Analysis Overview
SHA256
e48951fb1eb66395f19027038718abafe06697d96adda70534ba15c0cc7ac7a8
Threat Level: Known bad
The file 2024-03-02_7700691d1d8ba6023d1d9bbaa3de7429_goldeneye was found to be: Known bad.
Malicious Activity Summary
Auto-generated rule
Auto-generated rule
Modifies Installed Components in the registry
Executes dropped EXE
Drops file in Windows directory
Unsigned PE
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-03-02 23:29
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-03-02 23:29
Reported
2024-03-02 23:32
Platform
win7-20240221-en
Max time kernel
144s
Max time network
122s
Command Line
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{37F3EAAB-F2ED-4213-B90B-D44501870BE2}\stubpath = "C:\\Windows\\{37F3EAAB-F2ED-4213-B90B-D44501870BE2}.exe" | C:\Windows\{2B711807-E5C6-40e7-8E6E-545C0E6DD8DD}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{82F7A9F5-36CD-494b-BC04-87214242FD5C} | C:\Windows\{37F3EAAB-F2ED-4213-B90B-D44501870BE2}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{8727761E-1900-4c91-8C05-DAE64E4FF6DF}\stubpath = "C:\\Windows\\{8727761E-1900-4c91-8C05-DAE64E4FF6DF}.exe" | C:\Windows\{E99C201A-19EC-4844-86F1-0BECA5B9BC23}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{C1D233E1-EBCA-4704-8BD7-1E505F2017CE}\stubpath = "C:\\Windows\\{C1D233E1-EBCA-4704-8BD7-1E505F2017CE}.exe" | C:\Windows\{4100C6FF-AEF9-40e0-A6A3-3F3B32614CCC}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{E99C201A-19EC-4844-86F1-0BECA5B9BC23} | C:\Windows\{82F7A9F5-36CD-494b-BC04-87214242FD5C}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{C1D233E1-EBCA-4704-8BD7-1E505F2017CE} | C:\Windows\{4100C6FF-AEF9-40e0-A6A3-3F3B32614CCC}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{FA6CC007-05F2-45ea-B99D-B62A183E437E}\stubpath = "C:\\Windows\\{FA6CC007-05F2-45ea-B99D-B62A183E437E}.exe" | C:\Windows\{C1D233E1-EBCA-4704-8BD7-1E505F2017CE}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{284D26C3-C78E-45bf-8836-211245AD58FD}\stubpath = "C:\\Windows\\{284D26C3-C78E-45bf-8836-211245AD58FD}.exe" | C:\Windows\{A2C6910E-3DAE-4d1d-A726-ED2D19E87086}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{1F9B4C96-E32F-4d0c-9A59-028CCF9C19C7} | C:\Users\Admin\AppData\Local\Temp\2024-03-02_7700691d1d8ba6023d1d9bbaa3de7429_goldeneye.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{1F9B4C96-E32F-4d0c-9A59-028CCF9C19C7}\stubpath = "C:\\Windows\\{1F9B4C96-E32F-4d0c-9A59-028CCF9C19C7}.exe" | C:\Users\Admin\AppData\Local\Temp\2024-03-02_7700691d1d8ba6023d1d9bbaa3de7429_goldeneye.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{2B711807-E5C6-40e7-8E6E-545C0E6DD8DD} | C:\Windows\{1F9B4C96-E32F-4d0c-9A59-028CCF9C19C7}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{82F7A9F5-36CD-494b-BC04-87214242FD5C}\stubpath = "C:\\Windows\\{82F7A9F5-36CD-494b-BC04-87214242FD5C}.exe" | C:\Windows\{37F3EAAB-F2ED-4213-B90B-D44501870BE2}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{4100C6FF-AEF9-40e0-A6A3-3F3B32614CCC} | C:\Windows\{8727761E-1900-4c91-8C05-DAE64E4FF6DF}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{4100C6FF-AEF9-40e0-A6A3-3F3B32614CCC}\stubpath = "C:\\Windows\\{4100C6FF-AEF9-40e0-A6A3-3F3B32614CCC}.exe" | C:\Windows\{8727761E-1900-4c91-8C05-DAE64E4FF6DF}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{FA6CC007-05F2-45ea-B99D-B62A183E437E} | C:\Windows\{C1D233E1-EBCA-4704-8BD7-1E505F2017CE}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{A2C6910E-3DAE-4d1d-A726-ED2D19E87086} | C:\Windows\{FA6CC007-05F2-45ea-B99D-B62A183E437E}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{2B711807-E5C6-40e7-8E6E-545C0E6DD8DD}\stubpath = "C:\\Windows\\{2B711807-E5C6-40e7-8E6E-545C0E6DD8DD}.exe" | C:\Windows\{1F9B4C96-E32F-4d0c-9A59-028CCF9C19C7}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{37F3EAAB-F2ED-4213-B90B-D44501870BE2} | C:\Windows\{2B711807-E5C6-40e7-8E6E-545C0E6DD8DD}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{E99C201A-19EC-4844-86F1-0BECA5B9BC23}\stubpath = "C:\\Windows\\{E99C201A-19EC-4844-86F1-0BECA5B9BC23}.exe" | C:\Windows\{82F7A9F5-36CD-494b-BC04-87214242FD5C}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{8727761E-1900-4c91-8C05-DAE64E4FF6DF} | C:\Windows\{E99C201A-19EC-4844-86F1-0BECA5B9BC23}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{A2C6910E-3DAE-4d1d-A726-ED2D19E87086}\stubpath = "C:\\Windows\\{A2C6910E-3DAE-4d1d-A726-ED2D19E87086}.exe" | C:\Windows\{FA6CC007-05F2-45ea-B99D-B62A183E437E}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{284D26C3-C78E-45bf-8836-211245AD58FD} | C:\Windows\{A2C6910E-3DAE-4d1d-A726-ED2D19E87086}.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\{1F9B4C96-E32F-4d0c-9A59-028CCF9C19C7}.exe | N/A |
| N/A | N/A | C:\Windows\{2B711807-E5C6-40e7-8E6E-545C0E6DD8DD}.exe | N/A |
| N/A | N/A | C:\Windows\{37F3EAAB-F2ED-4213-B90B-D44501870BE2}.exe | N/A |
| N/A | N/A | C:\Windows\{82F7A9F5-36CD-494b-BC04-87214242FD5C}.exe | N/A |
| N/A | N/A | C:\Windows\{E99C201A-19EC-4844-86F1-0BECA5B9BC23}.exe | N/A |
| N/A | N/A | C:\Windows\{8727761E-1900-4c91-8C05-DAE64E4FF6DF}.exe | N/A |
| N/A | N/A | C:\Windows\{4100C6FF-AEF9-40e0-A6A3-3F3B32614CCC}.exe | N/A |
| N/A | N/A | C:\Windows\{C1D233E1-EBCA-4704-8BD7-1E505F2017CE}.exe | N/A |
| N/A | N/A | C:\Windows\{FA6CC007-05F2-45ea-B99D-B62A183E437E}.exe | N/A |
| N/A | N/A | C:\Windows\{A2C6910E-3DAE-4d1d-A726-ED2D19E87086}.exe | N/A |
| N/A | N/A | C:\Windows\{284D26C3-C78E-45bf-8836-211245AD58FD}.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\{37F3EAAB-F2ED-4213-B90B-D44501870BE2}.exe | C:\Windows\{2B711807-E5C6-40e7-8E6E-545C0E6DD8DD}.exe | N/A |
| File created | C:\Windows\{4100C6FF-AEF9-40e0-A6A3-3F3B32614CCC}.exe | C:\Windows\{8727761E-1900-4c91-8C05-DAE64E4FF6DF}.exe | N/A |
| File created | C:\Windows\{FA6CC007-05F2-45ea-B99D-B62A183E437E}.exe | C:\Windows\{C1D233E1-EBCA-4704-8BD7-1E505F2017CE}.exe | N/A |
| File created | C:\Windows\{A2C6910E-3DAE-4d1d-A726-ED2D19E87086}.exe | C:\Windows\{FA6CC007-05F2-45ea-B99D-B62A183E437E}.exe | N/A |
| File created | C:\Windows\{1F9B4C96-E32F-4d0c-9A59-028CCF9C19C7}.exe | C:\Users\Admin\AppData\Local\Temp\2024-03-02_7700691d1d8ba6023d1d9bbaa3de7429_goldeneye.exe | N/A |
| File created | C:\Windows\{2B711807-E5C6-40e7-8E6E-545C0E6DD8DD}.exe | C:\Windows\{1F9B4C96-E32F-4d0c-9A59-028CCF9C19C7}.exe | N/A |
| File created | C:\Windows\{8727761E-1900-4c91-8C05-DAE64E4FF6DF}.exe | C:\Windows\{E99C201A-19EC-4844-86F1-0BECA5B9BC23}.exe | N/A |
| File created | C:\Windows\{C1D233E1-EBCA-4704-8BD7-1E505F2017CE}.exe | C:\Windows\{4100C6FF-AEF9-40e0-A6A3-3F3B32614CCC}.exe | N/A |
| File created | C:\Windows\{284D26C3-C78E-45bf-8836-211245AD58FD}.exe | C:\Windows\{A2C6910E-3DAE-4d1d-A726-ED2D19E87086}.exe | N/A |
| File created | C:\Windows\{82F7A9F5-36CD-494b-BC04-87214242FD5C}.exe | C:\Windows\{37F3EAAB-F2ED-4213-B90B-D44501870BE2}.exe | N/A |
| File created | C:\Windows\{E99C201A-19EC-4844-86F1-0BECA5B9BC23}.exe | C:\Windows\{82F7A9F5-36CD-494b-BC04-87214242FD5C}.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-03-02_7700691d1d8ba6023d1d9bbaa3de7429_goldeneye.exe
"C:\Users\Admin\AppData\Local\Temp\2024-03-02_7700691d1d8ba6023d1d9bbaa3de7429_goldeneye.exe"
C:\Windows\{1F9B4C96-E32F-4d0c-9A59-028CCF9C19C7}.exe
C:\Windows\{1F9B4C96-E32F-4d0c-9A59-028CCF9C19C7}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
C:\Windows\{2B711807-E5C6-40e7-8E6E-545C0E6DD8DD}.exe
C:\Windows\{2B711807-E5C6-40e7-8E6E-545C0E6DD8DD}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{1F9B4~1.EXE > nul
C:\Windows\{37F3EAAB-F2ED-4213-B90B-D44501870BE2}.exe
C:\Windows\{37F3EAAB-F2ED-4213-B90B-D44501870BE2}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{2B711~1.EXE > nul
C:\Windows\{82F7A9F5-36CD-494b-BC04-87214242FD5C}.exe
C:\Windows\{82F7A9F5-36CD-494b-BC04-87214242FD5C}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{37F3E~1.EXE > nul
C:\Windows\{E99C201A-19EC-4844-86F1-0BECA5B9BC23}.exe
C:\Windows\{E99C201A-19EC-4844-86F1-0BECA5B9BC23}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{82F7A~1.EXE > nul
C:\Windows\{8727761E-1900-4c91-8C05-DAE64E4FF6DF}.exe
C:\Windows\{8727761E-1900-4c91-8C05-DAE64E4FF6DF}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{E99C2~1.EXE > nul
C:\Windows\{4100C6FF-AEF9-40e0-A6A3-3F3B32614CCC}.exe
C:\Windows\{4100C6FF-AEF9-40e0-A6A3-3F3B32614CCC}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{87277~1.EXE > nul
C:\Windows\{C1D233E1-EBCA-4704-8BD7-1E505F2017CE}.exe
C:\Windows\{C1D233E1-EBCA-4704-8BD7-1E505F2017CE}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{4100C~1.EXE > nul
C:\Windows\{FA6CC007-05F2-45ea-B99D-B62A183E437E}.exe
C:\Windows\{FA6CC007-05F2-45ea-B99D-B62A183E437E}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{C1D23~1.EXE > nul
C:\Windows\{A2C6910E-3DAE-4d1d-A726-ED2D19E87086}.exe
C:\Windows\{A2C6910E-3DAE-4d1d-A726-ED2D19E87086}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{FA6CC~1.EXE > nul
C:\Windows\{284D26C3-C78E-45bf-8836-211245AD58FD}.exe
C:\Windows\{284D26C3-C78E-45bf-8836-211245AD58FD}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{A2C69~1.EXE > nul
Network
Files
C:\Windows\{1F9B4C96-E32F-4d0c-9A59-028CCF9C19C7}.exe
| MD5 | eecf3019153851685ca1853710e1ac1a |
| SHA1 | f09c06cf819104489f57beeb794dad36b8c3db5d |
| SHA256 | b55b4eba4eeca3776695fcb590e63aa5deabf8b379263a5449d7fb262142d9ca |
| SHA512 | 1d149e9e6149980e7813e57094bb2a9eca13c44292bec35d2ab72da0bae1f5ae12890b74cc980d203212d9cd536ce9109c785e7f16fc2b8e96568cc089203a6a |
C:\Windows\{2B711807-E5C6-40e7-8E6E-545C0E6DD8DD}.exe
| MD5 | e406ff81b38d6345e349eecb1497c357 |
| SHA1 | bc0d58325725d6e7606008c7ee388a935716fe71 |
| SHA256 | ccbd9999b56d84dd603ef8e10d8e11708f99bee4990cb653119ca8f639915432 |
| SHA512 | a60d3e88aed545ee93579cc4885e1b338a7cbcc5064a70a0d24a4115e47cfe8559bddea9e960bae8a971450337de3718c9fca36b08bb2643faa0d56fac667c3b |
C:\Windows\{37F3EAAB-F2ED-4213-B90B-D44501870BE2}.exe
| MD5 | 3939837a97ea9c5afc9d5497797f6027 |
| SHA1 | 60bca6a9f5b4c7aa2f25486e50886daa447679df |
| SHA256 | 78c9f2808f4ba3709116ffc569f82608fed7ae9c7fb90d91339b14e527c66936 |
| SHA512 | 95b9adf68f4c57def700c0dc4287dc34409684bd74e02dc6ba91af43dd5ef912376ae9df7f368e13b3922fe10b2b022a63a48678eaaa9f943b1f9ac7a0e51474 |
C:\Windows\{82F7A9F5-36CD-494b-BC04-87214242FD5C}.exe
| MD5 | ef29cc273952a3b498d62421972de1ad |
| SHA1 | db41749e6b2d88efd47f702439157165feaabfb8 |
| SHA256 | 3760b972106ba2943ea4d5364a3447c197e284c70d0d4d1dc7f0f71680249322 |
| SHA512 | 3f72b87162219bc2d39210367dd7f834a3a0380b63c2ecd4c3a9d422bcd0d52800625ca6fd20fa67eb3d944dbd2339d207fc18ddce6d9f3d3db7110f146a8b95 |
C:\Windows\{E99C201A-19EC-4844-86F1-0BECA5B9BC23}.exe
| MD5 | be7300af720926e9c34f4d4c85d0a168 |
| SHA1 | 2010698dd5e18a526bd0ac9b15e92ac6fe762cb4 |
| SHA256 | ae8a021d3d6e906b42c41109f6b47920f6fa8ba846e04f20bb0ed2938161a9f5 |
| SHA512 | 1c1ca9b9afac50bd463e11455829534d0a20a08728983cef589d64422cc6406c74bc646bcbd0272327f70e20080e7123013dbcd569e79a4bb789db9d190d4465 |
C:\Windows\{8727761E-1900-4c91-8C05-DAE64E4FF6DF}.exe
| MD5 | 88817a97e9a1a961dcee56943ddbb608 |
| SHA1 | 425d0524a1eec26766c21083ae277de41973d40a |
| SHA256 | dc93feedd95866e99971a93af9a451ec919f2c6fa747f7bc6d9312ceac08e267 |
| SHA512 | 3cef6275c28f2f43e8204ffcc496837c0adf4dddac80cf3be95a8bcb5474541578db9736acb25c9346b56b56c22d8735f7f1988cc441a96206a581913256dab5 |
C:\Windows\{4100C6FF-AEF9-40e0-A6A3-3F3B32614CCC}.exe
| MD5 | ca55d477ed4eede8e5b94fe42b8f949d |
| SHA1 | 8e902ce629764a85f600d4cfcf48c010d110119b |
| SHA256 | a15e9259a03c8f164cae9545c2f5df51b23a3fde74e07129d09723e04bec6bfe |
| SHA512 | fbe136a998203fc08229e5fdc4a07a6e9283a98dae99d920d77f15e6120c3d8cf32ee1c78fb495641cb81708f97515ec99547974b9d6ce547c93943ed4cc3bcf |
C:\Windows\{C1D233E1-EBCA-4704-8BD7-1E505F2017CE}.exe
| MD5 | 722cbef8ae74ebf39aa3f9d1330fb48e |
| SHA1 | 8386d787dab363302b520f0a637ffcca3afd7cdd |
| SHA256 | 0d04e39af934d04687e0d64b64dd425548b553e5bbf82c7ed9ec5aa965417a7e |
| SHA512 | b6e9cadf81d59ecb82f98d24f8cf53e3edb37abd923a517e6de99059208ce02b6b7e66679dabaa19d1a4da4c8b4c0a113b8b2c4fd393d54c2add07666d0de493 |
C:\Windows\{FA6CC007-05F2-45ea-B99D-B62A183E437E}.exe
| MD5 | 0d8994e62835a0fe3b64fefc71ccfa35 |
| SHA1 | 72b6b239b7b45ff460dce646720f051ad21a1772 |
| SHA256 | 481cbdd92c60baa555c2af68334cef4998a59ebed40ea396b70b08ea3897f9a9 |
| SHA512 | 668cbdc312df764fba33d7a614b7b4f1139ccdce83499bff6078ad4e3bd401e53ff4a838f7269bbd610f1c2f51ea355470acbd12a78aa55cb5afd094b109d2ea |
C:\Windows\{A2C6910E-3DAE-4d1d-A726-ED2D19E87086}.exe
| MD5 | 62c240b09ff5d30bf1af3c009feb979b |
| SHA1 | 9759988be3380b559f0487e3f2ea3c2242d3f713 |
| SHA256 | bf49f4f3e79cbd53eb5ce5b6790f894375671e68eb32dfa62f5ffbaa1ac55908 |
| SHA512 | 79e3f0dd46c2168966a0853b31a341431afb08425c3bcfa224c69bcb3adc7989d53eea164b8c3bb01aca090c640a6a85c64e2b180446e07964107db5f5697ad2 |
C:\Windows\{284D26C3-C78E-45bf-8836-211245AD58FD}.exe
| MD5 | 2da9d22d06fa58a013d5cf503d476073 |
| SHA1 | a8d69507380bef0d5d68bf5d1995c6cae2d0de53 |
| SHA256 | 3b9d3bf2b08822350e2700a3304074ca5a8da15a06cdfb1124629677f705c8bd |
| SHA512 | 1735d3be9135ea696cc0605c274e2ad74e1afadc15dea9af977f45b5f369ebe6561662b26bfeedcfef3ea1a39cfea7008adb3dc7a61211cfda73aa61c417d409 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-03-02 23:29
Reported
2024-03-02 23:32
Platform
win10v2004-20240226-en
Max time kernel
150s
Max time network
149s
Command Line
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{68F3B260-ECB9-419f-A6E0-75228242B783} | C:\Windows\{23165439-5507-40d0-87E0-44DA67AD8BBA}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{68F3B260-ECB9-419f-A6E0-75228242B783}\stubpath = "C:\\Windows\\{68F3B260-ECB9-419f-A6E0-75228242B783}.exe" | C:\Windows\{23165439-5507-40d0-87E0-44DA67AD8BBA}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{AB45CC08-B088-4182-9AF2-5EFB265E37F3}\stubpath = "C:\\Windows\\{AB45CC08-B088-4182-9AF2-5EFB265E37F3}.exe" | C:\Users\Admin\AppData\Local\Temp\2024-03-02_7700691d1d8ba6023d1d9bbaa3de7429_goldeneye.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{8B40133E-EDB2-4d22-9EBD-A94C9E811FE2}\stubpath = "C:\\Windows\\{8B40133E-EDB2-4d22-9EBD-A94C9E811FE2}.exe" | C:\Windows\{AB45CC08-B088-4182-9AF2-5EFB265E37F3}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{4CD4879C-A249-48a3-A27A-C43BB29809A3} | C:\Windows\{8CD404AF-B0E0-4e0d-BDC6-E112FEC650AC}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{134A54BE-D340-4ac4-9B47-C24BD3AB8B2E} | C:\Windows\{4CD4879C-A249-48a3-A27A-C43BB29809A3}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{23165439-5507-40d0-87E0-44DA67AD8BBA} | C:\Windows\{E60F097E-7A63-4d31-82E6-6F6233D7EAA4}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{23165439-5507-40d0-87E0-44DA67AD8BBA}\stubpath = "C:\\Windows\\{23165439-5507-40d0-87E0-44DA67AD8BBA}.exe" | C:\Windows\{E60F097E-7A63-4d31-82E6-6F6233D7EAA4}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{AB45CC08-B088-4182-9AF2-5EFB265E37F3} | C:\Users\Admin\AppData\Local\Temp\2024-03-02_7700691d1d8ba6023d1d9bbaa3de7429_goldeneye.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{8CD404AF-B0E0-4e0d-BDC6-E112FEC650AC} | C:\Windows\{EF94757C-4601-43e2-95FB-3473002162AD}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{B29C7468-FA74-4bd9-8F20-7290C473AA9E}\stubpath = "C:\\Windows\\{B29C7468-FA74-4bd9-8F20-7290C473AA9E}.exe" | C:\Windows\{3918B111-817E-44b2-B903-8496C332C94B}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{EF94757C-4601-43e2-95FB-3473002162AD} | C:\Windows\{8B40133E-EDB2-4d22-9EBD-A94C9E811FE2}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{8CD404AF-B0E0-4e0d-BDC6-E112FEC650AC}\stubpath = "C:\\Windows\\{8CD404AF-B0E0-4e0d-BDC6-E112FEC650AC}.exe" | C:\Windows\{EF94757C-4601-43e2-95FB-3473002162AD}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{134A54BE-D340-4ac4-9B47-C24BD3AB8B2E}\stubpath = "C:\\Windows\\{134A54BE-D340-4ac4-9B47-C24BD3AB8B2E}.exe" | C:\Windows\{4CD4879C-A249-48a3-A27A-C43BB29809A3}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{86F677AC-1CE9-4b3f-81A9-5A8F80FC99E6} | C:\Windows\{134A54BE-D340-4ac4-9B47-C24BD3AB8B2E}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{86F677AC-1CE9-4b3f-81A9-5A8F80FC99E6}\stubpath = "C:\\Windows\\{86F677AC-1CE9-4b3f-81A9-5A8F80FC99E6}.exe" | C:\Windows\{134A54BE-D340-4ac4-9B47-C24BD3AB8B2E}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{3918B111-817E-44b2-B903-8496C332C94B}\stubpath = "C:\\Windows\\{3918B111-817E-44b2-B903-8496C332C94B}.exe" | C:\Windows\{68F3B260-ECB9-419f-A6E0-75228242B783}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{B29C7468-FA74-4bd9-8F20-7290C473AA9E} | C:\Windows\{3918B111-817E-44b2-B903-8496C332C94B}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{8B40133E-EDB2-4d22-9EBD-A94C9E811FE2} | C:\Windows\{AB45CC08-B088-4182-9AF2-5EFB265E37F3}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{EF94757C-4601-43e2-95FB-3473002162AD}\stubpath = "C:\\Windows\\{EF94757C-4601-43e2-95FB-3473002162AD}.exe" | C:\Windows\{8B40133E-EDB2-4d22-9EBD-A94C9E811FE2}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{4CD4879C-A249-48a3-A27A-C43BB29809A3}\stubpath = "C:\\Windows\\{4CD4879C-A249-48a3-A27A-C43BB29809A3}.exe" | C:\Windows\{8CD404AF-B0E0-4e0d-BDC6-E112FEC650AC}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{E60F097E-7A63-4d31-82E6-6F6233D7EAA4} | C:\Windows\{86F677AC-1CE9-4b3f-81A9-5A8F80FC99E6}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{E60F097E-7A63-4d31-82E6-6F6233D7EAA4}\stubpath = "C:\\Windows\\{E60F097E-7A63-4d31-82E6-6F6233D7EAA4}.exe" | C:\Windows\{86F677AC-1CE9-4b3f-81A9-5A8F80FC99E6}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{3918B111-817E-44b2-B903-8496C332C94B} | C:\Windows\{68F3B260-ECB9-419f-A6E0-75228242B783}.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\{AB45CC08-B088-4182-9AF2-5EFB265E37F3}.exe | N/A |
| N/A | N/A | C:\Windows\{8B40133E-EDB2-4d22-9EBD-A94C9E811FE2}.exe | N/A |
| N/A | N/A | C:\Windows\{EF94757C-4601-43e2-95FB-3473002162AD}.exe | N/A |
| N/A | N/A | C:\Windows\{8CD404AF-B0E0-4e0d-BDC6-E112FEC650AC}.exe | N/A |
| N/A | N/A | C:\Windows\{4CD4879C-A249-48a3-A27A-C43BB29809A3}.exe | N/A |
| N/A | N/A | C:\Windows\{134A54BE-D340-4ac4-9B47-C24BD3AB8B2E}.exe | N/A |
| N/A | N/A | C:\Windows\{86F677AC-1CE9-4b3f-81A9-5A8F80FC99E6}.exe | N/A |
| N/A | N/A | C:\Windows\{E60F097E-7A63-4d31-82E6-6F6233D7EAA4}.exe | N/A |
| N/A | N/A | C:\Windows\{23165439-5507-40d0-87E0-44DA67AD8BBA}.exe | N/A |
| N/A | N/A | C:\Windows\{68F3B260-ECB9-419f-A6E0-75228242B783}.exe | N/A |
| N/A | N/A | C:\Windows\{3918B111-817E-44b2-B903-8496C332C94B}.exe | N/A |
| N/A | N/A | C:\Windows\{B29C7468-FA74-4bd9-8F20-7290C473AA9E}.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\{AB45CC08-B088-4182-9AF2-5EFB265E37F3}.exe | C:\Users\Admin\AppData\Local\Temp\2024-03-02_7700691d1d8ba6023d1d9bbaa3de7429_goldeneye.exe | N/A |
| File created | C:\Windows\{4CD4879C-A249-48a3-A27A-C43BB29809A3}.exe | C:\Windows\{8CD404AF-B0E0-4e0d-BDC6-E112FEC650AC}.exe | N/A |
| File created | C:\Windows\{86F677AC-1CE9-4b3f-81A9-5A8F80FC99E6}.exe | C:\Windows\{134A54BE-D340-4ac4-9B47-C24BD3AB8B2E}.exe | N/A |
| File created | C:\Windows\{23165439-5507-40d0-87E0-44DA67AD8BBA}.exe | C:\Windows\{E60F097E-7A63-4d31-82E6-6F6233D7EAA4}.exe | N/A |
| File created | C:\Windows\{68F3B260-ECB9-419f-A6E0-75228242B783}.exe | C:\Windows\{23165439-5507-40d0-87E0-44DA67AD8BBA}.exe | N/A |
| File created | C:\Windows\{3918B111-817E-44b2-B903-8496C332C94B}.exe | C:\Windows\{68F3B260-ECB9-419f-A6E0-75228242B783}.exe | N/A |
| File created | C:\Windows\{B29C7468-FA74-4bd9-8F20-7290C473AA9E}.exe | C:\Windows\{3918B111-817E-44b2-B903-8496C332C94B}.exe | N/A |
| File created | C:\Windows\{8B40133E-EDB2-4d22-9EBD-A94C9E811FE2}.exe | C:\Windows\{AB45CC08-B088-4182-9AF2-5EFB265E37F3}.exe | N/A |
| File created | C:\Windows\{EF94757C-4601-43e2-95FB-3473002162AD}.exe | C:\Windows\{8B40133E-EDB2-4d22-9EBD-A94C9E811FE2}.exe | N/A |
| File created | C:\Windows\{8CD404AF-B0E0-4e0d-BDC6-E112FEC650AC}.exe | C:\Windows\{EF94757C-4601-43e2-95FB-3473002162AD}.exe | N/A |
| File created | C:\Windows\{134A54BE-D340-4ac4-9B47-C24BD3AB8B2E}.exe | C:\Windows\{4CD4879C-A249-48a3-A27A-C43BB29809A3}.exe | N/A |
| File created | C:\Windows\{E60F097E-7A63-4d31-82E6-6F6233D7EAA4}.exe | C:\Windows\{86F677AC-1CE9-4b3f-81A9-5A8F80FC99E6}.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-03-02_7700691d1d8ba6023d1d9bbaa3de7429_goldeneye.exe
"C:\Users\Admin\AppData\Local\Temp\2024-03-02_7700691d1d8ba6023d1d9bbaa3de7429_goldeneye.exe"
C:\Windows\{AB45CC08-B088-4182-9AF2-5EFB265E37F3}.exe
C:\Windows\{AB45CC08-B088-4182-9AF2-5EFB265E37F3}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
C:\Windows\{8B40133E-EDB2-4d22-9EBD-A94C9E811FE2}.exe
C:\Windows\{8B40133E-EDB2-4d22-9EBD-A94C9E811FE2}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{AB45C~1.EXE > nul
C:\Windows\{EF94757C-4601-43e2-95FB-3473002162AD}.exe
C:\Windows\{EF94757C-4601-43e2-95FB-3473002162AD}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{8B401~1.EXE > nul
C:\Windows\{8CD404AF-B0E0-4e0d-BDC6-E112FEC650AC}.exe
C:\Windows\{8CD404AF-B0E0-4e0d-BDC6-E112FEC650AC}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{EF947~1.EXE > nul
C:\Windows\{4CD4879C-A249-48a3-A27A-C43BB29809A3}.exe
C:\Windows\{4CD4879C-A249-48a3-A27A-C43BB29809A3}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{8CD40~1.EXE > nul
C:\Windows\{134A54BE-D340-4ac4-9B47-C24BD3AB8B2E}.exe
C:\Windows\{134A54BE-D340-4ac4-9B47-C24BD3AB8B2E}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{4CD48~1.EXE > nul
C:\Windows\{86F677AC-1CE9-4b3f-81A9-5A8F80FC99E6}.exe
C:\Windows\{86F677AC-1CE9-4b3f-81A9-5A8F80FC99E6}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{134A5~1.EXE > nul
C:\Windows\{E60F097E-7A63-4d31-82E6-6F6233D7EAA4}.exe
C:\Windows\{E60F097E-7A63-4d31-82E6-6F6233D7EAA4}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{86F67~1.EXE > nul
C:\Windows\{23165439-5507-40d0-87E0-44DA67AD8BBA}.exe
C:\Windows\{23165439-5507-40d0-87E0-44DA67AD8BBA}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{E60F0~1.EXE > nul
C:\Windows\{68F3B260-ECB9-419f-A6E0-75228242B783}.exe
C:\Windows\{68F3B260-ECB9-419f-A6E0-75228242B783}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{23165~1.EXE > nul
C:\Windows\{3918B111-817E-44b2-B903-8496C332C94B}.exe
C:\Windows\{3918B111-817E-44b2-B903-8496C332C94B}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{68F3B~1.EXE > nul
C:\Windows\{B29C7468-FA74-4bd9-8F20-7290C473AA9E}.exe
C:\Windows\{B29C7468-FA74-4bd9-8F20-7290C473AA9E}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{3918B~1.EXE > nul
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.200:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 0.204.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.228.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.99.105.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.110.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.71.91.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | udp |
Files
C:\Windows\{AB45CC08-B088-4182-9AF2-5EFB265E37F3}.exe
| MD5 | 674a5393a2a376e1deec7a7ac7b537fe |
| SHA1 | 8c6028185affd9c5e4287319d2792104beeb460f |
| SHA256 | a14373251ede7656ba0e663c99d821125687e298e660c710761991ef509f92df |
| SHA512 | 81ebba36583013dde926f5b83967f2355d1d9aab3f31b9610bc185d5c3174864af48c07c6dc50299620db406de29122f002190f89ec79d57264fd338d2f8e020 |
C:\Windows\{8B40133E-EDB2-4d22-9EBD-A94C9E811FE2}.exe
| MD5 | c82e97fa401f2f3daf68c9593ca9bf9c |
| SHA1 | 08971b20b19731c5e2a46b407016a6d09bb36d69 |
| SHA256 | 337a0eb0ba44d357255493bef374bf7768efd7781c9e0972bc11c0b83771f440 |
| SHA512 | fa978af771c898c9a91651a8af00bcbb735ab67059632882be2b4e46c8b3871f124c26ab81bbff93ce2e30306c271502282e97551c54c82151b8be34088b500d |
C:\Windows\{EF94757C-4601-43e2-95FB-3473002162AD}.exe
| MD5 | 3bcfa94acb83c266ac12c9696fa2ed6c |
| SHA1 | f690fb244bdaddfc5d733e7870713cdb88d2a387 |
| SHA256 | df3486fa77f1983b49a626e5284dd0264798e2fbcacc411d1460a32e1bcb55b0 |
| SHA512 | 49ddbe20318311244f69e5c3420259a8c815445b3284644dd0885144f56434337ede5e087218198bdf4a1949f6bf86b45934c8b03bcef29b149a5e5d012e8e3d |
C:\Windows\{8CD404AF-B0E0-4e0d-BDC6-E112FEC650AC}.exe
| MD5 | 952897cbcbcad645036bca2cc9f3e356 |
| SHA1 | 9d4bd55162e5589124adc580d23bd1f1c2af4feb |
| SHA256 | 9f4dda4e49db472e95426c781e9d72ca12b7af5ef40df0842a3da9c84ff48baa |
| SHA512 | f7836f7961bd4c46290c3d2550fc1a1ab6e766c9eb42fdf0b186f73020d1fe07dcab0a2b8e165a8f983758188710b2b1eb26c124303b7a8410944707b7c3cc75 |
C:\Windows\{4CD4879C-A249-48a3-A27A-C43BB29809A3}.exe
| MD5 | 374f07b6aa3ffcee853b7a554f790f4e |
| SHA1 | a7515baf9487bbe2b69c2fa2721240c34e822bfd |
| SHA256 | 37e622ed28c4653e6f7fcc1d952cde18edd186b0b5e97a318e279e06ab58a6fe |
| SHA512 | fd210822fcc3bb79accc5a7df6499aa3a10b0b9e04a29c5ca892f7fb6c6d2003bd395477ebabb952329171b2fd29f8f2bc896f870fe6bb9c0e36b7af5c7e1b6a |
C:\Windows\{134A54BE-D340-4ac4-9B47-C24BD3AB8B2E}.exe
| MD5 | 7ec7c296c9feaef5cbc79346743cc08e |
| SHA1 | b16c189a86b2b7543a24350452476514b3671c65 |
| SHA256 | a9e1d5af92d131812381c439922923e5ebbe9203e155014e440d8baf979cc53d |
| SHA512 | 2aa17c3f1569cbf7ac21964aff57346230749887316f4c768a7ce2aeb1a6195c7b5c152fb0f403604c0957ecb23db4255eab99e41ab3e12aca05c7bdc7a639ad |
C:\Windows\{86F677AC-1CE9-4b3f-81A9-5A8F80FC99E6}.exe
| MD5 | 83110ba80eba22bd0239bd592b9e097b |
| SHA1 | 2ee014c4fbb6f0a64b8207bbe2dec283883bc504 |
| SHA256 | 8d69c02d00e871927ede6169e96a0ee30898f0cbf1316848bd18be9a1d6cc05b |
| SHA512 | 4b968acf061e1b3437b3587a8087725b4a86071e7c42e7471b8ee451dc2b81f77a2bcdde9a654d08440ed89cf8b9602c6f73adbbfb955522a13e70f30fdffd4f |
C:\Windows\{E60F097E-7A63-4d31-82E6-6F6233D7EAA4}.exe
| MD5 | c40dd394d23cffbb4672b76e41e23810 |
| SHA1 | 495c497c331d3872121c4b4a8108cc983c97e27c |
| SHA256 | 9e43bba213842ebb58e3585e25d6217781de1f31ce252d2cef1532243b5ffb9b |
| SHA512 | fe318d1e018dcdbee9820ce28da16ba9d44217f32f82439f60329cda9897e2810bed3e5b0ed307d817d41cabf9ca86e1c4fe81af2ff57b99981c99f605e7ac44 |
C:\Windows\{23165439-5507-40d0-87E0-44DA67AD8BBA}.exe
| MD5 | 619ab951baafa425c0c8d262b30e262b |
| SHA1 | 935fc17742754e40acff04720916acb08c7c9af5 |
| SHA256 | 3bbe74a70af9f84b5d928f6d0e91035d6449f922b83c15eb9d7bf7fee328be76 |
| SHA512 | 2a95be8fc84c0257a94bf66fd7fc158dccd9efcdd873e69053877198edc471508542bdfb30f26787dfd9c4393cf46cac30a93a7a60f61a3f208454760c666d72 |
C:\Windows\{68F3B260-ECB9-419f-A6E0-75228242B783}.exe
| MD5 | 9c4ba614e06b949b1edd56220f24e012 |
| SHA1 | 56e5b0d307478611c69eefed771aa0af025e2d01 |
| SHA256 | e2c527cf97c7cf2bd4a656363af539f62158ed97f26592dc3ebfa7ac23087834 |
| SHA512 | 13942efe7ce4f18d11eeab435ebe9f290a57bd910d0c20ccd091fae10a58e072fb838580e0e84b7369c073105339c3a5a8e56cc0d310df8b240616c19ed6e298 |
C:\Windows\{3918B111-817E-44b2-B903-8496C332C94B}.exe
| MD5 | 6cac860cfdb3ce2e185fc59a208181f7 |
| SHA1 | 072e612aa9ac14ccc8a6216836cd00b1c9f307ec |
| SHA256 | 2dfd46c24e34892638bac5d02e69b7774398e705832a8da0a841be713829f2e4 |
| SHA512 | 742d06f7d29fd57dab9d0d9d96d54ad0877f6208e918804a11f649c9f514fc3d52a8e9edba04db4c1957c4073d8a40d9fe0fad57e1b70d8d0cd272f721f07ec0 |
C:\Windows\{B29C7468-FA74-4bd9-8F20-7290C473AA9E}.exe
| MD5 | 0992fb00c2243a51cb78cce49361ca7d |
| SHA1 | 2e6814582d6e3906fdce032179c732c044559ecc |
| SHA256 | ea55c098f7bc16008ffbd505611c8d4764edef88f75972e59e4117e8950a064a |
| SHA512 | 6f7a7d631ab6723c31801d7d8e0e730b911ee645d856e081c1346a4f2b914d3832a9799e8669c7df9276bc62bdb41367d3ece4080dcd42fc39c3011a8fc56168 |