f01368e75fa217b2bfa853a7320b470be3da |
Analysis: behavioral2
Detonation Overview
Submitted
2024-03-02 23:23
Reported
2024-03-02 23:26
Platform
win10v2004-20240226-en
Max time kernel
149s
Max time network
153s
Command Line
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{60FDD9A4-2E61-4951-83D4-A6221473DE44}\stubpath = "C:\\Windows\\{60FDD9A4-2E61-4951-83D4-A6221473DE44}.exe" | C:\Windows\{F01C586B-E700-4f29-AEB0-7B16E6D33D4E}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{C83C4698-91C2-4a39-8475-D5889B245D6D} | C:\Windows\{60FDD9A4-2E61-4951-83D4-A6221473DE44}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{C83C4698-91C2-4a39-8475-D5889B245D6D}\stubpath = "C:\\Windows\\{C83C4698-91C2-4a39-8475-D5889B245D6D}.exe" | C:\Windows\{60FDD9A4-2E61-4951-83D4-A6221473DE44}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{60B53402-B2A7-443c-94D9-9A9EF433B625} | C:\Windows\{C83C4698-91C2-4a39-8475-D5889B245D6D}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{C546A100-6D1E-4539-95B4-7D9630D41E13} | C:\Windows\{60B53402-B2A7-443c-94D9-9A9EF433B625}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{C546A100-6D1E-4539-95B4-7D9630D41E13}\stubpath = "C:\\Windows\\{C546A100-6D1E-4539-95B4-7D9630D41E13}.exe" | C:\Windows\{60B53402-B2A7-443c-94D9-9A9EF433B625}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{A705C457-6AF5-4a2a-96E1-EE7046BE98B1}\stubpath = "C:\\Windows\\{A705C457-6AF5-4a2a-96E1-EE7046BE98B1}.exe" | C:\Windows\{06E7869C-4BBC-43fe-841E-5C8ED95B37AB}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{922BDA4D-9FD6-4214-B69A-43A6DFBB86A0}\stubpath = "C:\\Windows\\{922BDA4D-9FD6-4214-B69A-43A6DFBB86A0}.exe" | C:\Windows\{A705C457-6AF5-4a2a-96E1-EE7046BE98B1}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{0948C779-DDDD-4b8b-A74D-73DCF1171F57}\stubpath = "C:\\Windows\\{0948C779-DDDD-4b8b-A74D-73DCF1171F57}.exe" | C:\Windows\{922BDA4D-9FD6-4214-B69A-43A6DFBB86A0}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{F22468F8-2413-45e5-BBEF-083E79560F7C} | C:\Users\Admin\AppData\Local\Temp\2024-03-02_1f57b3b2e0426da9841dcf20c031e1cd_goldeneye.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{F01C586B-E700-4f29-AEB0-7B16E6D33D4E}\stubpath = "C:\\Windows\\{F01C586B-E700-4f29-AEB0-7B16E6D33D4E}.exe" | C:\Windows\{02C13666-E42E-4851-9D5C-A2B21AD239BF}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{60FDD9A4-2E61-4951-83D4-A6221473DE44} | C:\Windows\{F01C586B-E700-4f29-AEB0-7B16E6D33D4E}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{60B53402-B2A7-443c-94D9-9A9EF433B625}\stubpath = "C:\\Windows\\{60B53402-B2A7-443c-94D9-9A9EF433B625}.exe" | C:\Windows\{C83C4698-91C2-4a39-8475-D5889B245D6D}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{844AF8B5-67E9-4b60-B862-D0132AB79617}\stubpath = "C:\\Windows\\{844AF8B5-67E9-4b60-B862-D0132AB79617}.exe" | C:\Windows\{C546A100-6D1E-4539-95B4-7D9630D41E13}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{06E7869C-4BBC-43fe-841E-5C8ED95B37AB} | C:\Windows\{844AF8B5-67E9-4b60-B862-D0132AB79617}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{922BDA4D-9FD6-4214-B69A-43A6DFBB86A0} | C:\Windows\{A705C457-6AF5-4a2a-96E1-EE7046BE98B1}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{0948C779-DDDD-4b8b-A74D-73DCF1171F57} | C:\Windows\{922BDA4D-9FD6-4214-B69A-43A6DFBB86A0}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{F22468F8-2413-45e5-BBEF-083E79560F7C}\stubpath = "C:\\Windows\\{F22468F8-2413-45e5-BBEF-083E79560F7C}.exe" | C:\Users\Admin\AppData\Local\Temp\2024-03-02_1f57b3b2e0426da9841dcf20c031e1cd_goldeneye.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{02C13666-E42E-4851-9D5C-A2B21AD239BF} | C:\Windows\{F22468F8-2413-45e5-BBEF-083E79560F7C}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{F01C586B-E700-4f29-AEB0-7B16E6D33D4E} | C:\Windows\{02C13666-E42E-4851-9D5C-A2B21AD239BF}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{844AF8B5-67E9-4b60-B862-D0132AB79617} | C:\Windows\{C546A100-6D1E-4539-95B4-7D9630D41E13}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{02C13666-E42E-4851-9D5C-A2B21AD239BF}\stubpath = "C:\\Windows\\{02C13666-E42E-4851-9D5C-A2B21AD239BF}.exe" | C:\Windows\{F22468F8-2413-45e5-BBEF-083E79560F7C}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{06E7869C-4BBC-43fe-841E-5C8ED95B37AB}\stubpath = "C:\\Windows\\{06E7869C-4BBC-43fe-841E-5C8ED95B37AB}.exe" | C:\Windows\{844AF8B5-67E9-4b60-B862-D0132AB79617}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{A705C457-6AF5-4a2a-96E1-EE7046BE98B1} | C:\Windows\{06E7869C-4BBC-43fe-841E-5C8ED95B37AB}.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\{F22468F8-2413-45e5-BBEF-083E79560F7C}.exe | N/A |
| N/A | N/A | C:\Windows\{02C13666-E42E-4851-9D5C-A2B21AD239BF}.exe | N/A |
| N/A | N/A | C:\Windows\{F01C586B-E700-4f29-AEB0-7B16E6D33D4E}.exe | N/A |
| N/A | N/A | C:\Windows\{60FDD9A4-2E61-4951-83D4-A6221473DE44}.exe | N/A |
| N/A | N/A | C:\Windows\{C83C4698-91C2-4a39-8475-D5889B245D6D}.exe | N/A |
| N/A | N/A | C:\Windows\{60B53402-B2A7-443c-94D9-9A9EF433B625}.exe | N/A |
| N/A | N/A | C:\Windows\{C546A100-6D1E-4539-95B4-7D9630D41E13}.exe | N/A |
| N/A | N/A | C:\Windows\{06E7869C-4BBC-43fe-841E-5C8ED95B37AB}.exe | N/A |
| N/A | N/A | C:\Windows\{A705C457-6AF5-4a2a-96E1-EE7046BE98B1}.exe | N/A |
| N/A | N/A | C:\Windows\{922BDA4D-9FD6-4214-B69A-43A6DFBB86A0}.exe | N/A |
| N/A | N/A | C:\Windows\{0948C779-DDDD-4b8b-A74D-73DCF1171F57}.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\{60FDD9A4-2E61-4951-83D4-A6221473DE44}.exe | C:\Windows\{F01C586B-E700-4f29-AEB0-7B16E6D33D4E}.exe | N/A |
| File created | C:\Windows\{C83C4698-91C2-4a39-8475-D5889B245D6D}.exe | C:\Windows\{60FDD9A4-2E61-4951-83D4-A6221473DE44}.exe | N/A |
| File created | C:\Windows\{60B53402-B2A7-443c-94D9-9A9EF433B625}.exe | C:\Windows\{C83C4698-91C2-4a39-8475-D5889B245D6D}.exe | N/A |
| File created | C:\Windows\{06E7869C-4BBC-43fe-841E-5C8ED95B37AB}.exe | C:\Windows\{844AF8B5-67E9-4b60-B862-D0132AB79617}.exe | N/A |
| File created | C:\Windows\{A705C457-6AF5-4a2a-96E1-EE7046BE98B1}.exe | C:\Windows\{06E7869C-4BBC-43fe-841E-5C8ED95B37AB}.exe | N/A |
| File created | C:\Windows\{0948C779-DDDD-4b8b-A74D-73DCF1171F57}.exe | C:\Windows\{922BDA4D-9FD6-4214-B69A-43A6DFBB86A0}.exe | N/A |
| File created | C:\Windows\{F22468F8-2413-45e5-BBEF-083E79560F7C}.exe | C:\Users\Admin\AppData\Local\Temp\2024-03-02_1f57b3b2e0426da9841dcf20c031e1cd_goldeneye.exe | N/A |
| File created | C:\Windows\{02C13666-E42E-4851-9D5C-A2B21AD239BF}.exe | C:\Windows\{F22468F8-2413-45e5-BBEF-083E79560F7C}.exe | N/A |
| File created | C:\Windows\{922BDA4D-9FD6-4214-B69A-43A6DFBB86A0}.exe | C:\Windows\{A705C457-6AF5-4a2a-96E1-EE7046BE98B1}.exe | N/A |
| File created | C:\Windows\{F01C586B-E700-4f29-AEB0-7B16E6D33D4E}.exe | C:\Windows\{02C13666-E42E-4851-9D5C-A2B21AD239BF}.exe | N/A |
| File created | C:\Windows\{C546A100-6D1E-4539-95B4-7D9630D41E13}.exe | C:\Windows\{60B53402-B2A7-443c-94D9-9A9EF433B625}.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-03-02_1f57b3b2e0426da9841dcf20c031e1cd_goldeneye.exe
"C:\Users\Admin\AppData\Local\Temp\2024-03-02_1f57b3b2e0426da9841dcf20c031e1cd_goldeneye.exe"
C:\Windows\{F22468F8-2413-45e5-BBEF-083E79560F7C}.exe
C:\Windows\{F22468F8-2413-45e5-BBEF-083E79560F7C}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
C:\Windows\{02C13666-E42E-4851-9D5C-A2B21AD239BF}.exe
C:\Windows\{02C13666-E42E-4851-9D5C-A2B21AD239BF}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{F2246~1.EXE > nul
C:\Windows\{F01C586B-E700-4f29-AEB0-7B16E6D33D4E}.exe
C:\Windows\{F01C586B-E700-4f29-AEB0-7B16E6D33D4E}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{02C13~1.EXE > nul
C:\Windows\{60FDD9A4-2E61-4951-83D4-A6221473DE44}.exe
C:\Windows\{60FDD9A4-2E61-4951-83D4-A6221473DE44}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{F01C5~1.EXE > nul
C:\Windows\{C83C4698-91C2-4a39-8475-D5889B245D6D}.exe
C:\Windows\{C83C4698-91C2-4a39-8475-D5889B245D6D}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{60FDD~1.EXE > nul
C:\Windows\{60B53402-B2A7-443c-94D9-9A9EF433B625}.exe
C:\Windows\{60B53402-B2A7-443c-94D9-9A9EF433B625}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{C83C4~1.EXE > nul
C:\Windows\{C546A100-6D1E-4539-95B4-7D9630D41E13}.exe
C:\Windows\{C546A100-6D1E-4539-95B4-7D9630D41E13}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{60B53~1.EXE > nul
C:\Windows\{844AF8B5-67E9-4b60-B862-D0132AB79617}.exe
C:\Windows\{844AF8B5-67E9-4b60-B862-D0132AB79617}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{C546A~1.EXE > nul
C:\Windows\{06E7869C-4BBC-43fe-841E-5C8ED95B37AB}.exe
C:\Windows\{06E7869C-4BBC-43fe-841E-5C8ED95B37AB}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{844AF~1.EXE > nul
C:\Windows\{A705C457-6AF5-4a2a-96E1-EE7046BE98B1}.exe
C:\Windows\{A705C457-6AF5-4a2a-96E1-EE7046BE98B1}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{06E78~1.EXE > nul
C:\Windows\{922BDA4D-9FD6-4214-B69A-43A6DFBB86A0}.exe
C:\Windows\{922BDA4D-9FD6-4214-B69A-43A6DFBB86A0}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{A705C~1.EXE > nul
C:\Windows\{0948C779-DDDD-4b8b-A74D-73DCF1171F57}.exe
C:\Windows\{0948C779-DDDD-4b8b-A74D-73DCF1171F57}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{922BD~1.EXE > nul
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 138.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.228.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.110.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.71.91.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.65.42.20.in-addr.arpa | udp |
Files
C:\Windows\{F22468F8-2413-45e5-BBEF-083E79560F7C}.exe
| MD5 | ab4f5f4702d7d1e8256056a0a436e4b2 |
| SHA1 | 1b6ee746c13a4af8c6ad9335411d57e756335cb9 |
| SHA256 | a0f02b6efb02183ae16d34882417cfa7d62c54b3fcf11a4a16486a5904fecbd2 |
| SHA512 | 77a7dee410e595a2859786a19987baab9a66cadd9c83c537b1de25e6cb690dfe5284f11ff0842e33f06a4ee822d18a9242c62c316f1496eb7044a2b0f28b063b |
C:\Windows\{02C13666-E42E-4851-9D5C-A2B21AD239BF}.exe
| MD5 | a00470546208979fbef9de90c66ee2e7 |
| SHA1 | 6a551484118040a05cd48dab14a3461346eff7d9 |
| SHA256 | 790af07a96a255f1b008b07857be199d5bd6a1b81e22ae27d5fa92d84be554c2 |
| SHA512 | ec66304e79dddaa9d1cb5dcdd1538414c799915d53b488fadf933f677ad06c6e41b484403ef23777cf6f27454571fb312803bdcb8b5ed854ecbf6ec369f85207 |
C:\Windows\{F01C586B-E700-4f29-AEB0-7B16E6D33D4E}.exe
| MD5 | 1eb1efa41a1f8a74ab5202983fafd400 |
| SHA1 | 1f97fb40f8b9031e5a88aacdbf429eecbf7f2122 |
| SHA256 | 31bdd84953cfd5a162d330ce1cfe21f5aacbe239dc665139d519cd2362d06877 |
| SHA512 | d6ca79ee320b6b5e53ea4db2e70574a31ca9d0478a345397b35f4db75cd9cd4b49785c9333714a4027939f6ce82bdec77b6bd13953d2441f052255f83c1788ec |
C:\Windows\{60FDD9A4-2E61-4951-83D4-A6221473DE44}.exe
| MD5 | 90daba52049b932a0bee2a6c4a99b529 |
| SHA1 | 13a41c1ef35a88a5cd7c35881fa68eb3b4c10e6d |
| SHA256 | 961de6077251df4dc460ba85f917d8f68888ec903d86bac0b8eb33e161b4eea0 |
| SHA512 | e1a4854c123cb56ee3b695b0e806741a77a02196c833313926644115cf8ee44a6ccc4651883373ebbe2d4c796ac9cc6528a4f45fed1c6a36f373bbb05de72cf5 |
C:\Windows\{C83C4698-91C2-4a39-8475-D5889B245D6D}.exe
| MD5 | 08ce0da54c7a22c30affef5319fb0a57 |
| SHA1 | 2257aff90e9691a3a1e651ab6cadaef38afc592d |
| SHA256 | 1a0200d31a27dd94891f04ad20aa9992cb8231ec8b81cb7ce15347a9dd4e908a |
| SHA512 | 84860e47798499ddd540f652d79103558ebc2ea12edffd4eee6a8eefb1c0457ebebc678f10f0d3c318808ab458a900bdf3fedc9e50646fb8eee5bdc16411ac1e |
C:\Windows\{60B53402-B2A7-443c-94D9-9A9EF433B625}.exe
| MD5 | 9d53619cd30fa43882b647c0e414d2b0 |
| SHA1 | 892174098883a3924f2b6fc102554140b4fe07d7 |
| SHA256 | fd6f36ab2cd315e1bf19a8a27e93c3212c5ae4915677010dbfffa1100b22ef68 |
| SHA512 | d955b90b7db5b19737554dd36868e9109303ad84d2d8a3247900ecb8fc7538605afc49d0f2499dc3c2cb7077bb9bd30de85d9a30a01e4b8e2a5a76ea3f177a3f |
C:\Windows\{C546A100-6D1E-4539-95B4-7D9630D41E13}.exe
| MD5 | f38d5d6e495123ab90dcea1c9396cd5d |
| SHA1 | fb94c4cdfc82418cb5f66d9dbcc37a30f828d625 |
| SHA256 | 5548f22f61c39454860189d9fa29037aebb5bcaa9e79f06e6b1cec4353a4514e |
| SHA512 | 9b08442243e4139fd7f5d745fca1ae1dc6f95f4debed2a556102019f96f443a3af6c777a93ec5313541c71f44a64d8ade91ac597841f9ca5a93521e273dc990b |
C:\Windows\{06E7869C-4BBC-43fe-841E-5C8ED95B37AB}.exe
| MD5 | b580fef4b3f0694af11dafe7d420ca32 |
| SHA1 | 3d5c003f97c3fdf195a04e9fa1ae5e3ee942e842 |
| SHA256 | 72d0ed1fc33354930117e354700f1fcc6dcf061686c6b747233bae08718d1032 |
| SHA512 | 8a4f0043bb892cd9b4f77a27778aa5eedcb429b785ff6b0366d23c97f79ea081bf400eb63803803cfeff5bb7e124dfd7e6222216cf84b2b157e88c9dac205177 |
C:\Windows\{A705C457-6AF5-4a2a-96E1-EE7046BE98B1}.exe
| MD5 | 132db0dd058db563b45cc32b07385940 |
| SHA1 | e3a31c642306be6bc5defb4793b8173cc4abb1d2 |
| SHA256 | 4839377d0b71c92936a9dd32c84abb6558ae582de41c5c668e7137c837bdaac9 |
| SHA512 | 7ee5724e8d200cbb16550b32d0b34c671d7fb59d04dda72279e289c316a166b8f5dbc157bc1229ad7868dc1d853b0b2d8ecf101b744d9157fead2286dc57d427 |
C:\Windows\{922BDA4D-9FD6-4214-B69A-43A6DFBB86A0}.exe
| MD5 | 9ac1b1ebc8269f440e033d83c7456314 |
| SHA1 | bdb6a44dd3d735561c853a9c6f2e5d35b522ad79 |
| SHA256 | 34fc1b6388aa77487462d8af99772aaff3b04089cba3480d97e941e323eae623 |
| SHA512 | 008ec4d50ab8137389a3b6618851401b5a8873d1ad36e3fd690e2ad4c283fd90d990138a5d1959725370b3d81dff32064afcdf17220a7bda9979dc0e67dcd989 |
C:\Windows\{0948C779-DDDD-4b8b-A74D-73DCF1171F57}.exe
| MD5 | fd4aaef922b7bbbce0f98f0d21892f93 |
| SHA1 | 795e470ade6ffd2bccf39deaf95f1a3f9af4e504 |
| SHA256 | ad508dad33e8f018a69448d1012f703c64e7098d5b2e306d894b8c50142fb523 |
| SHA512 | 45d9647ccb364c8c0c29369fbe24928e0d2ae4514c3d76a876e0c6ffa86d5f731e605834bb831e66c33364bd0a217f03ab2c47eb8e4176fac4c0bd60769ff6bf |