Analysis Overview
SHA256
2da291a4b4ede9f5a03b2c37df6a043eed126b6c3a488c3edf8e7f086dfc1ebb
Threat Level: Known bad
The file 2024-03-02_6f7eefc4dcc19cf96d504a8d70f186ec_goldeneye was found to be: Known bad.
Malicious Activity Summary
Auto-generated rule
Auto-generated rule
Modifies Installed Components in the registry
Deletes itself
Executes dropped EXE
Drops file in Windows directory
Unsigned PE
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-03-02 23:28
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-03-02 23:28
Reported
2024-03-02 23:31
Platform
win7-20240221-en
Max time kernel
144s
Max time network
120s
Command Line
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{3BAB292B-37D4-4a40-A991-BF1E66A2B64E} | C:\Windows\{72B34DD3-3981-4fde-BF93-04F022FB8A36}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{F729A74C-CE76-42bf-8133-64095F4D1408}\stubpath = "C:\\Windows\\{F729A74C-CE76-42bf-8133-64095F4D1408}.exe" | C:\Windows\{3BAB292B-37D4-4a40-A991-BF1E66A2B64E}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{76E4DC1C-58EB-4c44-A8A1-439F6519BBDA} | C:\Windows\{F729A74C-CE76-42bf-8133-64095F4D1408}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{2DC5C1B5-A4BC-4563-8E5F-11084B8A2AC6}\stubpath = "C:\\Windows\\{2DC5C1B5-A4BC-4563-8E5F-11084B8A2AC6}.exe" | C:\Windows\{47FFF679-D305-4e81-921B-46B1BF473518}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{72B34DD3-3981-4fde-BF93-04F022FB8A36}\stubpath = "C:\\Windows\\{72B34DD3-3981-4fde-BF93-04F022FB8A36}.exe" | C:\Windows\{C9E7AEEF-E853-4415-9076-31F6E421E2E3}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{76E4DC1C-58EB-4c44-A8A1-439F6519BBDA}\stubpath = "C:\\Windows\\{76E4DC1C-58EB-4c44-A8A1-439F6519BBDA}.exe" | C:\Windows\{F729A74C-CE76-42bf-8133-64095F4D1408}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{096C2CE5-078E-4ab5-8108-63C14835295F} | C:\Users\Admin\AppData\Local\Temp\2024-03-02_6f7eefc4dcc19cf96d504a8d70f186ec_goldeneye.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{F729A74C-CE76-42bf-8133-64095F4D1408} | C:\Windows\{3BAB292B-37D4-4a40-A991-BF1E66A2B64E}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{2307504F-A577-4294-991D-2D5167107C7D} | C:\Windows\{2DC5C1B5-A4BC-4563-8E5F-11084B8A2AC6}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{2307504F-A577-4294-991D-2D5167107C7D}\stubpath = "C:\\Windows\\{2307504F-A577-4294-991D-2D5167107C7D}.exe" | C:\Windows\{2DC5C1B5-A4BC-4563-8E5F-11084B8A2AC6}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{72B34DD3-3981-4fde-BF93-04F022FB8A36} | C:\Windows\{C9E7AEEF-E853-4415-9076-31F6E421E2E3}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{3BAB292B-37D4-4a40-A991-BF1E66A2B64E}\stubpath = "C:\\Windows\\{3BAB292B-37D4-4a40-A991-BF1E66A2B64E}.exe" | C:\Windows\{72B34DD3-3981-4fde-BF93-04F022FB8A36}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{D515D68B-A213-4574-8B90-6E8AC15AFA1F} | C:\Windows\{76E4DC1C-58EB-4c44-A8A1-439F6519BBDA}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{D515D68B-A213-4574-8B90-6E8AC15AFA1F}\stubpath = "C:\\Windows\\{D515D68B-A213-4574-8B90-6E8AC15AFA1F}.exe" | C:\Windows\{76E4DC1C-58EB-4c44-A8A1-439F6519BBDA}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{47FFF679-D305-4e81-921B-46B1BF473518}\stubpath = "C:\\Windows\\{47FFF679-D305-4e81-921B-46B1BF473518}.exe" | C:\Windows\{096C2CE5-078E-4ab5-8108-63C14835295F}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{2DC5C1B5-A4BC-4563-8E5F-11084B8A2AC6} | C:\Windows\{47FFF679-D305-4e81-921B-46B1BF473518}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{C27768E8-A198-413d-9656-A6E89BDEFA6C} | C:\Windows\{2307504F-A577-4294-991D-2D5167107C7D}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{C27768E8-A198-413d-9656-A6E89BDEFA6C}\stubpath = "C:\\Windows\\{C27768E8-A198-413d-9656-A6E89BDEFA6C}.exe" | C:\Windows\{2307504F-A577-4294-991D-2D5167107C7D}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{C9E7AEEF-E853-4415-9076-31F6E421E2E3} | C:\Windows\{C27768E8-A198-413d-9656-A6E89BDEFA6C}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{C9E7AEEF-E853-4415-9076-31F6E421E2E3}\stubpath = "C:\\Windows\\{C9E7AEEF-E853-4415-9076-31F6E421E2E3}.exe" | C:\Windows\{C27768E8-A198-413d-9656-A6E89BDEFA6C}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{096C2CE5-078E-4ab5-8108-63C14835295F}\stubpath = "C:\\Windows\\{096C2CE5-078E-4ab5-8108-63C14835295F}.exe" | C:\Users\Admin\AppData\Local\Temp\2024-03-02_6f7eefc4dcc19cf96d504a8d70f186ec_goldeneye.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{47FFF679-D305-4e81-921B-46B1BF473518} | C:\Windows\{096C2CE5-078E-4ab5-8108-63C14835295F}.exe | N/A |
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\cmd.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\{096C2CE5-078E-4ab5-8108-63C14835295F}.exe | N/A |
| N/A | N/A | C:\Windows\{47FFF679-D305-4e81-921B-46B1BF473518}.exe | N/A |
| N/A | N/A | C:\Windows\{2DC5C1B5-A4BC-4563-8E5F-11084B8A2AC6}.exe | N/A |
| N/A | N/A | C:\Windows\{2307504F-A577-4294-991D-2D5167107C7D}.exe | N/A |
| N/A | N/A | C:\Windows\{C27768E8-A198-413d-9656-A6E89BDEFA6C}.exe | N/A |
| N/A | N/A | C:\Windows\{C9E7AEEF-E853-4415-9076-31F6E421E2E3}.exe | N/A |
| N/A | N/A | C:\Windows\{72B34DD3-3981-4fde-BF93-04F022FB8A36}.exe | N/A |
| N/A | N/A | C:\Windows\{3BAB292B-37D4-4a40-A991-BF1E66A2B64E}.exe | N/A |
| N/A | N/A | C:\Windows\{F729A74C-CE76-42bf-8133-64095F4D1408}.exe | N/A |
| N/A | N/A | C:\Windows\{76E4DC1C-58EB-4c44-A8A1-439F6519BBDA}.exe | N/A |
| N/A | N/A | C:\Windows\{D515D68B-A213-4574-8B90-6E8AC15AFA1F}.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\{C27768E8-A198-413d-9656-A6E89BDEFA6C}.exe | C:\Windows\{2307504F-A577-4294-991D-2D5167107C7D}.exe | N/A |
| File created | C:\Windows\{C9E7AEEF-E853-4415-9076-31F6E421E2E3}.exe | C:\Windows\{C27768E8-A198-413d-9656-A6E89BDEFA6C}.exe | N/A |
| File created | C:\Windows\{76E4DC1C-58EB-4c44-A8A1-439F6519BBDA}.exe | C:\Windows\{F729A74C-CE76-42bf-8133-64095F4D1408}.exe | N/A |
| File created | C:\Windows\{D515D68B-A213-4574-8B90-6E8AC15AFA1F}.exe | C:\Windows\{76E4DC1C-58EB-4c44-A8A1-439F6519BBDA}.exe | N/A |
| File created | C:\Windows\{096C2CE5-078E-4ab5-8108-63C14835295F}.exe | C:\Users\Admin\AppData\Local\Temp\2024-03-02_6f7eefc4dcc19cf96d504a8d70f186ec_goldeneye.exe | N/A |
| File created | C:\Windows\{47FFF679-D305-4e81-921B-46B1BF473518}.exe | C:\Windows\{096C2CE5-078E-4ab5-8108-63C14835295F}.exe | N/A |
| File created | C:\Windows\{2DC5C1B5-A4BC-4563-8E5F-11084B8A2AC6}.exe | C:\Windows\{47FFF679-D305-4e81-921B-46B1BF473518}.exe | N/A |
| File created | C:\Windows\{F729A74C-CE76-42bf-8133-64095F4D1408}.exe | C:\Windows\{3BAB292B-37D4-4a40-A991-BF1E66A2B64E}.exe | N/A |
| File created | C:\Windows\{2307504F-A577-4294-991D-2D5167107C7D}.exe | C:\Windows\{2DC5C1B5-A4BC-4563-8E5F-11084B8A2AC6}.exe | N/A |
| File created | C:\Windows\{72B34DD3-3981-4fde-BF93-04F022FB8A36}.exe | C:\Windows\{C9E7AEEF-E853-4415-9076-31F6E421E2E3}.exe | N/A |
| File created | C:\Windows\{3BAB292B-37D4-4a40-A991-BF1E66A2B64E}.exe | C:\Windows\{72B34DD3-3981-4fde-BF93-04F022FB8A36}.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-03-02_6f7eefc4dcc19cf96d504a8d70f186ec_goldeneye.exe
"C:\Users\Admin\AppData\Local\Temp\2024-03-02_6f7eefc4dcc19cf96d504a8d70f186ec_goldeneye.exe"
C:\Windows\{096C2CE5-078E-4ab5-8108-63C14835295F}.exe
C:\Windows\{096C2CE5-078E-4ab5-8108-63C14835295F}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
C:\Windows\{47FFF679-D305-4e81-921B-46B1BF473518}.exe
C:\Windows\{47FFF679-D305-4e81-921B-46B1BF473518}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{096C2~1.EXE > nul
C:\Windows\{2DC5C1B5-A4BC-4563-8E5F-11084B8A2AC6}.exe
C:\Windows\{2DC5C1B5-A4BC-4563-8E5F-11084B8A2AC6}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{47FFF~1.EXE > nul
C:\Windows\{2307504F-A577-4294-991D-2D5167107C7D}.exe
C:\Windows\{2307504F-A577-4294-991D-2D5167107C7D}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{2DC5C~1.EXE > nul
C:\Windows\{C27768E8-A198-413d-9656-A6E89BDEFA6C}.exe
C:\Windows\{C27768E8-A198-413d-9656-A6E89BDEFA6C}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{23075~1.EXE > nul
C:\Windows\{C9E7AEEF-E853-4415-9076-31F6E421E2E3}.exe
C:\Windows\{C9E7AEEF-E853-4415-9076-31F6E421E2E3}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{C2776~1.EXE > nul
C:\Windows\{72B34DD3-3981-4fde-BF93-04F022FB8A36}.exe
C:\Windows\{72B34DD3-3981-4fde-BF93-04F022FB8A36}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{C9E7A~1.EXE > nul
C:\Windows\{3BAB292B-37D4-4a40-A991-BF1E66A2B64E}.exe
C:\Windows\{3BAB292B-37D4-4a40-A991-BF1E66A2B64E}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{72B34~1.EXE > nul
C:\Windows\{F729A74C-CE76-42bf-8133-64095F4D1408}.exe
C:\Windows\{F729A74C-CE76-42bf-8133-64095F4D1408}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{3BAB2~1.EXE > nul
C:\Windows\{76E4DC1C-58EB-4c44-A8A1-439F6519BBDA}.exe
C:\Windows\{76E4DC1C-58EB-4c44-A8A1-439F6519BBDA}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{F729A~1.EXE > nul
C:\Windows\{D515D68B-A213-4574-8B90-6E8AC15AFA1F}.exe
C:\Windows\{D515D68B-A213-4574-8B90-6E8AC15AFA1F}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{76E4D~1.EXE > nul
Network
Files
C:\Windows\{096C2CE5-078E-4ab5-8108-63C14835295F}.exe
| MD5 | 390c55ee0511099e04793ae981379888 |
| SHA1 | 75ed6d878afa9b03ef114b89b0ccc013d02651b5 |
| SHA256 | f9d2e5d639e990bd98e05d0a5497c20d067c21f64080877a381fa4c9a398a7c5 |
| SHA512 | 96762b4d1f1239ee9b4780152fe4bfe0b45847c157ec98f0f84a9f916c430b3cdb6582b88e6e2d99126f6d077266c382b87545976203ee7195b8ca09033daeee |
C:\Windows\{47FFF679-D305-4e81-921B-46B1BF473518}.exe
| MD5 | 0b122aeba2289aa68765b8c086c26956 |
| SHA1 | 4ae982a3844b145b5291c8fb89dc68b99ee75d17 |
| SHA256 | 99e52d0c25c2e1f21cfa1cfb8c1c9a271a5ccc892a78c8378d91dd034c0c5e14 |
| SHA512 | f1295767a0b9905dd3079f26abe30d334c7f24edc99685cee0b539df6f2645328d1011dbf28d224cabc8ea02f6709bc3d98f8a3449ca405e2ea4d12f62d1aa8b |
C:\Windows\{2DC5C1B5-A4BC-4563-8E5F-11084B8A2AC6}.exe
| MD5 | 68e970621a0b1749cbfdb6a330f3a9ec |
| SHA1 | b3c3c03f2da00206fe650311f1f9c0cbc7307701 |
| SHA256 | a86a207316b09004046001584543e036149d11c650e44bd4bf88b800aff21539 |
| SHA512 | 33dc6301924ebbf5a7ad277a379cc70f16c59734e7240aa4681f3fc0ac4a481c7bc6a63bd91cdc3632ea75f0a2a3218838cc774a1ef9f2d1b54b80684f7d39bc |
C:\Windows\{2307504F-A577-4294-991D-2D5167107C7D}.exe
| MD5 | fb4ed78d30e1c05b6708f72ae907af2e |
| SHA1 | f35d3c787dcaeceb7cd5d5f84eca33389f5b22cc |
| SHA256 | 6c6104a0805c3d1161e895ac00699e22823a6789f12934c23a3ff7777835e6a4 |
| SHA512 | eab8cb6fc4ee5fd1dac8a310a72474911e660f29054ceeecdfd1c572c184fcfac4c65d7d3c1d6225afa4f42c3d9f5ff7c2b6ad66fb9aca3bef027f14e68c1c81 |
C:\Windows\{C27768E8-A198-413d-9656-A6E89BDEFA6C}.exe
| MD5 | def19c364ba04e14c7adcf121ccee287 |
| SHA1 | ce072c658498784ddf8fc7f3147d02b6290bad44 |
| SHA256 | 6554e12264aff64eaeeb35f18a520e2569b08befe01d620c13543ea79811ef1f |
| SHA512 | fe4d11585e6a0b3271ee94ddfc230d6dd942022f7ec80d4559412836487190c413a5d460f6f7caf1113b12115b860b4e6d0fed483a42d704e7ddbf22932c53d3 |
C:\Windows\{C9E7AEEF-E853-4415-9076-31F6E421E2E3}.exe
| MD5 | 262a8824af97263fcfc4ecaddd5d196e |
| SHA1 | 75a8ad134b466bad9eaaa73f1cd83339a5f894e0 |
| SHA256 | dcb64cdce056e17c43af3aa9ead868175bad4f363b4b76e2813b2cc3ba7eff2d |
| SHA512 | 5a4b083abc98eeed509044730d16d0b33310a96b4792f1d2ebcfb40aefcc10bbe44757ec7994ab48539a6fa7193d7322e11e23bca48ade6f7de12492808a9904 |
C:\Windows\{72B34DD3-3981-4fde-BF93-04F022FB8A36}.exe
| MD5 | e28bbf67be1dda490cb2ba2ab2c98a1a |
| SHA1 | 44ba096787de53d56fee869b311537ced7a7d131 |
| SHA256 | 710c96a2288a543dbb76332b796c16cf4af76d3a6779a95db4471808cc77a5c4 |
| SHA512 | ad3a249ce4f4557746f1f7a620c1a0876b8b14c705ca9c15fae2f7ebd1cfe1df96ad21dbc1637e1097244fc2107d3db0ae586c55d9840cb55ca9f4cd3338b38e |
C:\Windows\{3BAB292B-37D4-4a40-A991-BF1E66A2B64E}.exe
| MD5 | 2a2f6f4f3f464d8d48c7530ff2b50793 |
| SHA1 | 0cf16e6b9075f74b87f628fb2eb360de7ac6c63b |
| SHA256 | 37d2708b17c3472a1da270fce99fcddcc9b1013b91683ea415055ed6235d3c81 |
| SHA512 | 15da7985db99aba74ba6a4e0c6bfafc061391d2c745c3ae248f6fe68cb6af128512e20bd02c59d18958c79415775069484ddc337a790aa7820dc30d0686308e5 |
C:\Windows\{F729A74C-CE76-42bf-8133-64095F4D1408}.exe
| MD5 | 4ff33fb26b61da49e83fe406d51a8982 |
| SHA1 | 07604d582437ac09de6aeae0e1ecd156de5febfd |
| SHA256 | 614b933bd78930ae1d838fe41b6726ffc274d68cefd722f54013a3ea0670aaeb |
| SHA512 | e1a68f50daee46f9db7ee7b8bfc14268f368229c542efdec965d0a42462a1793f1c57a617caec49c0242c6a8cff42066053bed54152221c2b163cff47600d83e |
C:\Windows\{76E4DC1C-58EB-4c44-A8A1-439F6519BBDA}.exe
| MD5 | d02898c4cd0cb0e4ea21e91cf478649f |
| SHA1 | 2d375d28672be069c5e271665ae21da9018c9a55 |
| SHA256 | c4520bd43438daa2de7df765d96476e00d16d38ad7e52dcf9c240490302f9aa1 |
| SHA512 | 215a674ed280ae67036fd2bf43bd91f748ed99b76a4ec00d2b2f5b984a250ada3e2e42efbf28bdf9143a0a2ce8d7557b6e5aee1ec061969965e2dfb3deaaca8b |
C:\Windows\{D515D68B-A213-4574-8B90-6E8AC15AFA1F}.exe
| MD5 | 612b6b96bcd5a76e7acee8288e5dc76d |
| SHA1 | 9a44636d7852d5c5cf2a1234b77f701640349542 |
| SHA256 | 30b5641ae34c4063450513675a8e1422e26d1182dbcb42afef01e22d34f26304 |
| SHA512 | ca94e93d549b08e78589b692efc6716427cb19e3cea56dfb54403792b14a9a70c724f539bf8138586c77c0758975cdb3b91cab07954f88dcf30274837fcd6edb |
Analysis: behavioral2
Detonation Overview
Submitted
2024-03-02 23:28
Reported
2024-03-02 23:31
Platform
win10v2004-20240226-en
Max time kernel
149s
Max time network
125s
Command Line
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{FF60991A-0B2A-4aaa-BEE4-345B87BF6463} | C:\Windows\{4230D073-77CD-453c-A048-C265E7B6C88C}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{265103C9-430B-4f0a-9818-6BD7EE838406} | C:\Windows\{FF60991A-0B2A-4aaa-BEE4-345B87BF6463}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{0D459E8F-EFC5-41fc-9915-E7DFB0CBBE6C} | C:\Windows\{B702087A-6271-48e1-B654-048916612255}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{61D0E909-6E6C-4dc0-9649-8352FB05D048} | C:\Windows\{A74D6168-E472-442b-AFA7-3A3270527283}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{6033F77B-1201-4192-9A20-4578E4AC9D91} | C:\Windows\{A3B7FFF7-35E2-438d-8CD6-655C2B39A951}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{0D459E8F-EFC5-41fc-9915-E7DFB0CBBE6C}\stubpath = "C:\\Windows\\{0D459E8F-EFC5-41fc-9915-E7DFB0CBBE6C}.exe" | C:\Windows\{B702087A-6271-48e1-B654-048916612255}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{96B07A12-BBB8-47c0-B2C6-504FB8EDF56F}\stubpath = "C:\\Windows\\{96B07A12-BBB8-47c0-B2C6-504FB8EDF56F}.exe" | C:\Windows\{0D459E8F-EFC5-41fc-9915-E7DFB0CBBE6C}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{61D0E909-6E6C-4dc0-9649-8352FB05D048}\stubpath = "C:\\Windows\\{61D0E909-6E6C-4dc0-9649-8352FB05D048}.exe" | C:\Windows\{A74D6168-E472-442b-AFA7-3A3270527283}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{EB9947C9-53B0-48ce-BEC3-0F6418F63653}\stubpath = "C:\\Windows\\{EB9947C9-53B0-48ce-BEC3-0F6418F63653}.exe" | C:\Windows\{61D0E909-6E6C-4dc0-9649-8352FB05D048}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{A3B7FFF7-35E2-438d-8CD6-655C2B39A951} | C:\Users\Admin\AppData\Local\Temp\2024-03-02_6f7eefc4dcc19cf96d504a8d70f186ec_goldeneye.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{A3B7FFF7-35E2-438d-8CD6-655C2B39A951}\stubpath = "C:\\Windows\\{A3B7FFF7-35E2-438d-8CD6-655C2B39A951}.exe" | C:\Users\Admin\AppData\Local\Temp\2024-03-02_6f7eefc4dcc19cf96d504a8d70f186ec_goldeneye.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{9CBF6982-3869-43b0-821D-45007428D1F7} | C:\Windows\{265103C9-430B-4f0a-9818-6BD7EE838406}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{A74D6168-E472-442b-AFA7-3A3270527283}\stubpath = "C:\\Windows\\{A74D6168-E472-442b-AFA7-3A3270527283}.exe" | C:\Windows\{96B07A12-BBB8-47c0-B2C6-504FB8EDF56F}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{4230D073-77CD-453c-A048-C265E7B6C88C}\stubpath = "C:\\Windows\\{4230D073-77CD-453c-A048-C265E7B6C88C}.exe" | C:\Windows\{EB9947C9-53B0-48ce-BEC3-0F6418F63653}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{B702087A-6271-48e1-B654-048916612255}\stubpath = "C:\\Windows\\{B702087A-6271-48e1-B654-048916612255}.exe" | C:\Windows\{6033F77B-1201-4192-9A20-4578E4AC9D91}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{96B07A12-BBB8-47c0-B2C6-504FB8EDF56F} | C:\Windows\{0D459E8F-EFC5-41fc-9915-E7DFB0CBBE6C}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{A74D6168-E472-442b-AFA7-3A3270527283} | C:\Windows\{96B07A12-BBB8-47c0-B2C6-504FB8EDF56F}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{EB9947C9-53B0-48ce-BEC3-0F6418F63653} | C:\Windows\{61D0E909-6E6C-4dc0-9649-8352FB05D048}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{4230D073-77CD-453c-A048-C265E7B6C88C} | C:\Windows\{EB9947C9-53B0-48ce-BEC3-0F6418F63653}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{FF60991A-0B2A-4aaa-BEE4-345B87BF6463}\stubpath = "C:\\Windows\\{FF60991A-0B2A-4aaa-BEE4-345B87BF6463}.exe" | C:\Windows\{4230D073-77CD-453c-A048-C265E7B6C88C}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{6033F77B-1201-4192-9A20-4578E4AC9D91}\stubpath = "C:\\Windows\\{6033F77B-1201-4192-9A20-4578E4AC9D91}.exe" | C:\Windows\{A3B7FFF7-35E2-438d-8CD6-655C2B39A951}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{B702087A-6271-48e1-B654-048916612255} | C:\Windows\{6033F77B-1201-4192-9A20-4578E4AC9D91}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{265103C9-430B-4f0a-9818-6BD7EE838406}\stubpath = "C:\\Windows\\{265103C9-430B-4f0a-9818-6BD7EE838406}.exe" | C:\Windows\{FF60991A-0B2A-4aaa-BEE4-345B87BF6463}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{9CBF6982-3869-43b0-821D-45007428D1F7}\stubpath = "C:\\Windows\\{9CBF6982-3869-43b0-821D-45007428D1F7}.exe" | C:\Windows\{265103C9-430B-4f0a-9818-6BD7EE838406}.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\{A3B7FFF7-35E2-438d-8CD6-655C2B39A951}.exe | N/A |
| N/A | N/A | C:\Windows\{6033F77B-1201-4192-9A20-4578E4AC9D91}.exe | N/A |
| N/A | N/A | C:\Windows\{B702087A-6271-48e1-B654-048916612255}.exe | N/A |
| N/A | N/A | C:\Windows\{0D459E8F-EFC5-41fc-9915-E7DFB0CBBE6C}.exe | N/A |
| N/A | N/A | C:\Windows\{96B07A12-BBB8-47c0-B2C6-504FB8EDF56F}.exe | N/A |
| N/A | N/A | C:\Windows\{A74D6168-E472-442b-AFA7-3A3270527283}.exe | N/A |
| N/A | N/A | C:\Windows\{61D0E909-6E6C-4dc0-9649-8352FB05D048}.exe | N/A |
| N/A | N/A | C:\Windows\{EB9947C9-53B0-48ce-BEC3-0F6418F63653}.exe | N/A |
| N/A | N/A | C:\Windows\{4230D073-77CD-453c-A048-C265E7B6C88C}.exe | N/A |
| N/A | N/A | C:\Windows\{FF60991A-0B2A-4aaa-BEE4-345B87BF6463}.exe | N/A |
| N/A | N/A | C:\Windows\{265103C9-430B-4f0a-9818-6BD7EE838406}.exe | N/A |
| N/A | N/A | C:\Windows\{9CBF6982-3869-43b0-821D-45007428D1F7}.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\{A74D6168-E472-442b-AFA7-3A3270527283}.exe | C:\Windows\{96B07A12-BBB8-47c0-B2C6-504FB8EDF56F}.exe | N/A |
| File created | C:\Windows\{EB9947C9-53B0-48ce-BEC3-0F6418F63653}.exe | C:\Windows\{61D0E909-6E6C-4dc0-9649-8352FB05D048}.exe | N/A |
| File created | C:\Windows\{265103C9-430B-4f0a-9818-6BD7EE838406}.exe | C:\Windows\{FF60991A-0B2A-4aaa-BEE4-345B87BF6463}.exe | N/A |
| File created | C:\Windows\{9CBF6982-3869-43b0-821D-45007428D1F7}.exe | C:\Windows\{265103C9-430B-4f0a-9818-6BD7EE838406}.exe | N/A |
| File created | C:\Windows\{A3B7FFF7-35E2-438d-8CD6-655C2B39A951}.exe | C:\Users\Admin\AppData\Local\Temp\2024-03-02_6f7eefc4dcc19cf96d504a8d70f186ec_goldeneye.exe | N/A |
| File created | C:\Windows\{6033F77B-1201-4192-9A20-4578E4AC9D91}.exe | C:\Windows\{A3B7FFF7-35E2-438d-8CD6-655C2B39A951}.exe | N/A |
| File created | C:\Windows\{B702087A-6271-48e1-B654-048916612255}.exe | C:\Windows\{6033F77B-1201-4192-9A20-4578E4AC9D91}.exe | N/A |
| File created | C:\Windows\{96B07A12-BBB8-47c0-B2C6-504FB8EDF56F}.exe | C:\Windows\{0D459E8F-EFC5-41fc-9915-E7DFB0CBBE6C}.exe | N/A |
| File created | C:\Windows\{0D459E8F-EFC5-41fc-9915-E7DFB0CBBE6C}.exe | C:\Windows\{B702087A-6271-48e1-B654-048916612255}.exe | N/A |
| File created | C:\Windows\{61D0E909-6E6C-4dc0-9649-8352FB05D048}.exe | C:\Windows\{A74D6168-E472-442b-AFA7-3A3270527283}.exe | N/A |
| File created | C:\Windows\{4230D073-77CD-453c-A048-C265E7B6C88C}.exe | C:\Windows\{EB9947C9-53B0-48ce-BEC3-0F6418F63653}.exe | N/A |
| File created | C:\Windows\{FF60991A-0B2A-4aaa-BEE4-345B87BF6463}.exe | C:\Windows\{4230D073-77CD-453c-A048-C265E7B6C88C}.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-03-02_6f7eefc4dcc19cf96d504a8d70f186ec_goldeneye.exe
"C:\Users\Admin\AppData\Local\Temp\2024-03-02_6f7eefc4dcc19cf96d504a8d70f186ec_goldeneye.exe"
C:\Windows\{A3B7FFF7-35E2-438d-8CD6-655C2B39A951}.exe
C:\Windows\{A3B7FFF7-35E2-438d-8CD6-655C2B39A951}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
C:\Windows\{6033F77B-1201-4192-9A20-4578E4AC9D91}.exe
C:\Windows\{6033F77B-1201-4192-9A20-4578E4AC9D91}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{A3B7F~1.EXE > nul
C:\Windows\{B702087A-6271-48e1-B654-048916612255}.exe
C:\Windows\{B702087A-6271-48e1-B654-048916612255}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{6033F~1.EXE > nul
C:\Windows\{0D459E8F-EFC5-41fc-9915-E7DFB0CBBE6C}.exe
C:\Windows\{0D459E8F-EFC5-41fc-9915-E7DFB0CBBE6C}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{B7020~1.EXE > nul
C:\Windows\{96B07A12-BBB8-47c0-B2C6-504FB8EDF56F}.exe
C:\Windows\{96B07A12-BBB8-47c0-B2C6-504FB8EDF56F}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{0D459~1.EXE > nul
C:\Windows\{A74D6168-E472-442b-AFA7-3A3270527283}.exe
C:\Windows\{A74D6168-E472-442b-AFA7-3A3270527283}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{96B07~1.EXE > nul
C:\Windows\{61D0E909-6E6C-4dc0-9649-8352FB05D048}.exe
C:\Windows\{61D0E909-6E6C-4dc0-9649-8352FB05D048}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{A74D6~1.EXE > nul
C:\Windows\{EB9947C9-53B0-48ce-BEC3-0F6418F63653}.exe
C:\Windows\{EB9947C9-53B0-48ce-BEC3-0F6418F63653}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{61D0E~1.EXE > nul
C:\Windows\{4230D073-77CD-453c-A048-C265E7B6C88C}.exe
C:\Windows\{4230D073-77CD-453c-A048-C265E7B6C88C}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{EB994~1.EXE > nul
C:\Windows\{FF60991A-0B2A-4aaa-BEE4-345B87BF6463}.exe
C:\Windows\{FF60991A-0B2A-4aaa-BEE4-345B87BF6463}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{4230D~1.EXE > nul
C:\Windows\{265103C9-430B-4f0a-9818-6BD7EE838406}.exe
C:\Windows\{265103C9-430B-4f0a-9818-6BD7EE838406}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{FF609~1.EXE > nul
C:\Windows\{9CBF6982-3869-43b0-821D-45007428D1F7}.exe
C:\Windows\{9CBF6982-3869-43b0-821D-45007428D1F7}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{26510~1.EXE > nul
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 22.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.200:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.228.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.110.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.223.142.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.71.91.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.204.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
Files
C:\Windows\{A3B7FFF7-35E2-438d-8CD6-655C2B39A951}.exe
| MD5 | 5b9430a139ecaee61573ebe8426f5eb5 |
| SHA1 | 04ed75c542a4307bc498c60512b1ae7adba5adef |
| SHA256 | fb40a326f6845a378db2cb744f565683764f8fc35048fdca0079c2b9379b3241 |
| SHA512 | e06c8ce49678d21634d9c0131cd21d37d3765dd45aaca01040ae5b06f547dbc08d9f780ea04695f172a1735844c09d2e11434e4cb427843dadd181037486290b |
C:\Windows\{6033F77B-1201-4192-9A20-4578E4AC9D91}.exe
| MD5 | f15b33461ac9a83eed236f5b934cbe22 |
| SHA1 | 78c7ff3c060461b78f41de81336a487cf6cf0362 |
| SHA256 | e7c82ed7d0bfec120b2cc07137173f6829278b9e8c881eb62bda5c8c220c9a09 |
| SHA512 | 24e82333016f3b5f5d8edbf6c91c4782e6e6c67ad8d0c561ed1978b2faa923d6601048740bfac1fb05049c14faa57416a621d14feae07f4721c255ba7c473026 |
C:\Windows\{B702087A-6271-48e1-B654-048916612255}.exe
| MD5 | 245269caefdf73472f343bb76da7555f |
| SHA1 | c507c40d01457f68524c6618d7bbff671c54f7ab |
| SHA256 | def68294b8101d9f07f69ebf48249d07bad9236cba1e07d1a3358d242d64d164 |
| SHA512 | 18b8e0b3ad3763d4aa841d9b48748dda7c257287521159488c01bf4b4c76260043905d9bd2ccd1169adf961a992d86bb21a06a568491bae0739117c9fabdf76c |
C:\Windows\{0D459E8F-EFC5-41fc-9915-E7DFB0CBBE6C}.exe
| MD5 | 5237f6b7b6b7821e06a3edd0833d3bc2 |
| SHA1 | 11401acec1301eaf901d0f8b6bc7486cf3d2953e |
| SHA256 | af4e806a5a956bec46189c188ac230926d2aeb49063051ef5c263ebfc0c015a7 |
| SHA512 | fadcc8a9fcdd3453333d6a5442bf1a1fc76eb646420d1196b9ddfe5fc126823e942a282181e850bb2276419bd0e8f3512538fd6240d85ffa8201a696e146f98f |
C:\Windows\{96B07A12-BBB8-47c0-B2C6-504FB8EDF56F}.exe
| MD5 | 4c200c84ba34def1fe624f14731ae243 |
| SHA1 | 4830ad5d634f74b543430ef2288fe2b7b27f2693 |
| SHA256 | 75205987d26d568bca19e39b80fd67172ee932d023e46bffd1fcd09c7dbffdd4 |
| SHA512 | 0aff53eaad68eeaa56fa57cfe903cf219ac3c63d38aed0120dded0e18f63a2c4d8245b133b4d12366255c9b8ad0f593060cdd2bd89b917f846c46411e053e185 |
C:\Windows\{A74D6168-E472-442b-AFA7-3A3270527283}.exe
| MD5 | 47882488cf23c1702a8cd47c00178f9f |
| SHA1 | a403275e4be5b321aeb45309a67cb8b670690680 |
| SHA256 | 9ad99cfc1d83f99ddb0d50e9869b5c1229e772ec278f6ec6886dfe8958c6ba81 |
| SHA512 | 11fd836f4046fef617c84ac7ea9d85da87fd684e59f95f951895d85b162783b85f4415e8e2a3f4503cafdc7ddb3dd90313bcb495a9e1677b74217926e6a762a7 |
C:\Windows\{61D0E909-6E6C-4dc0-9649-8352FB05D048}.exe
| MD5 | b4758265a1bcb744da59142f4f21fb10 |
| SHA1 | d27bbef5ea913b5dbd6ae44bb21b1263f94e20e3 |
| SHA256 | 60583ddb6f0a12b0fb0e6bf17b83f700e502c88ba0fcfa15d960cff67838ff41 |
| SHA512 | 76b38b4497fbaf1f5bb419dd67c3262de6128c4a38b451d657b9f372a3f8b339997226c85a8e4817d44ed478c56549364379e12b1350e2cd1ad1b500ee49d2a9 |
C:\Windows\{EB9947C9-53B0-48ce-BEC3-0F6418F63653}.exe
| MD5 | b0ee43ceef85b06bb67e9c637f93e4b8 |
| SHA1 | f771e96685459ebf626e89960d3a99b0706c5fab |
| SHA256 | 6f588742d92ad5398bf463e75609bfd4bcbb4289e0eba1a7bda9a0eedf55dc1a |
| SHA512 | 3e4e5049b6316397bf64280e206f9701c5e7f4ae5a255ff5a191f6b9711566c421a921a67655f52519fe272f51f4be5a105b96122aa8d555aced69155b08c675 |
C:\Windows\{4230D073-77CD-453c-A048-C265E7B6C88C}.exe
| MD5 | 7b3964433f61b823c378e412c551c8b7 |
| SHA1 | 7d9e3e3096c1fae79809bbdffd48886db119b503 |
| SHA256 | fe4da07fd704ff8009f65865f14c6e699b088b20fa86ad1b2d2378f3a2128620 |
| SHA512 | fd0f217ccd26211dcc2e493dc194a3f0b33186582180af7ee6e26d92e15d98c5f7ade96d6206c0db5a0685cc2b0ec9c08198ef7c5c5f21dcc48d78e4825ce768 |
C:\Windows\{4230D073-77CD-453c-A048-C265E7B6C88C}.exe
| MD5 | fe2bc60abd87b30bd3b72e7889201c15 |
| SHA1 | 82bdd91ec15f5da8dbfbf2564fb9734d72bbba76 |
| SHA256 | c3b82ac77a18271b78b50bc644b604c49ed50ebca1e74ff1be5fd78010a52aa6 |
| SHA512 | 7169fc17e3f657b121b0c93b96c83f8c11acd5e6b05c2f32f85f6c21eeb8f9694f9529b142702545a05bc82d93710818c3ec17cd1f9801eebcad9ad771535c0e |
C:\Windows\{FF60991A-0B2A-4aaa-BEE4-345B87BF6463}.exe
| MD5 | 7ce1ec0c4a3b0dac191b0e5aa2433d4b |
| SHA1 | 6e9d809458224011bee3fd854ca1105373c14d10 |
| SHA256 | 1107f4f0be773b9becd8cbbb7b1734eb942ca446ab24df43dadfc2e8c4c45fee |
| SHA512 | f501f8aec54e166d2ee83d03010f5d37da9afc3a2917e59035ff31640f166dcff75fa6fe8db13bafc9f89410cf1ddc3b8e52944a89a89220bc9e3b6f9806df02 |
C:\Windows\{265103C9-430B-4f0a-9818-6BD7EE838406}.exe
| MD5 | f34b8409633dba039481280551fd4eeb |
| SHA1 | 4828820e77b10824de4fdc502bf5df29f380c269 |
| SHA256 | 711a1363101b5e4cc4f667e3be70b2d6b6b7ca97ab0e65da8dacc488498c6e62 |
| SHA512 | cf8ac527c04a127e7b62446e1bff6f84e35bbce20a179b9d36c56215b9e6964a0c985dab47c936e60673e537dd5babe09729f868084b4f78ad10a682f3985ce8 |
C:\Windows\{9CBF6982-3869-43b0-821D-45007428D1F7}.exe
| MD5 | 4f2de4f0cf46e93a4addfdd360be57b0 |
| SHA1 | 15d3e623ff339f6c4723af02608442c10205d70b |
| SHA256 | 71430d66ad0ca9578ea99dfb54168d702bcc39821643c0ee5fc2d914cc5e1715 |
| SHA512 | f88529cd96e04185ea09d2685f3a2cd0b8f432941f12a86c23c4979bc2b6256b8f99babe006066842fcdd3ae83c3e8216861ebbd83a5ff66a885bd7de4140e64 |