Analysis Overview
SHA256
620766325486b4b603153ed34ab08978e3da9627f47f0b56623d4ef551b23671
Threat Level: Known bad
The file 2024-03-02_60519da15958b25e42df8453c8d8608d_goldeneye was found to be: Known bad.
Malicious Activity Summary
Auto-generated rule
Auto-generated rule
Modifies Installed Components in the registry
Deletes itself
Executes dropped EXE
Drops file in Windows directory
Unsigned PE
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-03-02 23:27
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-03-02 23:27
Reported
2024-03-02 23:30
Platform
win7-20240215-en
Max time kernel
144s
Max time network
119s
Command Line
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{45B6E455-FAED-46ac-AC9F-0AEF0E2F09A6} | C:\Users\Admin\AppData\Local\Temp\2024-03-02_60519da15958b25e42df8453c8d8608d_goldeneye.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{0FE45463-3B10-498a-85C2-E94266581A59} | C:\Windows\{407A3AE2-0B21-43b7-9A61-B748D5619F08}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{75BB0762-CCBC-4ae0-A605-FFDCD30C45A6} | C:\Windows\{0FE45463-3B10-498a-85C2-E94266581A59}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{75BB0762-CCBC-4ae0-A605-FFDCD30C45A6}\stubpath = "C:\\Windows\\{75BB0762-CCBC-4ae0-A605-FFDCD30C45A6}.exe" | C:\Windows\{0FE45463-3B10-498a-85C2-E94266581A59}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{EA1E627F-18E7-4d4f-BD06-E197EC6804B2} | C:\Windows\{EFCF6994-F7B1-461b-9BFF-A3C4935932C5}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{7C3799C4-2489-4948-A95C-CF8AFB117F51} | C:\Windows\{4D1890CF-B3E9-44fc-AAD7-7888E98BB161}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{407A3AE2-0B21-43b7-9A61-B748D5619F08}\stubpath = "C:\\Windows\\{407A3AE2-0B21-43b7-9A61-B748D5619F08}.exe" | C:\Windows\{45B6E455-FAED-46ac-AC9F-0AEF0E2F09A6}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{4D1890CF-B3E9-44fc-AAD7-7888E98BB161} | C:\Windows\{BAA3AC43-A49C-490d-8B96-E30880475306}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{8249BCF6-A546-4459-A6A5-CF77F0495C2B} | C:\Windows\{7C3799C4-2489-4948-A95C-CF8AFB117F51}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{9E279C3D-B64F-498a-A24C-CD6F6F76EE16} | C:\Windows\{8249BCF6-A546-4459-A6A5-CF77F0495C2B}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{9E279C3D-B64F-498a-A24C-CD6F6F76EE16}\stubpath = "C:\\Windows\\{9E279C3D-B64F-498a-A24C-CD6F6F76EE16}.exe" | C:\Windows\{8249BCF6-A546-4459-A6A5-CF77F0495C2B}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{45B6E455-FAED-46ac-AC9F-0AEF0E2F09A6}\stubpath = "C:\\Windows\\{45B6E455-FAED-46ac-AC9F-0AEF0E2F09A6}.exe" | C:\Users\Admin\AppData\Local\Temp\2024-03-02_60519da15958b25e42df8453c8d8608d_goldeneye.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{407A3AE2-0B21-43b7-9A61-B748D5619F08} | C:\Windows\{45B6E455-FAED-46ac-AC9F-0AEF0E2F09A6}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{EFCF6994-F7B1-461b-9BFF-A3C4935932C5} | C:\Windows\{75BB0762-CCBC-4ae0-A605-FFDCD30C45A6}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{4D1890CF-B3E9-44fc-AAD7-7888E98BB161}\stubpath = "C:\\Windows\\{4D1890CF-B3E9-44fc-AAD7-7888E98BB161}.exe" | C:\Windows\{BAA3AC43-A49C-490d-8B96-E30880475306}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{8249BCF6-A546-4459-A6A5-CF77F0495C2B}\stubpath = "C:\\Windows\\{8249BCF6-A546-4459-A6A5-CF77F0495C2B}.exe" | C:\Windows\{7C3799C4-2489-4948-A95C-CF8AFB117F51}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{0FE45463-3B10-498a-85C2-E94266581A59}\stubpath = "C:\\Windows\\{0FE45463-3B10-498a-85C2-E94266581A59}.exe" | C:\Windows\{407A3AE2-0B21-43b7-9A61-B748D5619F08}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{EFCF6994-F7B1-461b-9BFF-A3C4935932C5}\stubpath = "C:\\Windows\\{EFCF6994-F7B1-461b-9BFF-A3C4935932C5}.exe" | C:\Windows\{75BB0762-CCBC-4ae0-A605-FFDCD30C45A6}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{EA1E627F-18E7-4d4f-BD06-E197EC6804B2}\stubpath = "C:\\Windows\\{EA1E627F-18E7-4d4f-BD06-E197EC6804B2}.exe" | C:\Windows\{EFCF6994-F7B1-461b-9BFF-A3C4935932C5}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{BAA3AC43-A49C-490d-8B96-E30880475306} | C:\Windows\{EA1E627F-18E7-4d4f-BD06-E197EC6804B2}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{BAA3AC43-A49C-490d-8B96-E30880475306}\stubpath = "C:\\Windows\\{BAA3AC43-A49C-490d-8B96-E30880475306}.exe" | C:\Windows\{EA1E627F-18E7-4d4f-BD06-E197EC6804B2}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{7C3799C4-2489-4948-A95C-CF8AFB117F51}\stubpath = "C:\\Windows\\{7C3799C4-2489-4948-A95C-CF8AFB117F51}.exe" | C:\Windows\{4D1890CF-B3E9-44fc-AAD7-7888E98BB161}.exe | N/A |
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\cmd.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\{45B6E455-FAED-46ac-AC9F-0AEF0E2F09A6}.exe | N/A |
| N/A | N/A | C:\Windows\{407A3AE2-0B21-43b7-9A61-B748D5619F08}.exe | N/A |
| N/A | N/A | C:\Windows\{0FE45463-3B10-498a-85C2-E94266581A59}.exe | N/A |
| N/A | N/A | C:\Windows\{75BB0762-CCBC-4ae0-A605-FFDCD30C45A6}.exe | N/A |
| N/A | N/A | C:\Windows\{EFCF6994-F7B1-461b-9BFF-A3C4935932C5}.exe | N/A |
| N/A | N/A | C:\Windows\{EA1E627F-18E7-4d4f-BD06-E197EC6804B2}.exe | N/A |
| N/A | N/A | C:\Windows\{BAA3AC43-A49C-490d-8B96-E30880475306}.exe | N/A |
| N/A | N/A | C:\Windows\{4D1890CF-B3E9-44fc-AAD7-7888E98BB161}.exe | N/A |
| N/A | N/A | C:\Windows\{7C3799C4-2489-4948-A95C-CF8AFB117F51}.exe | N/A |
| N/A | N/A | C:\Windows\{8249BCF6-A546-4459-A6A5-CF77F0495C2B}.exe | N/A |
| N/A | N/A | C:\Windows\{9E279C3D-B64F-498a-A24C-CD6F6F76EE16}.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\{407A3AE2-0B21-43b7-9A61-B748D5619F08}.exe | C:\Windows\{45B6E455-FAED-46ac-AC9F-0AEF0E2F09A6}.exe | N/A |
| File created | C:\Windows\{0FE45463-3B10-498a-85C2-E94266581A59}.exe | C:\Windows\{407A3AE2-0B21-43b7-9A61-B748D5619F08}.exe | N/A |
| File created | C:\Windows\{75BB0762-CCBC-4ae0-A605-FFDCD30C45A6}.exe | C:\Windows\{0FE45463-3B10-498a-85C2-E94266581A59}.exe | N/A |
| File created | C:\Windows\{EA1E627F-18E7-4d4f-BD06-E197EC6804B2}.exe | C:\Windows\{EFCF6994-F7B1-461b-9BFF-A3C4935932C5}.exe | N/A |
| File created | C:\Windows\{4D1890CF-B3E9-44fc-AAD7-7888E98BB161}.exe | C:\Windows\{BAA3AC43-A49C-490d-8B96-E30880475306}.exe | N/A |
| File created | C:\Windows\{8249BCF6-A546-4459-A6A5-CF77F0495C2B}.exe | C:\Windows\{7C3799C4-2489-4948-A95C-CF8AFB117F51}.exe | N/A |
| File created | C:\Windows\{45B6E455-FAED-46ac-AC9F-0AEF0E2F09A6}.exe | C:\Users\Admin\AppData\Local\Temp\2024-03-02_60519da15958b25e42df8453c8d8608d_goldeneye.exe | N/A |
| File created | C:\Windows\{BAA3AC43-A49C-490d-8B96-E30880475306}.exe | C:\Windows\{EA1E627F-18E7-4d4f-BD06-E197EC6804B2}.exe | N/A |
| File created | C:\Windows\{7C3799C4-2489-4948-A95C-CF8AFB117F51}.exe | C:\Windows\{4D1890CF-B3E9-44fc-AAD7-7888E98BB161}.exe | N/A |
| File created | C:\Windows\{9E279C3D-B64F-498a-A24C-CD6F6F76EE16}.exe | C:\Windows\{8249BCF6-A546-4459-A6A5-CF77F0495C2B}.exe | N/A |
| File created | C:\Windows\{EFCF6994-F7B1-461b-9BFF-A3C4935932C5}.exe | C:\Windows\{75BB0762-CCBC-4ae0-A605-FFDCD30C45A6}.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-03-02_60519da15958b25e42df8453c8d8608d_goldeneye.exe
"C:\Users\Admin\AppData\Local\Temp\2024-03-02_60519da15958b25e42df8453c8d8608d_goldeneye.exe"
C:\Windows\{45B6E455-FAED-46ac-AC9F-0AEF0E2F09A6}.exe
C:\Windows\{45B6E455-FAED-46ac-AC9F-0AEF0E2F09A6}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
C:\Windows\{407A3AE2-0B21-43b7-9A61-B748D5619F08}.exe
C:\Windows\{407A3AE2-0B21-43b7-9A61-B748D5619F08}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{45B6E~1.EXE > nul
C:\Windows\{0FE45463-3B10-498a-85C2-E94266581A59}.exe
C:\Windows\{0FE45463-3B10-498a-85C2-E94266581A59}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{407A3~1.EXE > nul
C:\Windows\{75BB0762-CCBC-4ae0-A605-FFDCD30C45A6}.exe
C:\Windows\{75BB0762-CCBC-4ae0-A605-FFDCD30C45A6}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{0FE45~1.EXE > nul
C:\Windows\{EFCF6994-F7B1-461b-9BFF-A3C4935932C5}.exe
C:\Windows\{EFCF6994-F7B1-461b-9BFF-A3C4935932C5}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{75BB0~1.EXE > nul
C:\Windows\{EA1E627F-18E7-4d4f-BD06-E197EC6804B2}.exe
C:\Windows\{EA1E627F-18E7-4d4f-BD06-E197EC6804B2}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{EFCF6~1.EXE > nul
C:\Windows\{BAA3AC43-A49C-490d-8B96-E30880475306}.exe
C:\Windows\{BAA3AC43-A49C-490d-8B96-E30880475306}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{EA1E6~1.EXE > nul
C:\Windows\{4D1890CF-B3E9-44fc-AAD7-7888E98BB161}.exe
C:\Windows\{4D1890CF-B3E9-44fc-AAD7-7888E98BB161}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{BAA3A~1.EXE > nul
C:\Windows\{7C3799C4-2489-4948-A95C-CF8AFB117F51}.exe
C:\Windows\{7C3799C4-2489-4948-A95C-CF8AFB117F51}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{4D189~1.EXE > nul
C:\Windows\{8249BCF6-A546-4459-A6A5-CF77F0495C2B}.exe
C:\Windows\{8249BCF6-A546-4459-A6A5-CF77F0495C2B}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{7C379~1.EXE > nul
C:\Windows\{9E279C3D-B64F-498a-A24C-CD6F6F76EE16}.exe
C:\Windows\{9E279C3D-B64F-498a-A24C-CD6F6F76EE16}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{8249B~1.EXE > nul
Network
Files
C:\Windows\{45B6E455-FAED-46ac-AC9F-0AEF0E2F09A6}.exe
| MD5 | 91e20bd9cef3885fbc44677ce9be2dcf |
| SHA1 | 84025b167d64805331963b5bd5a8e18519cf075a |
| SHA256 | f0ed22c86aa12039a142ddd022bec4979476e5b7883315e5cca6566a6918b138 |
| SHA512 | ea1e852a7bbbaeef560e85648b8093d1e358fcf3995eb6c9146f0ba18f8e57c5770d109699273f553a42c6db0e9f64306856e414261a6d76de850cc83be4ba4a |
C:\Windows\{407A3AE2-0B21-43b7-9A61-B748D5619F08}.exe
| MD5 | 847feb87c39ac1c593f8ebb5394d64f2 |
| SHA1 | 190e028778d53a4a7dc5e568368a48ebe2491f3d |
| SHA256 | cc582374bb32c622b1d4d72cfd3f17a1d55294cb1515092ea24fb3e35983bfce |
| SHA512 | c83d7658ea3eb071148343724d2828f830f33b3ebad735a35ae267dec8dc958ab2997835c1fc95dc1793e2da9f4b20e3311c9217e28efb5655aa8f1a1f6839d3 |
C:\Windows\{0FE45463-3B10-498a-85C2-E94266581A59}.exe
| MD5 | 14e74bd59edcd4a68e26d47740a12da9 |
| SHA1 | 35c89dfbf00ae2781881b86d9beb0efcce5da2cb |
| SHA256 | 02e6bd1ecd2f52fd12f9bd9afde63a8c451e0d40910a101a8920449dc837dbbe |
| SHA512 | 8c69c1be6d24ea85e3c29944e11570c7d778e75a465b9d6b1ea0c66ce78380117f96105e4c8c3ee327309938a1701122ccad4145cb3f28bd7bbb8c645a0c3996 |
C:\Windows\{75BB0762-CCBC-4ae0-A605-FFDCD30C45A6}.exe
| MD5 | 8f7fc3441b85910da7ce2bb0176475f4 |
| SHA1 | 35ecad29debfcf35855dd724e21df2a80bf8a24c |
| SHA256 | 1e24a12d41345d812c440e7d4febec8c4f4cdf6279654e4bf6370287caefe08f |
| SHA512 | ddc88c551d80dc68ccf87396d20500e944b5338c3bf6fade8e74a1b9894e48a88a35bee142ebf608272bde88140c013402bf21287cc37cc3c0b9f61aeb4aca69 |
C:\Windows\{EFCF6994-F7B1-461b-9BFF-A3C4935932C5}.exe
| MD5 | 4e7143ad2ab66f105d2b43a95ab5cf4a |
| SHA1 | 0f45aeb483c444ebd0b8de91542ef0497f9c2d96 |
| SHA256 | 8f7d1c2fb4bc6ef09f9533dc8d9827a47622861ab091ef60d3dd3b1f663708fe |
| SHA512 | 73f247689308558e90b2d6d0a5cdd1cf7e994e29c8f3ff0ba61473734a6f0b65984e904f38ccb128bf45b0a76cfe20ceadc6ce62b03d2fa6e43edc461e842875 |
C:\Windows\{EA1E627F-18E7-4d4f-BD06-E197EC6804B2}.exe
| MD5 | a9c9bac13fb70541f39017f8f8d199d7 |
| SHA1 | e7f091d84c6759890c2c5b8d1252636a1599410d |
| SHA256 | ac8bd60150c4d5d4a8270454c7e324326dc594ba2583723c69a45ffd336d259c |
| SHA512 | 9c265c068a6858d82d66a9425a85dc3c38f5333b6cb11c8c4e884462f3ef7e110d762e14b6f6deddd09adbfb9514237b7e78e3bc62eec12e4363207a44da90ae |
C:\Windows\{BAA3AC43-A49C-490d-8B96-E30880475306}.exe
| MD5 | 4a34e622d36db1196c79887b301f8441 |
| SHA1 | 8392bc74952f7e4fc2199dea72c2b294c28399dc |
| SHA256 | f60c45726cc136900c041c333a216f78c38db1d572d80709a74e3cbb7b62d918 |
| SHA512 | 86f2b9b2554ff1f2fc5e35d28d215db3238061b86a6501ecb265ae241bb264afed5cde1cca8b6f93dee820432df3e23bb27088101ceb085d76afad2fff06ab70 |
C:\Windows\{4D1890CF-B3E9-44fc-AAD7-7888E98BB161}.exe
| MD5 | 37e61ec242d9c0c8dc80d4590f11a792 |
| SHA1 | 1c405746c041bcc95e585b74e4bab8eda19cf459 |
| SHA256 | f3ace24592a0b3cbe3ca0441354b4ee0556243759b956077518249bace59ca6a |
| SHA512 | 426c3207ffa179b2f0725fb3415b48b5c8f3981980ca15689db761d3acf957f0da4d0653d124ee2e20d204675eae0a711402a940c24b884107113b56e5ab65a4 |
C:\Windows\{7C3799C4-2489-4948-A95C-CF8AFB117F51}.exe
| MD5 | bf394358745e130a73277c8627275149 |
| SHA1 | e8268281fe29e50cc9635c54534d4738ab04f483 |
| SHA256 | 634d555153b95ae032eecf74fc26c1b827d2a769a1d2b2b4460c24bb5536f84e |
| SHA512 | 65cb06dc34e85325fc2fa8561ce7604d5975ed574db18d1adec70795155c50f809b3238f8e3fd3d6b1ffeb3bc680b956ba47bca2fe6cbb65a2ffff2dd425e3d9 |
C:\Windows\{8249BCF6-A546-4459-A6A5-CF77F0495C2B}.exe
| MD5 | d106ea958f98b9ab2f15bb0dcf23c19d |
| SHA1 | 44982e47143f396e3036c591d90ff7fe77868a65 |
| SHA256 | 903fccdef9188d0e47801f5b23f3bcd8ee8d004693941f85cf2bb8e9be88fa2e |
| SHA512 | 4856a3a4ae3bd51e63f879225532c9a14c2c62ecff22e54467246c5cffe455d5016997e29ee19f037879c4adc8f3e504a72da452ef83bbf2041f5a2875fe815e |
C:\Windows\{9E279C3D-B64F-498a-A24C-CD6F6F76EE16}.exe
| MD5 | fe3a358292020d362b7f8420ff8286a4 |
| SHA1 | cc181405503b56bd931c7d947e5804c84117853c |
| SHA256 | e7319833a24d0ad618b134e0830b7f186c2a348b6a4f388b64c6ff2fa3508157 |
| SHA512 | a53f4138387782c9bff2004e4843cfdfc8ef692ac2b96b8abab9b14e8d9fe290bbd8a118282c835193a11043e9cd5ae984905229ccf96a464f888cc7ccdf87b8 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-03-02 23:27
Reported
2024-03-02 23:30
Platform
win10v2004-20240226-en
Max time kernel
149s
Max time network
153s
Command Line
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{729AD2D4-5B03-4c9a-BE05-7D72620D03E9}\stubpath = "C:\\Windows\\{729AD2D4-5B03-4c9a-BE05-7D72620D03E9}.exe" | C:\Windows\{B17A416D-A83C-4226-BD76-03C874EED344}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{509598AB-4B3F-4e15-98CC-3A3C07E6D1DD}\stubpath = "C:\\Windows\\{509598AB-4B3F-4e15-98CC-3A3C07E6D1DD}.exe" | C:\Windows\{06ADE9DB-E4B5-443d-8186-F20B9B77C05B}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{CCD77BBF-E7DB-49b6-8174-839B8225FABB} | C:\Users\Admin\AppData\Local\Temp\2024-03-02_60519da15958b25e42df8453c8d8608d_goldeneye.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{CCD77BBF-E7DB-49b6-8174-839B8225FABB}\stubpath = "C:\\Windows\\{CCD77BBF-E7DB-49b6-8174-839B8225FABB}.exe" | C:\Users\Admin\AppData\Local\Temp\2024-03-02_60519da15958b25e42df8453c8d8608d_goldeneye.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{B17A416D-A83C-4226-BD76-03C874EED344}\stubpath = "C:\\Windows\\{B17A416D-A83C-4226-BD76-03C874EED344}.exe" | C:\Windows\{EFC84F65-B632-4c1a-96B7-E1E529832E55}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{77CB8FBD-1CFD-498a-AA1E-485ED95732A2}\stubpath = "C:\\Windows\\{77CB8FBD-1CFD-498a-AA1E-485ED95732A2}.exe" | C:\Windows\{509598AB-4B3F-4e15-98CC-3A3C07E6D1DD}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{3DCD6A6F-9AD3-40b9-A55B-25B232A46B49} | C:\Windows\{77CB8FBD-1CFD-498a-AA1E-485ED95732A2}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{F1A754E4-E0CD-4a63-8965-AEF17971FB57} | C:\Windows\{3DCD6A6F-9AD3-40b9-A55B-25B232A46B49}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{F1A754E4-E0CD-4a63-8965-AEF17971FB57}\stubpath = "C:\\Windows\\{F1A754E4-E0CD-4a63-8965-AEF17971FB57}.exe" | C:\Windows\{3DCD6A6F-9AD3-40b9-A55B-25B232A46B49}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{CC2EB825-DCB5-4f93-AE85-DE25677523EA} | C:\Windows\{F1A754E4-E0CD-4a63-8965-AEF17971FB57}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{558D66EA-34A4-426e-A7BB-6E728C6A0712}\stubpath = "C:\\Windows\\{558D66EA-34A4-426e-A7BB-6E728C6A0712}.exe" | C:\Windows\{CCD77BBF-E7DB-49b6-8174-839B8225FABB}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{EFC84F65-B632-4c1a-96B7-E1E529832E55}\stubpath = "C:\\Windows\\{EFC84F65-B632-4c1a-96B7-E1E529832E55}.exe" | C:\Windows\{558D66EA-34A4-426e-A7BB-6E728C6A0712}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{06ADE9DB-E4B5-443d-8186-F20B9B77C05B}\stubpath = "C:\\Windows\\{06ADE9DB-E4B5-443d-8186-F20B9B77C05B}.exe" | C:\Windows\{729AD2D4-5B03-4c9a-BE05-7D72620D03E9}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{8BC51157-FFCF-4d66-BC27-65D38F1AF43A} | C:\Windows\{CC2EB825-DCB5-4f93-AE85-DE25677523EA}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{77CB8FBD-1CFD-498a-AA1E-485ED95732A2} | C:\Windows\{509598AB-4B3F-4e15-98CC-3A3C07E6D1DD}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{8BC51157-FFCF-4d66-BC27-65D38F1AF43A}\stubpath = "C:\\Windows\\{8BC51157-FFCF-4d66-BC27-65D38F1AF43A}.exe" | C:\Windows\{CC2EB825-DCB5-4f93-AE85-DE25677523EA}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{558D66EA-34A4-426e-A7BB-6E728C6A0712} | C:\Windows\{CCD77BBF-E7DB-49b6-8174-839B8225FABB}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{EFC84F65-B632-4c1a-96B7-E1E529832E55} | C:\Windows\{558D66EA-34A4-426e-A7BB-6E728C6A0712}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{06ADE9DB-E4B5-443d-8186-F20B9B77C05B} | C:\Windows\{729AD2D4-5B03-4c9a-BE05-7D72620D03E9}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{3DCD6A6F-9AD3-40b9-A55B-25B232A46B49}\stubpath = "C:\\Windows\\{3DCD6A6F-9AD3-40b9-A55B-25B232A46B49}.exe" | C:\Windows\{77CB8FBD-1CFD-498a-AA1E-485ED95732A2}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{CC2EB825-DCB5-4f93-AE85-DE25677523EA}\stubpath = "C:\\Windows\\{CC2EB825-DCB5-4f93-AE85-DE25677523EA}.exe" | C:\Windows\{F1A754E4-E0CD-4a63-8965-AEF17971FB57}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{B17A416D-A83C-4226-BD76-03C874EED344} | C:\Windows\{EFC84F65-B632-4c1a-96B7-E1E529832E55}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{729AD2D4-5B03-4c9a-BE05-7D72620D03E9} | C:\Windows\{B17A416D-A83C-4226-BD76-03C874EED344}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{509598AB-4B3F-4e15-98CC-3A3C07E6D1DD} | C:\Windows\{06ADE9DB-E4B5-443d-8186-F20B9B77C05B}.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\{CCD77BBF-E7DB-49b6-8174-839B8225FABB}.exe | N/A |
| N/A | N/A | C:\Windows\{558D66EA-34A4-426e-A7BB-6E728C6A0712}.exe | N/A |
| N/A | N/A | C:\Windows\{EFC84F65-B632-4c1a-96B7-E1E529832E55}.exe | N/A |
| N/A | N/A | C:\Windows\{B17A416D-A83C-4226-BD76-03C874EED344}.exe | N/A |
| N/A | N/A | C:\Windows\{729AD2D4-5B03-4c9a-BE05-7D72620D03E9}.exe | N/A |
| N/A | N/A | C:\Windows\{06ADE9DB-E4B5-443d-8186-F20B9B77C05B}.exe | N/A |
| N/A | N/A | C:\Windows\{509598AB-4B3F-4e15-98CC-3A3C07E6D1DD}.exe | N/A |
| N/A | N/A | C:\Windows\{77CB8FBD-1CFD-498a-AA1E-485ED95732A2}.exe | N/A |
| N/A | N/A | C:\Windows\{3DCD6A6F-9AD3-40b9-A55B-25B232A46B49}.exe | N/A |
| N/A | N/A | C:\Windows\{F1A754E4-E0CD-4a63-8965-AEF17971FB57}.exe | N/A |
| N/A | N/A | C:\Windows\{CC2EB825-DCB5-4f93-AE85-DE25677523EA}.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\{3DCD6A6F-9AD3-40b9-A55B-25B232A46B49}.exe | C:\Windows\{77CB8FBD-1CFD-498a-AA1E-485ED95732A2}.exe | N/A |
| File created | C:\Windows\{F1A754E4-E0CD-4a63-8965-AEF17971FB57}.exe | C:\Windows\{3DCD6A6F-9AD3-40b9-A55B-25B232A46B49}.exe | N/A |
| File created | C:\Windows\{EFC84F65-B632-4c1a-96B7-E1E529832E55}.exe | C:\Windows\{558D66EA-34A4-426e-A7BB-6E728C6A0712}.exe | N/A |
| File created | C:\Windows\{B17A416D-A83C-4226-BD76-03C874EED344}.exe | C:\Windows\{EFC84F65-B632-4c1a-96B7-E1E529832E55}.exe | N/A |
| File created | C:\Windows\{729AD2D4-5B03-4c9a-BE05-7D72620D03E9}.exe | C:\Windows\{B17A416D-A83C-4226-BD76-03C874EED344}.exe | N/A |
| File created | C:\Windows\{06ADE9DB-E4B5-443d-8186-F20B9B77C05B}.exe | C:\Windows\{729AD2D4-5B03-4c9a-BE05-7D72620D03E9}.exe | N/A |
| File created | C:\Windows\{CC2EB825-DCB5-4f93-AE85-DE25677523EA}.exe | C:\Windows\{F1A754E4-E0CD-4a63-8965-AEF17971FB57}.exe | N/A |
| File created | C:\Windows\{8BC51157-FFCF-4d66-BC27-65D38F1AF43A}.exe | C:\Windows\{CC2EB825-DCB5-4f93-AE85-DE25677523EA}.exe | N/A |
| File created | C:\Windows\{CCD77BBF-E7DB-49b6-8174-839B8225FABB}.exe | C:\Users\Admin\AppData\Local\Temp\2024-03-02_60519da15958b25e42df8453c8d8608d_goldeneye.exe | N/A |
| File created | C:\Windows\{558D66EA-34A4-426e-A7BB-6E728C6A0712}.exe | C:\Windows\{CCD77BBF-E7DB-49b6-8174-839B8225FABB}.exe | N/A |
| File created | C:\Windows\{509598AB-4B3F-4e15-98CC-3A3C07E6D1DD}.exe | C:\Windows\{06ADE9DB-E4B5-443d-8186-F20B9B77C05B}.exe | N/A |
| File created | C:\Windows\{77CB8FBD-1CFD-498a-AA1E-485ED95732A2}.exe | C:\Windows\{509598AB-4B3F-4e15-98CC-3A3C07E6D1DD}.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-03-02_60519da15958b25e42df8453c8d8608d_goldeneye.exe
"C:\Users\Admin\AppData\Local\Temp\2024-03-02_60519da15958b25e42df8453c8d8608d_goldeneye.exe"
C:\Windows\{CCD77BBF-E7DB-49b6-8174-839B8225FABB}.exe
C:\Windows\{CCD77BBF-E7DB-49b6-8174-839B8225FABB}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
C:\Windows\{558D66EA-34A4-426e-A7BB-6E728C6A0712}.exe
C:\Windows\{558D66EA-34A4-426e-A7BB-6E728C6A0712}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{CCD77~1.EXE > nul
C:\Windows\{EFC84F65-B632-4c1a-96B7-E1E529832E55}.exe
C:\Windows\{EFC84F65-B632-4c1a-96B7-E1E529832E55}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{558D6~1.EXE > nul
C:\Windows\{B17A416D-A83C-4226-BD76-03C874EED344}.exe
C:\Windows\{B17A416D-A83C-4226-BD76-03C874EED344}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{EFC84~1.EXE > nul
C:\Windows\{729AD2D4-5B03-4c9a-BE05-7D72620D03E9}.exe
C:\Windows\{729AD2D4-5B03-4c9a-BE05-7D72620D03E9}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{B17A4~1.EXE > nul
C:\Windows\{06ADE9DB-E4B5-443d-8186-F20B9B77C05B}.exe
C:\Windows\{06ADE9DB-E4B5-443d-8186-F20B9B77C05B}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{729AD~1.EXE > nul
C:\Windows\{509598AB-4B3F-4e15-98CC-3A3C07E6D1DD}.exe
C:\Windows\{509598AB-4B3F-4e15-98CC-3A3C07E6D1DD}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{06ADE~1.EXE > nul
C:\Windows\{77CB8FBD-1CFD-498a-AA1E-485ED95732A2}.exe
C:\Windows\{77CB8FBD-1CFD-498a-AA1E-485ED95732A2}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{50959~1.EXE > nul
C:\Windows\{3DCD6A6F-9AD3-40b9-A55B-25B232A46B49}.exe
C:\Windows\{3DCD6A6F-9AD3-40b9-A55B-25B232A46B49}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{77CB8~1.EXE > nul
C:\Windows\{F1A754E4-E0CD-4a63-8965-AEF17971FB57}.exe
C:\Windows\{F1A754E4-E0CD-4a63-8965-AEF17971FB57}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{3DCD6~1.EXE > nul
C:\Windows\{CC2EB825-DCB5-4f93-AE85-DE25677523EA}.exe
C:\Windows\{CC2EB825-DCB5-4f93-AE85-DE25677523EA}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{F1A75~1.EXE > nul
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 72.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.200:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 180.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.110.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.228.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.71.91.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.204.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.173.189.20.in-addr.arpa | udp |
Files
C:\Windows\{CCD77BBF-E7DB-49b6-8174-839B8225FABB}.exe
| MD5 | a085988fcb2df201bc8e1e3a678b97f6 |
| SHA1 | 07feca3eb52f2f15b18c3ce53efc056e29ce453f |
| SHA256 | 61e1ee1d51776e0d31e3d9f62c452a9190c8186f85d4d7e733fb2caa0e149a63 |
| SHA512 | 949e335c44bdcd256fd8b46ddd13be1863913591c996ca2038bb222b55b87675967643e7dd3c28da9d24400c70c470f581b0269d0323afe4fee1e941c27ea31f |
C:\Windows\{558D66EA-34A4-426e-A7BB-6E728C6A0712}.exe
| MD5 | 2497466caab534f89f8df00398c9f42b |
| SHA1 | 5abb0260b3041f4e7abb026c79aada6b17adcecc |
| SHA256 | 6c1e2ccdca6cb783e31d0283d061842345329b028df00be04dd6fa01d399f5e7 |
| SHA512 | e521fd7de442bff2ee20b275397e71dcb46079c99ff79040c7be5a1ea4f5b578b8c2a01cf88f17d040d02d8938aff945e819382c557f75921da27549990752b7 |
C:\Windows\{EFC84F65-B632-4c1a-96B7-E1E529832E55}.exe
| MD5 | 78f6e86f4ad600d4760dc1b8b95b640d |
| SHA1 | 3187b172307de9c91049366f82ba1178801ed67c |
| SHA256 | 61833cf64da0c8e940d25429994c6f1aa6c6bbc33de4c1662239f2a933c6d34a |
| SHA512 | 1226dc7c201ecfa85954e29da61833e80e82f19848e4137eb2e5000464a479cf79c37946845cfeee44d0c9feff1bc1798f45ed664383380426dbc118e38529a5 |
C:\Windows\{B17A416D-A83C-4226-BD76-03C874EED344}.exe
| MD5 | 5a2182df51dcdc9373e80db8898774b3 |
| SHA1 | 9bd01b4ef25721dacc17bc6c8bbf5d82b573169e |
| SHA256 | e55c9e1f281d321f9dfe6176ade0c1615339551b58faa152219792cc8d101e3d |
| SHA512 | e72c750acb6606c837b1e1504824400da4b512656b5806ce2d965a5f08adaa496d871fb10ae1467d7b79586ff48132bcfc8fa0492b192c0fe6cee0f12c070c2c |
C:\Windows\{729AD2D4-5B03-4c9a-BE05-7D72620D03E9}.exe
| MD5 | fa906f0320cd43ca254b88858ea380bb |
| SHA1 | 66ef744ef0702a04b61a847277790e3b606c91af |
| SHA256 | 5b4ec02fc08942aafe18aba8dc678d746d0db5a2c61edf5472ffa521b52cf385 |
| SHA512 | 0aa5ca3976572d857cfb7eba254f5ff22fa862ff5dd68ebf23f0193973cbc43e997bad54986ac75df07a726c5146d84c7a5a376b0338082c79cf7d9f9a1adb80 |
C:\Windows\{06ADE9DB-E4B5-443d-8186-F20B9B77C05B}.exe
| MD5 | f8cdaed21a8b002179a39d0ff888dfd7 |
| SHA1 | 9c48eb0f44ae3dfc12b5a73909235205285fbef8 |
| SHA256 | 177c9fa341083b4100f70e1528718ba0fd5fe95e5751a3f11fbccdf9a742ff43 |
| SHA512 | 8777ae8d97445b78a7de9b1fec648a3625e99a1b6d27e59ac15a43d32c1a22dc653d1e9d56148041599fdab96c392860cd871ff1761629a2367f837a6c988193 |
C:\Windows\{509598AB-4B3F-4e15-98CC-3A3C07E6D1DD}.exe
| MD5 | de2a3345e71bbfe2e1e0ae0e7117cb2b |
| SHA1 | e3e87fbc6ffeba0c27d8ec355d05f03870e4206b |
| SHA256 | d9cd32e79b9252c7de95008894c36f5156ded46e9f11cc37d03995a47c65da0b |
| SHA512 | cd365f548a507bc2ebf31041a71d2da2d9f02965bc83cf89538b533073cdc033ac2f5d1cc554478087b8b658ef160534105ffa51c37d81bc7880eabbb416593b |
C:\Windows\{77CB8FBD-1CFD-498a-AA1E-485ED95732A2}.exe
| MD5 | 38840202eda6e5361a340efc55616d22 |
| SHA1 | 5c604014c232c5341ee604af65bcb7b4e22ce470 |
| SHA256 | a48cd787ce82587c64974a523fedd97accd142adcde15aba9acb4c2411c0b579 |
| SHA512 | ea8d6db81bd06bae687c9998f253a806aca1fcb1b8a8c6388d1a1a632e5977ef28e06ee14c53eea92b69e23f2f2d5361e0bf6ae18985b067d04e4099a285a61a |
C:\Windows\{3DCD6A6F-9AD3-40b9-A55B-25B232A46B49}.exe
| MD5 | c60865db9dc7cec55eeb4b031cb623bb |
| SHA1 | 3793a5776ac32e42dd0137c511f01499b19acf31 |
| SHA256 | 30d9918665979210ae8088b0b8917a2587c8134f47395e6c91972c5bf43b7108 |
| SHA512 | 03d285b39ecb30618418e55aa2a11596a823f783d1cb0b5b288297f150b61d477f7f5b6c157fc31b797c9d866396122a732480f93c93371eefc5de670f928270 |
C:\Windows\{F1A754E4-E0CD-4a63-8965-AEF17971FB57}.exe
| MD5 | f1bc830f25b0209f05e65544de850fbc |
| SHA1 | 71cc48993ad9abfaea655e3141f8c114c8719529 |
| SHA256 | f68e6701bea65de2e7f2a6a4a7ef94848527a1a142123c56f9ae8cd2283ccd71 |
| SHA512 | d33d9dea7cb7ed742da7e4c73da874899acd1961f383b10eabf5fa66a1f13f0520375e62942be99986d2c4e7c87b3222cab7188dd4ae7cc7a50a2c96e38a3990 |
C:\Windows\{CC2EB825-DCB5-4f93-AE85-DE25677523EA}.exe
| MD5 | 81320bdc8cbc7973873ef338cb7066d1 |
| SHA1 | 6bfb3cb89e056fa6385b67e42a4f77c0cda4827f |
| SHA256 | 1cd7d72d316024796e93e2f8ea848dd456063f3e572d0fb9507c6e94470911bb |
| SHA512 | 71fa3d276fb20ceaeb1211458ca5e1fa331244ebd42c8edbfac57af81ceb6b978c02a1334e82215b5400c5e32d2cb6875c092c3e040e0d11325a5df8c4584b37 |