Analysis Overview
SHA256
83be2346e78cbcf6e06dc63789dcbfcfb87fecabc7b49f354fb6bcee7706c54e
Threat Level: Known bad
The file 2024-03-02_5264be32e86275d2fbdda6a68bc09148_goldeneye was found to be: Known bad.
Malicious Activity Summary
Auto-generated rule
Auto-generated rule
Modifies Installed Components in the registry
Deletes itself
Executes dropped EXE
Drops file in Windows directory
Unsigned PE
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-03-02 23:26
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2024-03-02 23:26
Reported
2024-03-02 23:28
Platform
win10v2004-20240226-en
Max time kernel
150s
Max time network
151s
Command Line
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{48AC6634-09CB-4c42-8231-45161EB43C93} | C:\Windows\{C5214514-921A-45d5-8C4E-F59F1ADCEF94}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{A64C03B1-6DE4-4608-96C3-0F0AB3690F1A} | C:\Windows\{48AC6634-09CB-4c42-8231-45161EB43C93}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{3A05F7C6-C953-431e-B7A7-6DC7F3FBEF4F}\stubpath = "C:\\Windows\\{3A05F7C6-C953-431e-B7A7-6DC7F3FBEF4F}.exe" | C:\Users\Admin\AppData\Local\Temp\2024-03-02_5264be32e86275d2fbdda6a68bc09148_goldeneye.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{942501AE-0BAA-4c45-9634-2678E1D2F591}\stubpath = "C:\\Windows\\{942501AE-0BAA-4c45-9634-2678E1D2F591}.exe" | C:\Windows\{3A05F7C6-C953-431e-B7A7-6DC7F3FBEF4F}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{00EA8D32-3B4F-4d3b-A739-6C264F7B3620}\stubpath = "C:\\Windows\\{00EA8D32-3B4F-4d3b-A739-6C264F7B3620}.exe" | C:\Windows\{5D503DA1-8AC0-4bd5-83CE-51E93B005214}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{EFBC2E0F-BCE5-4a5a-BA6A-B65465A1560F}\stubpath = "C:\\Windows\\{EFBC2E0F-BCE5-4a5a-BA6A-B65465A1560F}.exe" | C:\Windows\{00EA8D32-3B4F-4d3b-A739-6C264F7B3620}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{0D1065CF-CF7D-4d44-8073-CDC330DD65E1} | C:\Windows\{EFBC2E0F-BCE5-4a5a-BA6A-B65465A1560F}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{C5214514-921A-45d5-8C4E-F59F1ADCEF94}\stubpath = "C:\\Windows\\{C5214514-921A-45d5-8C4E-F59F1ADCEF94}.exe" | C:\Windows\{3938B86B-8E67-4158-B7E5-35A2AEFD3353}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{A64C03B1-6DE4-4608-96C3-0F0AB3690F1A}\stubpath = "C:\\Windows\\{A64C03B1-6DE4-4608-96C3-0F0AB3690F1A}.exe" | C:\Windows\{48AC6634-09CB-4c42-8231-45161EB43C93}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{3A05F7C6-C953-431e-B7A7-6DC7F3FBEF4F} | C:\Users\Admin\AppData\Local\Temp\2024-03-02_5264be32e86275d2fbdda6a68bc09148_goldeneye.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5D503DA1-8AC0-4bd5-83CE-51E93B005214}\stubpath = "C:\\Windows\\{5D503DA1-8AC0-4bd5-83CE-51E93B005214}.exe" | C:\Windows\{942501AE-0BAA-4c45-9634-2678E1D2F591}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{EFBC2E0F-BCE5-4a5a-BA6A-B65465A1560F} | C:\Windows\{00EA8D32-3B4F-4d3b-A739-6C264F7B3620}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{012E4200-377A-4ca9-A0EE-3774EC556C13} | C:\Windows\{0D1065CF-CF7D-4d44-8073-CDC330DD65E1}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{3938B86B-8E67-4158-B7E5-35A2AEFD3353} | C:\Windows\{012E4200-377A-4ca9-A0EE-3774EC556C13}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{3938B86B-8E67-4158-B7E5-35A2AEFD3353}\stubpath = "C:\\Windows\\{3938B86B-8E67-4158-B7E5-35A2AEFD3353}.exe" | C:\Windows\{012E4200-377A-4ca9-A0EE-3774EC556C13}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5D503DA1-8AC0-4bd5-83CE-51E93B005214} | C:\Windows\{942501AE-0BAA-4c45-9634-2678E1D2F591}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{00EA8D32-3B4F-4d3b-A739-6C264F7B3620} | C:\Windows\{5D503DA1-8AC0-4bd5-83CE-51E93B005214}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{0D1065CF-CF7D-4d44-8073-CDC330DD65E1}\stubpath = "C:\\Windows\\{0D1065CF-CF7D-4d44-8073-CDC330DD65E1}.exe" | C:\Windows\{EFBC2E0F-BCE5-4a5a-BA6A-B65465A1560F}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{012E4200-377A-4ca9-A0EE-3774EC556C13}\stubpath = "C:\\Windows\\{012E4200-377A-4ca9-A0EE-3774EC556C13}.exe" | C:\Windows\{0D1065CF-CF7D-4d44-8073-CDC330DD65E1}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{C5214514-921A-45d5-8C4E-F59F1ADCEF94} | C:\Windows\{3938B86B-8E67-4158-B7E5-35A2AEFD3353}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{6CD1A58F-F41F-440a-BF39-7FA11B2BACD8} | C:\Windows\{A64C03B1-6DE4-4608-96C3-0F0AB3690F1A}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{942501AE-0BAA-4c45-9634-2678E1D2F591} | C:\Windows\{3A05F7C6-C953-431e-B7A7-6DC7F3FBEF4F}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{48AC6634-09CB-4c42-8231-45161EB43C93}\stubpath = "C:\\Windows\\{48AC6634-09CB-4c42-8231-45161EB43C93}.exe" | C:\Windows\{C5214514-921A-45d5-8C4E-F59F1ADCEF94}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{6CD1A58F-F41F-440a-BF39-7FA11B2BACD8}\stubpath = "C:\\Windows\\{6CD1A58F-F41F-440a-BF39-7FA11B2BACD8}.exe" | C:\Windows\{A64C03B1-6DE4-4608-96C3-0F0AB3690F1A}.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\{3A05F7C6-C953-431e-B7A7-6DC7F3FBEF4F}.exe | N/A |
| N/A | N/A | C:\Windows\{942501AE-0BAA-4c45-9634-2678E1D2F591}.exe | N/A |
| N/A | N/A | C:\Windows\{5D503DA1-8AC0-4bd5-83CE-51E93B005214}.exe | N/A |
| N/A | N/A | C:\Windows\{00EA8D32-3B4F-4d3b-A739-6C264F7B3620}.exe | N/A |
| N/A | N/A | C:\Windows\{EFBC2E0F-BCE5-4a5a-BA6A-B65465A1560F}.exe | N/A |
| N/A | N/A | C:\Windows\{0D1065CF-CF7D-4d44-8073-CDC330DD65E1}.exe | N/A |
| N/A | N/A | C:\Windows\{012E4200-377A-4ca9-A0EE-3774EC556C13}.exe | N/A |
| N/A | N/A | C:\Windows\{3938B86B-8E67-4158-B7E5-35A2AEFD3353}.exe | N/A |
| N/A | N/A | C:\Windows\{C5214514-921A-45d5-8C4E-F59F1ADCEF94}.exe | N/A |
| N/A | N/A | C:\Windows\{48AC6634-09CB-4c42-8231-45161EB43C93}.exe | N/A |
| N/A | N/A | C:\Windows\{A64C03B1-6DE4-4608-96C3-0F0AB3690F1A}.exe | N/A |
| N/A | N/A | C:\Windows\{6CD1A58F-F41F-440a-BF39-7FA11B2BACD8}.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\{EFBC2E0F-BCE5-4a5a-BA6A-B65465A1560F}.exe | C:\Windows\{00EA8D32-3B4F-4d3b-A739-6C264F7B3620}.exe | N/A |
| File created | C:\Windows\{0D1065CF-CF7D-4d44-8073-CDC330DD65E1}.exe | C:\Windows\{EFBC2E0F-BCE5-4a5a-BA6A-B65465A1560F}.exe | N/A |
| File created | C:\Windows\{012E4200-377A-4ca9-A0EE-3774EC556C13}.exe | C:\Windows\{0D1065CF-CF7D-4d44-8073-CDC330DD65E1}.exe | N/A |
| File created | C:\Windows\{3938B86B-8E67-4158-B7E5-35A2AEFD3353}.exe | C:\Windows\{012E4200-377A-4ca9-A0EE-3774EC556C13}.exe | N/A |
| File created | C:\Windows\{C5214514-921A-45d5-8C4E-F59F1ADCEF94}.exe | C:\Windows\{3938B86B-8E67-4158-B7E5-35A2AEFD3353}.exe | N/A |
| File created | C:\Windows\{A64C03B1-6DE4-4608-96C3-0F0AB3690F1A}.exe | C:\Windows\{48AC6634-09CB-4c42-8231-45161EB43C93}.exe | N/A |
| File created | C:\Windows\{6CD1A58F-F41F-440a-BF39-7FA11B2BACD8}.exe | C:\Windows\{A64C03B1-6DE4-4608-96C3-0F0AB3690F1A}.exe | N/A |
| File created | C:\Windows\{942501AE-0BAA-4c45-9634-2678E1D2F591}.exe | C:\Windows\{3A05F7C6-C953-431e-B7A7-6DC7F3FBEF4F}.exe | N/A |
| File created | C:\Windows\{5D503DA1-8AC0-4bd5-83CE-51E93B005214}.exe | C:\Windows\{942501AE-0BAA-4c45-9634-2678E1D2F591}.exe | N/A |
| File created | C:\Windows\{00EA8D32-3B4F-4d3b-A739-6C264F7B3620}.exe | C:\Windows\{5D503DA1-8AC0-4bd5-83CE-51E93B005214}.exe | N/A |
| File created | C:\Windows\{48AC6634-09CB-4c42-8231-45161EB43C93}.exe | C:\Windows\{C5214514-921A-45d5-8C4E-F59F1ADCEF94}.exe | N/A |
| File created | C:\Windows\{3A05F7C6-C953-431e-B7A7-6DC7F3FBEF4F}.exe | C:\Users\Admin\AppData\Local\Temp\2024-03-02_5264be32e86275d2fbdda6a68bc09148_goldeneye.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-03-02_5264be32e86275d2fbdda6a68bc09148_goldeneye.exe
"C:\Users\Admin\AppData\Local\Temp\2024-03-02_5264be32e86275d2fbdda6a68bc09148_goldeneye.exe"
C:\Windows\{3A05F7C6-C953-431e-B7A7-6DC7F3FBEF4F}.exe
C:\Windows\{3A05F7C6-C953-431e-B7A7-6DC7F3FBEF4F}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
C:\Windows\{942501AE-0BAA-4c45-9634-2678E1D2F591}.exe
C:\Windows\{942501AE-0BAA-4c45-9634-2678E1D2F591}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{3A05F~1.EXE > nul
C:\Windows\{5D503DA1-8AC0-4bd5-83CE-51E93B005214}.exe
C:\Windows\{5D503DA1-8AC0-4bd5-83CE-51E93B005214}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{94250~1.EXE > nul
C:\Windows\{00EA8D32-3B4F-4d3b-A739-6C264F7B3620}.exe
C:\Windows\{00EA8D32-3B4F-4d3b-A739-6C264F7B3620}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{5D503~1.EXE > nul
C:\Windows\{EFBC2E0F-BCE5-4a5a-BA6A-B65465A1560F}.exe
C:\Windows\{EFBC2E0F-BCE5-4a5a-BA6A-B65465A1560F}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{00EA8~1.EXE > nul
C:\Windows\{0D1065CF-CF7D-4d44-8073-CDC330DD65E1}.exe
C:\Windows\{0D1065CF-CF7D-4d44-8073-CDC330DD65E1}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{EFBC2~1.EXE > nul
C:\Windows\{012E4200-377A-4ca9-A0EE-3774EC556C13}.exe
C:\Windows\{012E4200-377A-4ca9-A0EE-3774EC556C13}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{0D106~1.EXE > nul
C:\Windows\{3938B86B-8E67-4158-B7E5-35A2AEFD3353}.exe
C:\Windows\{3938B86B-8E67-4158-B7E5-35A2AEFD3353}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{012E4~1.EXE > nul
C:\Windows\{C5214514-921A-45d5-8C4E-F59F1ADCEF94}.exe
C:\Windows\{C5214514-921A-45d5-8C4E-F59F1ADCEF94}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{3938B~1.EXE > nul
C:\Windows\{48AC6634-09CB-4c42-8231-45161EB43C93}.exe
C:\Windows\{48AC6634-09CB-4c42-8231-45161EB43C93}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{C5214~1.EXE > nul
C:\Windows\{A64C03B1-6DE4-4608-96C3-0F0AB3690F1A}.exe
C:\Windows\{A64C03B1-6DE4-4608-96C3-0F0AB3690F1A}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{48AC6~1.EXE > nul
C:\Windows\{6CD1A58F-F41F-440a-BF39-7FA11B2BACD8}.exe
C:\Windows\{6CD1A58F-F41F-440a-BF39-7FA11B2BACD8}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{A64C0~1.EXE > nul
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 71.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.154.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.110.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 138.91.171.81:80 | tcp | |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.71.91.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | udp |
Files
C:\Windows\{3A05F7C6-C953-431e-B7A7-6DC7F3FBEF4F}.exe
| MD5 | 198febf251224eb28b0970eb21298975 |
| SHA1 | e0d8e19b391b5ed36a114ad40cde5ca41be3fb50 |
| SHA256 | 14a07055af3ca602890e6b30f774a4efb677958fe2407b8fc896418eebc8fc21 |
| SHA512 | ef8c8bba5e8337d11cd0f62b25e8ae6b2f39ae18c1bf03e64d4c2debdc62854309ba968bfb6ece30de8d36ffa11ae67eb1cc5d265c97b6a8f20b1e9a0d6c3f27 |
C:\Windows\{942501AE-0BAA-4c45-9634-2678E1D2F591}.exe
| MD5 | ac7807210ebf65c04a2a254ecc75442b |
| SHA1 | ddbd43be62767d5a51cbf529d0c5e84447b291ec |
| SHA256 | 39f0507d72772eae2fa4af78d65df2f22ee982ae5702d8e9b49a35eeb8954611 |
| SHA512 | 06fde4208de4169da547ac9d94c2621175e48fc9d1a44fc2ad2f2a636e0b08553e21ec0b5b7613cc829d375beaa2ae8f72aaabe2f23f8ef3a5f6c1eda0453f93 |
C:\Windows\{5D503DA1-8AC0-4bd5-83CE-51E93B005214}.exe
| MD5 | 73bb5e6a308670c48389eb7f94682a91 |
| SHA1 | f425ab4b8b3e7a6b40d8672c40d659f0959cfc29 |
| SHA256 | 2f3342348571c78dbe1f82867e3377a9153f0697b04f80c30998d02f8ce4e2f7 |
| SHA512 | 4bf374a5d2702ff0757f8cfd09f94c6274193769bc3f80b1d2af8e7bd7bb405569eed6663f102f03fa3cb68575150b3a77023fb9bcd22ac636a5a38b794adbe3 |
C:\Windows\{00EA8D32-3B4F-4d3b-A739-6C264F7B3620}.exe
| MD5 | fee60521dc4b11749f91e22c8dcb08b6 |
| SHA1 | 74262b4edb52cc451239a8a7202f2997d5d747db |
| SHA256 | 03ddd1a373aab1dd355db40c9bf9b310d4d3df47dc218561970855097a346936 |
| SHA512 | 98565ce06af29ed0808dfaf20fb3b731d6e72619ba95b953a4465f72cf002e9b61fa8e8b594d11b0a325f2343ce66f3059384ef890e190c13baf8ec0b1274f4f |
C:\Windows\{EFBC2E0F-BCE5-4a5a-BA6A-B65465A1560F}.exe
| MD5 | 8deace27e43709f20b6bb4c9f0a3f1a9 |
| SHA1 | 8707b15388eb2fb8febb8556cb56d9d9c464c3f1 |
| SHA256 | 68e8132084e03d71c33fe6c6d879e0e4db894f4ba2934527075a858a430cad89 |
| SHA512 | 2d188379bee7e5dadd1bedc87e1682c0bd1e3078075e9a2367bae447344fa5a44c069f672ec82504efce70468313c4bbd53946495079e3476c841167736df5a1 |
C:\Windows\{0D1065CF-CF7D-4d44-8073-CDC330DD65E1}.exe
| MD5 | 67264a21e134e86a2c5ffda1ad6ebd27 |
| SHA1 | 4483701871c697f799135fb42c96de100be55227 |
| SHA256 | a2495adfce5d8b8f998577d72a232d6f4671c8b1f7fdae9f3363307456295ca9 |
| SHA512 | 4acb2f234d68cc125108d80f839d62058aba6e948fcce8bcc477423d70a6f7c834d918570ad748c62650c6eb4068bfb4f4412ea41727a0e01d54bec42ee67936 |
C:\Windows\{012E4200-377A-4ca9-A0EE-3774EC556C13}.exe
| MD5 | b8b63b5a62294310344dcdb4bcd1e33a |
| SHA1 | 202f02e83374f26bde69a15e81259895298d50f8 |
| SHA256 | 95fd08f84d14b5c497701fe142c57cd7930ce5eda4fd9a062ebc1a7656504119 |
| SHA512 | eef33a46b42bda0a34dc2c5b5d4e121352cd2e44dca551b8a77afd9e76279dd9e810cf7b6514b6bd1a7b6499817fca45856d1e6ba83eb47683351a38f639e57a |
C:\Windows\{3938B86B-8E67-4158-B7E5-35A2AEFD3353}.exe
| MD5 | 8e504ce48905caeed6a279804dff2688 |
| SHA1 | 53a0764afbe8a44050bf2e6b3071ea40b1f6c1ad |
| SHA256 | 786567f5a2c51cd2d35acb88d956c7aa0a21b490e0d90e4cefe2366c101e72d0 |
| SHA512 | 6db68bd43d9d4d11b161843c03152db8dccc4bbc5b6c5ae0ead1338bac3cc861b6d9897f36ec4f112f8a94c3d1534ff8b4bf824a95a15e6b5d70141c8f2d5363 |
C:\Windows\{C5214514-921A-45d5-8C4E-F59F1ADCEF94}.exe
| MD5 | fb7b620f79c468a34d0c7b91db14aa72 |
| SHA1 | 742918ee98460593e14eec684e005c77f1570f81 |
| SHA256 | 02375b2a9f24892a5d6f5298c0732648d46db438d18e0451cd491d4e1f0b80e2 |
| SHA512 | 830cb7a0a79938449a6e317446bda6d54527f876131c4eee9c9e165e4cd11cc61c7d8524e6d9b90b8170d49590f32df4db8dad1f5868d21e6b221efda745b911 |
C:\Windows\{48AC6634-09CB-4c42-8231-45161EB43C93}.exe
| MD5 | ecedc3b4c5153c7965237ab854bba6fd |
| SHA1 | 17866a0466de1fcfca472befd2cfb8dd5860369b |
| SHA256 | 43353767b3a15da46e75f48bd40cbaee5ef2e53a665bb3cf4a1959f620a8f567 |
| SHA512 | 0b0bfcbfede5cd3e136a43495ac1555555c8f695fd6fca73f94da7f76a95c139ed4d21818581a2529644d7e03ccaae1c8955687fe20cea65309b3c29c7b66e11 |
C:\Windows\{A64C03B1-6DE4-4608-96C3-0F0AB3690F1A}.exe
| MD5 | bbd06334bd63077832864c832ba542d5 |
| SHA1 | 2184e32b2cd2869c57ef0beca63730d62134e131 |
| SHA256 | 4285f4d9056750ea56eebd29ec6d4fc57313083d357fdd635e4258d6b34d4632 |
| SHA512 | 72533bf1c2696906b6a4d13b91eb86c7b22bb5ad49620e9be63c6d1118603cdb0d24d635432b83890a66bcefcbcc0970714b996d9fe815ee243c6e8ec1f21039 |
C:\Windows\{6CD1A58F-F41F-440a-BF39-7FA11B2BACD8}.exe
| MD5 | 53cb58fa5196be9009d7090f9b2f0578 |
| SHA1 | 094871a00a4eb1f98eff9544b373723731e7bbda |
| SHA256 | f9bbeef5c8646fab207d2c7c3934a040b7358dae035d93daadaea594c285783a |
| SHA512 | 0c98825ee38989c3e7b5fdc99b04e747dd6ac1cf1eeb0fa5fa05ed407a7e0b3cbe489d61e2ffa2c351bc2557c9372a08be04b2fc8d375c26b024e7c94c32c51c |
Analysis: behavioral1
Detonation Overview
Submitted
2024-03-02 23:26
Reported
2024-03-02 23:28
Platform
win7-20240221-en
Max time kernel
144s
Max time network
126s
Command Line
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{A7C6F47F-0590-47d1-AF5E-40FB21CACD2B}\stubpath = "C:\\Windows\\{A7C6F47F-0590-47d1-AF5E-40FB21CACD2B}.exe" | C:\Windows\{D066109B-3839-4e70-AE65-57F51B4909EA}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{8D0518C9-C498-4069-AEB3-707DE9566E4C} | C:\Windows\{A7C6F47F-0590-47d1-AF5E-40FB21CACD2B}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{0EBBCC06-31D6-4575-B558-D4C8DC62A4B6} | C:\Windows\{1F1D5380-4249-4d9b-84B3-099DE7E080CD}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{7702B487-E2AF-4aa1-8B17-1B2C4FFCE159} | C:\Windows\{754F45FB-7D04-4bf9-A437-2C5387617E6A}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{A7C6F47F-0590-47d1-AF5E-40FB21CACD2B} | C:\Windows\{D066109B-3839-4e70-AE65-57F51B4909EA}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{754F45FB-7D04-4bf9-A437-2C5387617E6A} | C:\Windows\{0EBBCC06-31D6-4575-B558-D4C8DC62A4B6}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{754F45FB-7D04-4bf9-A437-2C5387617E6A}\stubpath = "C:\\Windows\\{754F45FB-7D04-4bf9-A437-2C5387617E6A}.exe" | C:\Windows\{0EBBCC06-31D6-4575-B558-D4C8DC62A4B6}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{7702B487-E2AF-4aa1-8B17-1B2C4FFCE159}\stubpath = "C:\\Windows\\{7702B487-E2AF-4aa1-8B17-1B2C4FFCE159}.exe" | C:\Windows\{754F45FB-7D04-4bf9-A437-2C5387617E6A}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{D066109B-3839-4e70-AE65-57F51B4909EA}\stubpath = "C:\\Windows\\{D066109B-3839-4e70-AE65-57F51B4909EA}.exe" | C:\Windows\{7702B487-E2AF-4aa1-8B17-1B2C4FFCE159}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{B1708D3D-B8A9-497e-82E3-32E7414F1FCA} | C:\Windows\{8D0518C9-C498-4069-AEB3-707DE9566E4C}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{45545256-78E1-4cec-8C7F-EE66914D6709}\stubpath = "C:\\Windows\\{45545256-78E1-4cec-8C7F-EE66914D6709}.exe" | C:\Users\Admin\AppData\Local\Temp\2024-03-02_5264be32e86275d2fbdda6a68bc09148_goldeneye.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{1F1D5380-4249-4d9b-84B3-099DE7E080CD} | C:\Windows\{45545256-78E1-4cec-8C7F-EE66914D6709}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{0EBBCC06-31D6-4575-B558-D4C8DC62A4B6}\stubpath = "C:\\Windows\\{0EBBCC06-31D6-4575-B558-D4C8DC62A4B6}.exe" | C:\Windows\{1F1D5380-4249-4d9b-84B3-099DE7E080CD}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{E3CA65F8-37FF-4e7e-9994-D58927B5DF54}\stubpath = "C:\\Windows\\{E3CA65F8-37FF-4e7e-9994-D58927B5DF54}.exe" | C:\Windows\{B1708D3D-B8A9-497e-82E3-32E7414F1FCA}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{E3CA65F8-37FF-4e7e-9994-D58927B5DF54} | C:\Windows\{B1708D3D-B8A9-497e-82E3-32E7414F1FCA}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{FA1EFDAA-C6B8-4cb2-B94D-8B2E0DB482E2} | C:\Windows\{E3CA65F8-37FF-4e7e-9994-D58927B5DF54}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{FA1EFDAA-C6B8-4cb2-B94D-8B2E0DB482E2}\stubpath = "C:\\Windows\\{FA1EFDAA-C6B8-4cb2-B94D-8B2E0DB482E2}.exe" | C:\Windows\{E3CA65F8-37FF-4e7e-9994-D58927B5DF54}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{D066109B-3839-4e70-AE65-57F51B4909EA} | C:\Windows\{7702B487-E2AF-4aa1-8B17-1B2C4FFCE159}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{8D0518C9-C498-4069-AEB3-707DE9566E4C}\stubpath = "C:\\Windows\\{8D0518C9-C498-4069-AEB3-707DE9566E4C}.exe" | C:\Windows\{A7C6F47F-0590-47d1-AF5E-40FB21CACD2B}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{B1708D3D-B8A9-497e-82E3-32E7414F1FCA}\stubpath = "C:\\Windows\\{B1708D3D-B8A9-497e-82E3-32E7414F1FCA}.exe" | C:\Windows\{8D0518C9-C498-4069-AEB3-707DE9566E4C}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{45545256-78E1-4cec-8C7F-EE66914D6709} | C:\Users\Admin\AppData\Local\Temp\2024-03-02_5264be32e86275d2fbdda6a68bc09148_goldeneye.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{1F1D5380-4249-4d9b-84B3-099DE7E080CD}\stubpath = "C:\\Windows\\{1F1D5380-4249-4d9b-84B3-099DE7E080CD}.exe" | C:\Windows\{45545256-78E1-4cec-8C7F-EE66914D6709}.exe | N/A |
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\cmd.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\{45545256-78E1-4cec-8C7F-EE66914D6709}.exe | N/A |
| N/A | N/A | C:\Windows\{1F1D5380-4249-4d9b-84B3-099DE7E080CD}.exe | N/A |
| N/A | N/A | C:\Windows\{0EBBCC06-31D6-4575-B558-D4C8DC62A4B6}.exe | N/A |
| N/A | N/A | C:\Windows\{754F45FB-7D04-4bf9-A437-2C5387617E6A}.exe | N/A |
| N/A | N/A | C:\Windows\{7702B487-E2AF-4aa1-8B17-1B2C4FFCE159}.exe | N/A |
| N/A | N/A | C:\Windows\{D066109B-3839-4e70-AE65-57F51B4909EA}.exe | N/A |
| N/A | N/A | C:\Windows\{A7C6F47F-0590-47d1-AF5E-40FB21CACD2B}.exe | N/A |
| N/A | N/A | C:\Windows\{8D0518C9-C498-4069-AEB3-707DE9566E4C}.exe | N/A |
| N/A | N/A | C:\Windows\{B1708D3D-B8A9-497e-82E3-32E7414F1FCA}.exe | N/A |
| N/A | N/A | C:\Windows\{E3CA65F8-37FF-4e7e-9994-D58927B5DF54}.exe | N/A |
| N/A | N/A | C:\Windows\{FA1EFDAA-C6B8-4cb2-B94D-8B2E0DB482E2}.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\{8D0518C9-C498-4069-AEB3-707DE9566E4C}.exe | C:\Windows\{A7C6F47F-0590-47d1-AF5E-40FB21CACD2B}.exe | N/A |
| File created | C:\Windows\{E3CA65F8-37FF-4e7e-9994-D58927B5DF54}.exe | C:\Windows\{B1708D3D-B8A9-497e-82E3-32E7414F1FCA}.exe | N/A |
| File created | C:\Windows\{45545256-78E1-4cec-8C7F-EE66914D6709}.exe | C:\Users\Admin\AppData\Local\Temp\2024-03-02_5264be32e86275d2fbdda6a68bc09148_goldeneye.exe | N/A |
| File created | C:\Windows\{0EBBCC06-31D6-4575-B558-D4C8DC62A4B6}.exe | C:\Windows\{1F1D5380-4249-4d9b-84B3-099DE7E080CD}.exe | N/A |
| File created | C:\Windows\{7702B487-E2AF-4aa1-8B17-1B2C4FFCE159}.exe | C:\Windows\{754F45FB-7D04-4bf9-A437-2C5387617E6A}.exe | N/A |
| File created | C:\Windows\{A7C6F47F-0590-47d1-AF5E-40FB21CACD2B}.exe | C:\Windows\{D066109B-3839-4e70-AE65-57F51B4909EA}.exe | N/A |
| File created | C:\Windows\{B1708D3D-B8A9-497e-82E3-32E7414F1FCA}.exe | C:\Windows\{8D0518C9-C498-4069-AEB3-707DE9566E4C}.exe | N/A |
| File created | C:\Windows\{FA1EFDAA-C6B8-4cb2-B94D-8B2E0DB482E2}.exe | C:\Windows\{E3CA65F8-37FF-4e7e-9994-D58927B5DF54}.exe | N/A |
| File created | C:\Windows\{1F1D5380-4249-4d9b-84B3-099DE7E080CD}.exe | C:\Windows\{45545256-78E1-4cec-8C7F-EE66914D6709}.exe | N/A |
| File created | C:\Windows\{754F45FB-7D04-4bf9-A437-2C5387617E6A}.exe | C:\Windows\{0EBBCC06-31D6-4575-B558-D4C8DC62A4B6}.exe | N/A |
| File created | C:\Windows\{D066109B-3839-4e70-AE65-57F51B4909EA}.exe | C:\Windows\{7702B487-E2AF-4aa1-8B17-1B2C4FFCE159}.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-03-02_5264be32e86275d2fbdda6a68bc09148_goldeneye.exe
"C:\Users\Admin\AppData\Local\Temp\2024-03-02_5264be32e86275d2fbdda6a68bc09148_goldeneye.exe"
C:\Windows\{45545256-78E1-4cec-8C7F-EE66914D6709}.exe
C:\Windows\{45545256-78E1-4cec-8C7F-EE66914D6709}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
C:\Windows\{1F1D5380-4249-4d9b-84B3-099DE7E080CD}.exe
C:\Windows\{1F1D5380-4249-4d9b-84B3-099DE7E080CD}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{45545~1.EXE > nul
C:\Windows\{0EBBCC06-31D6-4575-B558-D4C8DC62A4B6}.exe
C:\Windows\{0EBBCC06-31D6-4575-B558-D4C8DC62A4B6}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{1F1D5~1.EXE > nul
C:\Windows\{754F45FB-7D04-4bf9-A437-2C5387617E6A}.exe
C:\Windows\{754F45FB-7D04-4bf9-A437-2C5387617E6A}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{0EBBC~1.EXE > nul
C:\Windows\{7702B487-E2AF-4aa1-8B17-1B2C4FFCE159}.exe
C:\Windows\{7702B487-E2AF-4aa1-8B17-1B2C4FFCE159}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{754F4~1.EXE > nul
C:\Windows\{D066109B-3839-4e70-AE65-57F51B4909EA}.exe
C:\Windows\{D066109B-3839-4e70-AE65-57F51B4909EA}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{7702B~1.EXE > nul
C:\Windows\{A7C6F47F-0590-47d1-AF5E-40FB21CACD2B}.exe
C:\Windows\{A7C6F47F-0590-47d1-AF5E-40FB21CACD2B}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{D0661~1.EXE > nul
C:\Windows\{8D0518C9-C498-4069-AEB3-707DE9566E4C}.exe
C:\Windows\{8D0518C9-C498-4069-AEB3-707DE9566E4C}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{A7C6F~1.EXE > nul
C:\Windows\{B1708D3D-B8A9-497e-82E3-32E7414F1FCA}.exe
C:\Windows\{B1708D3D-B8A9-497e-82E3-32E7414F1FCA}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{8D051~1.EXE > nul
C:\Windows\{E3CA65F8-37FF-4e7e-9994-D58927B5DF54}.exe
C:\Windows\{E3CA65F8-37FF-4e7e-9994-D58927B5DF54}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{B1708~1.EXE > nul
C:\Windows\{FA1EFDAA-C6B8-4cb2-B94D-8B2E0DB482E2}.exe
C:\Windows\{FA1EFDAA-C6B8-4cb2-B94D-8B2E0DB482E2}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{E3CA6~1.EXE > nul
Network
Files
C:\Windows\{45545256-78E1-4cec-8C7F-EE66914D6709}.exe
| MD5 | d7ccccc35a9d71e61b8399f11bcd901e |
| SHA1 | a7ae1225c316ae772fed6e92aaff5e795295c22d |
| SHA256 | 9c3010aef39f5e8e5176c7bdf383d2ac0461f9a70287c72d3dd6aad5f2d89333 |
| SHA512 | 08468f65e8262e9becd29f35b62995fbca36f80790919acf933c201d341e0ee07fbcf12b041eb3d397ee3b01185c5dc48633c70cea03cb54ba944db5ec15dccc |
C:\Windows\{1F1D5380-4249-4d9b-84B3-099DE7E080CD}.exe
| MD5 | 05f98110f48164aeeff06f3477efc596 |
| SHA1 | 77c32c85d6fa432dd46cdc4e0373d4cc52a5112f |
| SHA256 | 4e2b108fe4815dd357d50e04803fdacaf1724739fd3d0139ab4b89484694b9b0 |
| SHA512 | 172f8bb8e0ff250f0cd05a117559ee767f277034126ecc54de6d6b3365e19782136bdbd09785ff2d7cddbffbb0cde29a759852c9677a950e5c142946820d049c |
C:\Windows\{0EBBCC06-31D6-4575-B558-D4C8DC62A4B6}.exe
| MD5 | 0cb7faf44fd1e224eecfa72981397be6 |
| SHA1 | c60124666fe6dc7ab51b926b72fc5adc2d3c9b50 |
| SHA256 | 28857e1c689c77b07bb49ab0365fe4b6916c31d9db047405c93b87c7f3a8a409 |
| SHA512 | db6e85571ba9564f2454ef7b2dc6236ff35e5cef45851fe9b489f53ba72090a3d49966bed8737fec747ecbea26dda98d06e3d721fa35f92b59335dc1dcafce48 |
C:\Windows\{754F45FB-7D04-4bf9-A437-2C5387617E6A}.exe
| MD5 | d3be2b51f2ab92d124926aad488c168c |
| SHA1 | 89c8f66de553e7631a0315d41b7327b955154b2b |
| SHA256 | 002a30cc81b0a763da791a114e3dd3f893c825c2aed2e98188b7900c7b9c902a |
| SHA512 | b0586ad1e3876d93cfd8b3ffe522794d63bf619bbc1c8afa9d6af3daf4a5af0631057d53162b6e35e2fc4cb19aa29b6b6a9b2ea3aa0586ef8801338b674aa50e |
C:\Windows\{7702B487-E2AF-4aa1-8B17-1B2C4FFCE159}.exe
| MD5 | 907f40b6a894bd0106532fa6c96bbbe0 |
| SHA1 | 6f59c01e62c5516fd0a0640f4b3cbf19ee020c91 |
| SHA256 | 54bf8e767fe59a50fbd41abc35dbc2afb6f39e9ccaaaaa0697e005aa935dd6e6 |
| SHA512 | 7488bfa26c4dc073f4cc594b65efab747555f186355950e041bd0fbfd5c3001206cc6f462df647067aa528847ea2d87db79cbd3e96234bb319533bf61da8eab0 |
C:\Windows\{D066109B-3839-4e70-AE65-57F51B4909EA}.exe
| MD5 | 255d063443e28979bbf79e15df2cd98f |
| SHA1 | f8fd35f0c65d910820868996cd228fe7d058a1ab |
| SHA256 | 4c1925f4bb9f7d226d745c84b7de464a2c25add9fe23366443ae6f40234f67e4 |
| SHA512 | 066b290dd3ca1ae8cb3e7d40094051321aa1d6decf43b174e9c792c0032169d31fddf844841de3e4214d0f56166987adf7e711bb7e41895e4fa827d34bc63609 |
C:\Windows\{A7C6F47F-0590-47d1-AF5E-40FB21CACD2B}.exe
| MD5 | 7fbf8053c02d832980fc65f9ccf5e6d7 |
| SHA1 | da223729b4e777b10ca5141e7f887f5580bd5d48 |
| SHA256 | 658677cb75b3e90b658e056d9becd7d47f2c2faca7914c38935592731b11235b |
| SHA512 | 309467f994d3360ad3bce3c5d0b9ac84b3a108bfb09ee2d3c9f1f7f17744f89a40b3100ea67e4b91291e0317378d344b4c4502fe28a54092d98e8b4fb86310f2 |
C:\Windows\{8D0518C9-C498-4069-AEB3-707DE9566E4C}.exe
| MD5 | be08561e998ca9fe6f9a4cf777c905e9 |
| SHA1 | 7ba05a9d361bc986f4bd4198aec008a9ea3ee333 |
| SHA256 | 7d5738259ed07aa77514d029b4b82050446c39dff5528df738d81a9c238ccc43 |
| SHA512 | 8554393f5ed41db56335a90c64b26e8c6836423826224e4bb64369c7dcadd14e445657027304a49fc15621994b274dcfab3929dbc0a7811b3468b2532e0cab61 |
C:\Windows\{B1708D3D-B8A9-497e-82E3-32E7414F1FCA}.exe
| MD5 | c2498f5f2a9e7734fdf0e74c7ef25079 |
| SHA1 | 4b45c5e97ee9630241eb465d06392c01d8a2a156 |
| SHA256 | 0738f91bf24b56dd57246b755fb52b7e71f06e4017737dd3d0e20ebf71029428 |
| SHA512 | e187a3d9acd3e65ba275265f558b6ddf9180c7a6858322affc7b166c42af0bc8c1986cdb92ead6be2a3a570075b5e45af2d09febc9ce045d5df7d060feabee8c |
C:\Windows\{E3CA65F8-37FF-4e7e-9994-D58927B5DF54}.exe
| MD5 | eac2eff686ba1c7a41db696aa6de0376 |
| SHA1 | 2a3027690e2cb1b18222785e4a64070f69789ae8 |
| SHA256 | 21267c7a674f891aa5815051e6278b5999a3ee3b163b6bfd66855446105e17cd |
| SHA512 | f7ea42a90ddd0f343d161209ac1e5be9d7dbc1c0bf98a4393d2c326d16ca2cc2b51bbc3f76c31c8e0e4d82f050f83620f911b38b4bb1ae87cb129f3653974ea0 |
C:\Windows\{FA1EFDAA-C6B8-4cb2-B94D-8B2E0DB482E2}.exe
| MD5 | 72d2073bf625dbcbfa5d11aedbcf3c5f |
| SHA1 | 9d4744b2adb1fad1601b496625fc689a9cde356b |
| SHA256 | 0bb310248486906a90d1d51815d3dbb9dae7458c59ea4532c03b6d71e7b48ea2 |
| SHA512 | 9de8ae962a11412f38f66e7449b734208cab0132aa1c71f44c9305a78cc1c9ce3513cbbeb00dbcab798bc9c6330549a1852b29a977cb8e0a1bbd307ea9e67192 |