Analysis Overview
SHA256
a201e4705b075bf42639fe006c80d8c6a1c97092cce9d540478a68a6605dc605
Threat Level: Known bad
The file 2024-03-02_164de08d5920bce67bd0075809e6beb7_goldeneye was found to be: Known bad.
Malicious Activity Summary
Auto-generated rule
Auto-generated rule
Modifies Installed Components in the registry
Deletes itself
Executes dropped EXE
Drops file in Windows directory
Unsigned PE
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-03-02 16:31
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2024-03-02 16:31
Reported
2024-03-02 16:33
Platform
win10v2004-20240226-en
Max time kernel
151s
Max time network
151s
Command Line
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{B49F18D3-5A3B-4067-9364-726C5BCC3E29}\stubpath = "C:\\Windows\\{B49F18D3-5A3B-4067-9364-726C5BCC3E29}.exe" | C:\Windows\{CD0C126D-BF7F-464c-81D5-20282407A79C}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{C1487626-296C-4ab4-9CF2-9151C92E0F26} | C:\Users\Admin\AppData\Local\Temp\2024-03-02_164de08d5920bce67bd0075809e6beb7_goldeneye.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{98390355-6891-402d-927A-52B1E7189C9B}\stubpath = "C:\\Windows\\{98390355-6891-402d-927A-52B1E7189C9B}.exe" | C:\Windows\{7A1D86F5-EEAC-407a-9CA1-BE4569038184}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{A5E7109D-AE94-4470-B6F7-5F31C9834698} | C:\Windows\{DC392DD0-8D27-48d0-86CE-67B54EFF477F}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{67EAA800-E614-40a1-B7DD-0D97095EE950} | C:\Windows\{A5E7109D-AE94-4470-B6F7-5F31C9834698}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{67EAA800-E614-40a1-B7DD-0D97095EE950}\stubpath = "C:\\Windows\\{67EAA800-E614-40a1-B7DD-0D97095EE950}.exe" | C:\Windows\{A5E7109D-AE94-4470-B6F7-5F31C9834698}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{ACEC787B-2000-486e-8202-B09C9CF892D1} | C:\Windows\{67EAA800-E614-40a1-B7DD-0D97095EE950}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{CD0C126D-BF7F-464c-81D5-20282407A79C}\stubpath = "C:\\Windows\\{CD0C126D-BF7F-464c-81D5-20282407A79C}.exe" | C:\Windows\{ACEC787B-2000-486e-8202-B09C9CF892D1}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{0E824713-12B6-4dc4-B02C-D8CC6B3515F7} | C:\Windows\{B49F18D3-5A3B-4067-9364-726C5BCC3E29}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{7A1D86F5-EEAC-407a-9CA1-BE4569038184} | C:\Windows\{4047F151-F5B3-428c-9065-74BB13FC01E7}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{7A1D86F5-EEAC-407a-9CA1-BE4569038184}\stubpath = "C:\\Windows\\{7A1D86F5-EEAC-407a-9CA1-BE4569038184}.exe" | C:\Windows\{4047F151-F5B3-428c-9065-74BB13FC01E7}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{DC392DD0-8D27-48d0-86CE-67B54EFF477F} | C:\Windows\{7928A926-96D1-4569-8672-1371AB35C300}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{B49F18D3-5A3B-4067-9364-726C5BCC3E29} | C:\Windows\{CD0C126D-BF7F-464c-81D5-20282407A79C}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{0E824713-12B6-4dc4-B02C-D8CC6B3515F7}\stubpath = "C:\\Windows\\{0E824713-12B6-4dc4-B02C-D8CC6B3515F7}.exe" | C:\Windows\{B49F18D3-5A3B-4067-9364-726C5BCC3E29}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{4047F151-F5B3-428c-9065-74BB13FC01E7} | C:\Windows\{C1487626-296C-4ab4-9CF2-9151C92E0F26}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{4047F151-F5B3-428c-9065-74BB13FC01E7}\stubpath = "C:\\Windows\\{4047F151-F5B3-428c-9065-74BB13FC01E7}.exe" | C:\Windows\{C1487626-296C-4ab4-9CF2-9151C92E0F26}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{98390355-6891-402d-927A-52B1E7189C9B} | C:\Windows\{7A1D86F5-EEAC-407a-9CA1-BE4569038184}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{7928A926-96D1-4569-8672-1371AB35C300} | C:\Windows\{98390355-6891-402d-927A-52B1E7189C9B}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{A5E7109D-AE94-4470-B6F7-5F31C9834698}\stubpath = "C:\\Windows\\{A5E7109D-AE94-4470-B6F7-5F31C9834698}.exe" | C:\Windows\{DC392DD0-8D27-48d0-86CE-67B54EFF477F}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{ACEC787B-2000-486e-8202-B09C9CF892D1}\stubpath = "C:\\Windows\\{ACEC787B-2000-486e-8202-B09C9CF892D1}.exe" | C:\Windows\{67EAA800-E614-40a1-B7DD-0D97095EE950}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{CD0C126D-BF7F-464c-81D5-20282407A79C} | C:\Windows\{ACEC787B-2000-486e-8202-B09C9CF892D1}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{C1487626-296C-4ab4-9CF2-9151C92E0F26}\stubpath = "C:\\Windows\\{C1487626-296C-4ab4-9CF2-9151C92E0F26}.exe" | C:\Users\Admin\AppData\Local\Temp\2024-03-02_164de08d5920bce67bd0075809e6beb7_goldeneye.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{7928A926-96D1-4569-8672-1371AB35C300}\stubpath = "C:\\Windows\\{7928A926-96D1-4569-8672-1371AB35C300}.exe" | C:\Windows\{98390355-6891-402d-927A-52B1E7189C9B}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{DC392DD0-8D27-48d0-86CE-67B54EFF477F}\stubpath = "C:\\Windows\\{DC392DD0-8D27-48d0-86CE-67B54EFF477F}.exe" | C:\Windows\{7928A926-96D1-4569-8672-1371AB35C300}.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\{C1487626-296C-4ab4-9CF2-9151C92E0F26}.exe | N/A |
| N/A | N/A | C:\Windows\{4047F151-F5B3-428c-9065-74BB13FC01E7}.exe | N/A |
| N/A | N/A | C:\Windows\{7A1D86F5-EEAC-407a-9CA1-BE4569038184}.exe | N/A |
| N/A | N/A | C:\Windows\{98390355-6891-402d-927A-52B1E7189C9B}.exe | N/A |
| N/A | N/A | C:\Windows\{7928A926-96D1-4569-8672-1371AB35C300}.exe | N/A |
| N/A | N/A | C:\Windows\{DC392DD0-8D27-48d0-86CE-67B54EFF477F}.exe | N/A |
| N/A | N/A | C:\Windows\{A5E7109D-AE94-4470-B6F7-5F31C9834698}.exe | N/A |
| N/A | N/A | C:\Windows\{67EAA800-E614-40a1-B7DD-0D97095EE950}.exe | N/A |
| N/A | N/A | C:\Windows\{ACEC787B-2000-486e-8202-B09C9CF892D1}.exe | N/A |
| N/A | N/A | C:\Windows\{CD0C126D-BF7F-464c-81D5-20282407A79C}.exe | N/A |
| N/A | N/A | C:\Windows\{B49F18D3-5A3B-4067-9364-726C5BCC3E29}.exe | N/A |
| N/A | N/A | C:\Windows\{0E824713-12B6-4dc4-B02C-D8CC6B3515F7}.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\{DC392DD0-8D27-48d0-86CE-67B54EFF477F}.exe | C:\Windows\{7928A926-96D1-4569-8672-1371AB35C300}.exe | N/A |
| File created | C:\Windows\{ACEC787B-2000-486e-8202-B09C9CF892D1}.exe | C:\Windows\{67EAA800-E614-40a1-B7DD-0D97095EE950}.exe | N/A |
| File created | C:\Windows\{0E824713-12B6-4dc4-B02C-D8CC6B3515F7}.exe | C:\Windows\{B49F18D3-5A3B-4067-9364-726C5BCC3E29}.exe | N/A |
| File created | C:\Windows\{C1487626-296C-4ab4-9CF2-9151C92E0F26}.exe | C:\Users\Admin\AppData\Local\Temp\2024-03-02_164de08d5920bce67bd0075809e6beb7_goldeneye.exe | N/A |
| File created | C:\Windows\{7A1D86F5-EEAC-407a-9CA1-BE4569038184}.exe | C:\Windows\{4047F151-F5B3-428c-9065-74BB13FC01E7}.exe | N/A |
| File created | C:\Windows\{98390355-6891-402d-927A-52B1E7189C9B}.exe | C:\Windows\{7A1D86F5-EEAC-407a-9CA1-BE4569038184}.exe | N/A |
| File created | C:\Windows\{7928A926-96D1-4569-8672-1371AB35C300}.exe | C:\Windows\{98390355-6891-402d-927A-52B1E7189C9B}.exe | N/A |
| File created | C:\Windows\{A5E7109D-AE94-4470-B6F7-5F31C9834698}.exe | C:\Windows\{DC392DD0-8D27-48d0-86CE-67B54EFF477F}.exe | N/A |
| File created | C:\Windows\{67EAA800-E614-40a1-B7DD-0D97095EE950}.exe | C:\Windows\{A5E7109D-AE94-4470-B6F7-5F31C9834698}.exe | N/A |
| File created | C:\Windows\{CD0C126D-BF7F-464c-81D5-20282407A79C}.exe | C:\Windows\{ACEC787B-2000-486e-8202-B09C9CF892D1}.exe | N/A |
| File created | C:\Windows\{B49F18D3-5A3B-4067-9364-726C5BCC3E29}.exe | C:\Windows\{CD0C126D-BF7F-464c-81D5-20282407A79C}.exe | N/A |
| File created | C:\Windows\{4047F151-F5B3-428c-9065-74BB13FC01E7}.exe | C:\Windows\{C1487626-296C-4ab4-9CF2-9151C92E0F26}.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-03-02_164de08d5920bce67bd0075809e6beb7_goldeneye.exe
"C:\Users\Admin\AppData\Local\Temp\2024-03-02_164de08d5920bce67bd0075809e6beb7_goldeneye.exe"
C:\Windows\{C1487626-296C-4ab4-9CF2-9151C92E0F26}.exe
C:\Windows\{C1487626-296C-4ab4-9CF2-9151C92E0F26}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
C:\Windows\{4047F151-F5B3-428c-9065-74BB13FC01E7}.exe
C:\Windows\{4047F151-F5B3-428c-9065-74BB13FC01E7}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{C1487~1.EXE > nul
C:\Windows\{7A1D86F5-EEAC-407a-9CA1-BE4569038184}.exe
C:\Windows\{7A1D86F5-EEAC-407a-9CA1-BE4569038184}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{4047F~1.EXE > nul
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1404 --field-trial-handle=2328,i,5873823382323802923,13134441441264702821,262144 --variations-seed-version /prefetch:8
C:\Windows\{98390355-6891-402d-927A-52B1E7189C9B}.exe
C:\Windows\{98390355-6891-402d-927A-52B1E7189C9B}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{7A1D8~1.EXE > nul
C:\Windows\{7928A926-96D1-4569-8672-1371AB35C300}.exe
C:\Windows\{7928A926-96D1-4569-8672-1371AB35C300}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{98390~1.EXE > nul
C:\Windows\{DC392DD0-8D27-48d0-86CE-67B54EFF477F}.exe
C:\Windows\{DC392DD0-8D27-48d0-86CE-67B54EFF477F}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{7928A~1.EXE > nul
C:\Windows\{A5E7109D-AE94-4470-B6F7-5F31C9834698}.exe
C:\Windows\{A5E7109D-AE94-4470-B6F7-5F31C9834698}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{DC392~1.EXE > nul
C:\Windows\{67EAA800-E614-40a1-B7DD-0D97095EE950}.exe
C:\Windows\{67EAA800-E614-40a1-B7DD-0D97095EE950}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{A5E71~1.EXE > nul
C:\Windows\{ACEC787B-2000-486e-8202-B09C9CF892D1}.exe
C:\Windows\{ACEC787B-2000-486e-8202-B09C9CF892D1}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{67EAA~1.EXE > nul
C:\Windows\{CD0C126D-BF7F-464c-81D5-20282407A79C}.exe
C:\Windows\{CD0C126D-BF7F-464c-81D5-20282407A79C}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{ACEC7~1.EXE > nul
C:\Windows\{B49F18D3-5A3B-4067-9364-726C5BCC3E29}.exe
C:\Windows\{B49F18D3-5A3B-4067-9364-726C5BCC3E29}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{CD0C1~1.EXE > nul
C:\Windows\{0E824713-12B6-4dc4-B02C-D8CC6B3515F7}.exe
C:\Windows\{0E824713-12B6-4dc4-B02C-D8CC6B3515F7}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{B49F1~1.EXE > nul
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 5.181.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.154.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.171.91.138.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.110.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.200:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 13.107.253.64:443 | tcp | |
| US | 8.8.8.8:53 | 217.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | chromewebstore.googleapis.com | udp |
| US | 8.8.8.8:53 | chromewebstore.googleapis.com | udp |
| GB | 142.250.179.234:443 | chromewebstore.googleapis.com | tcp |
| US | 8.8.8.8:53 | 234.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 179.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 208.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 85.65.42.20.in-addr.arpa | udp |
Files
C:\Windows\{C1487626-296C-4ab4-9CF2-9151C92E0F26}.exe
| MD5 | 6a44eea4d9ee4644da0f417a6e62c31c |
| SHA1 | 8180cafbc6821cbee7168eaf3516d243d30f5f8a |
| SHA256 | af427ca61bc00f5de18b688fdc8d7e821610d655ac9c0879d5d749ed720edd93 |
| SHA512 | 199fd36ce92ee3e75338dfad55c7f13034d2b4baa070b78ce87cf0d7415c2b08574bb89fcbc32fb315dec949861a7cc117a18c7bed7242ac72728ffca97aec9f |
C:\Windows\{4047F151-F5B3-428c-9065-74BB13FC01E7}.exe
| MD5 | 6822c062a6193fc9b110d60141911442 |
| SHA1 | 832a2bab459971279a0be22c3c497895824b24d9 |
| SHA256 | e781bc9ede80c86fef40af68046924dc316223acfca632c267ad00919dd4a3d7 |
| SHA512 | 53ff51dd2268aa28c81cc99ad442b30eab518bb9036f442e15e4969bde08e24e3d3cc58a26809460eb262fb452c9d7d8f6f5e5f59d97b390b57bca05c754d0e5 |
C:\Windows\{7A1D86F5-EEAC-407a-9CA1-BE4569038184}.exe
| MD5 | 7b63b31385159d4733045e1054b49edb |
| SHA1 | 1b93e4f9f8acc0becefeda31befe305c2b242e87 |
| SHA256 | 1ada88a4b298996703f2e652ef6189d519eb5d8c9c51e7320c17ee08f27e3b69 |
| SHA512 | 9742b6540feab5d1cdd238aa3c4559488fd444b07a9728d145c3e9c932658925abda330464e2f3b75ace26f739302aae4b94be9e0c87d61f95f41b4d84a29c5e |
C:\Windows\{98390355-6891-402d-927A-52B1E7189C9B}.exe
| MD5 | ef5499a41592997ec8ca74cf3f689649 |
| SHA1 | 84517388825a894c75b4093b1a682f664f73061e |
| SHA256 | 0e6bc8ee87b54ceab7ff4e5c35d6ed8f239bc8134535b7789b73ac2be0c6703b |
| SHA512 | e3ab069f94ad4223a2147b11ac4952d85f24c02b99bb5e6e0668fb0f2a6b6fe0cb13a860c3d2501ed6b3013722b13ef83885a3844be9adb309447c590011eb45 |
C:\Windows\{7928A926-96D1-4569-8672-1371AB35C300}.exe
| MD5 | 47e04ced1c2db2935026a227926ebcd6 |
| SHA1 | a3c4c4a3942771b5742ccf8693212ee101079fec |
| SHA256 | 3b29723d796787d129b5dbc005498142c3ae95cb1b0e48ca8f214650933184f8 |
| SHA512 | 05e3bb029e3b233e01dd135be42e38f481950302701862379b57d327709031f495c4b3da546b37d2dab8bc0f6c87e1149078b0e03868e1690a12db7f28f456d5 |
C:\Windows\{DC392DD0-8D27-48d0-86CE-67B54EFF477F}.exe
| MD5 | 20f72f12d151ec7fe7922214446a59d9 |
| SHA1 | 74df359bd98fc9de661547848b231b6a4995ed56 |
| SHA256 | 8ad33bbca96bee57753115962efdf01433c728d71daa5ac143a319e411bb46de |
| SHA512 | c2323265e5d5e225056c25198401e632cbe99abb94b88595dcf04befc5d36dbdd4c484dfe257f298302f9b3b40e718b695359e5efa08bbdbb777faf9980dfddc |
C:\Windows\{A5E7109D-AE94-4470-B6F7-5F31C9834698}.exe
| MD5 | b9293e774cd94a788396b30464b8b819 |
| SHA1 | 20d02816fb2e7f4b5c36a05ddc0595b0d1f29757 |
| SHA256 | 665e27cebcc4f7321cf2aef0f59028e03e59bfa4f837a463686834b3fd883104 |
| SHA512 | 146a2b92685951b35da8fc3a83ef82227eee727ed3e7c7f6aa82ac35a0a21b801282ce765d4a1121ad7e9253040e839175cda4366525f006952917a32c1c7614 |
C:\Windows\{67EAA800-E614-40a1-B7DD-0D97095EE950}.exe
| MD5 | 0e95545d51ecdd67ba0b934041f13241 |
| SHA1 | 122464d3c861bd3eb1b6597117880d35863ab140 |
| SHA256 | 1230ffe58a9718cce1d4c9ba854a02066442af221f47da2e658f2be5d7153105 |
| SHA512 | 85f23502b4852fb12d347a458089acd1ae69549048e5535d07de1efbb9fb283a5974d44cc4ea9669df5226309179c2e564712bcb400601fc1ac79565da84a193 |
C:\Windows\{ACEC787B-2000-486e-8202-B09C9CF892D1}.exe
| MD5 | 4d84f15606401cb742f115d34744371f |
| SHA1 | 6839f696ec877dff4554ad58eaba66877e015c9d |
| SHA256 | 95c99d02c81794e2e2efb5d101383834936f522e002d3f2d704f4e286dc609ff |
| SHA512 | e7c81211fd1fbe2fdb093f5412b28d80c9166f38432d1adcfe6085256c3613f2c50a38b6e111b1fff9b07f6529379d9a5cbb736713115f4e0d02ba5a84587737 |
C:\Windows\{CD0C126D-BF7F-464c-81D5-20282407A79C}.exe
| MD5 | 88f0d17a1e9c2fd69373dc00d9fe0e0a |
| SHA1 | 35c46a0e8ce212f83cdc1bf706ac231c7486fcb4 |
| SHA256 | de97abc898f3a2470951d7f53b5b1fbd68ea7917e84899a220c6ddf01d7f696c |
| SHA512 | 0f22a6fb9ea991fd94a272e4ae8f88ef009e02b112989f814a3c257a73877508986d21ce92454e92a5b40078d2d64b87735f22bbd4c8628ae0747f8fc9202f67 |
C:\Windows\{B49F18D3-5A3B-4067-9364-726C5BCC3E29}.exe
| MD5 | fc72558249d967002775beed8e140ae7 |
| SHA1 | e1f511923db1756a88595ea9a9ed5fdc25f6fa94 |
| SHA256 | 5d522fbe1de227a84c9a46a0743b0d0776091364a0015cdf01010262d76173b0 |
| SHA512 | 9a261cd4b793605895273a5b1ffa74cc2467ab20e2730c2bbc62b9effc0e97bc4a1a6ca7d21060c975dc4f814e780ed80994708e45f8456f6d62482599967ba5 |
C:\Windows\{0E824713-12B6-4dc4-B02C-D8CC6B3515F7}.exe
| MD5 | a28b95e4c2afdfc172591f374bfafa4e |
| SHA1 | b043104438e486f83235430f15ecdc261825a9d7 |
| SHA256 | 0ca7c450fa96d1cd359341643c9a181a92930275443ad76bcc3230e52fc3f9a6 |
| SHA512 | b7ca8ee701100f494f46f652bcbce4f34bfcca05a4d73dd4d9724e2d3a7ffcc02fcd2a2e1dae542ee5407f1ede132eeb36309c824b5fb8410c9e9754c95528d1 |
Analysis: behavioral1
Detonation Overview
Submitted
2024-03-02 16:31
Reported
2024-03-02 16:33
Platform
win7-20240215-en
Max time kernel
144s
Max time network
123s
Command Line
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{F22EFBAC-3677-47a0-BB2D-2B557CE10031}\stubpath = "C:\\Windows\\{F22EFBAC-3677-47a0-BB2D-2B557CE10031}.exe" | C:\Windows\{1E906994-9BD7-4aa7-8A86-D14E1598567C}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{F39A3723-EFCF-43d2-BE6C-63C8AB327401}\stubpath = "C:\\Windows\\{F39A3723-EFCF-43d2-BE6C-63C8AB327401}.exe" | C:\Windows\{F22EFBAC-3677-47a0-BB2D-2B557CE10031}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{0D6AA90D-493B-4314-8541-88CD700166E2} | C:\Windows\{90692767-9AA5-44ba-ADF0-C1B781FA909B}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{CC5D2798-414D-4e1b-9726-DF0A1C2B94FB}\stubpath = "C:\\Windows\\{CC5D2798-414D-4e1b-9726-DF0A1C2B94FB}.exe" | C:\Windows\{0D6AA90D-493B-4314-8541-88CD700166E2}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{C8F71E79-0AA5-472f-BA94-B4E662969B5D} | C:\Windows\{F39A3723-EFCF-43d2-BE6C-63C8AB327401}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{90692767-9AA5-44ba-ADF0-C1B781FA909B} | C:\Windows\{C41FE860-1F41-4e02-982F-F300D9204BBE}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{0D6AA90D-493B-4314-8541-88CD700166E2}\stubpath = "C:\\Windows\\{0D6AA90D-493B-4314-8541-88CD700166E2}.exe" | C:\Windows\{90692767-9AA5-44ba-ADF0-C1B781FA909B}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{CC5D2798-414D-4e1b-9726-DF0A1C2B94FB} | C:\Windows\{0D6AA90D-493B-4314-8541-88CD700166E2}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{FE43BF03-DBBA-4e64-8192-BFB834EB00F2} | C:\Windows\{CC5D2798-414D-4e1b-9726-DF0A1C2B94FB}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{6E99404B-06D2-48bc-AB6C-09C642A09FD7}\stubpath = "C:\\Windows\\{6E99404B-06D2-48bc-AB6C-09C642A09FD7}.exe" | C:\Windows\{FE43BF03-DBBA-4e64-8192-BFB834EB00F2}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{1E906994-9BD7-4aa7-8A86-D14E1598567C} | C:\Users\Admin\AppData\Local\Temp\2024-03-02_164de08d5920bce67bd0075809e6beb7_goldeneye.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{1E906994-9BD7-4aa7-8A86-D14E1598567C}\stubpath = "C:\\Windows\\{1E906994-9BD7-4aa7-8A86-D14E1598567C}.exe" | C:\Users\Admin\AppData\Local\Temp\2024-03-02_164de08d5920bce67bd0075809e6beb7_goldeneye.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{F22EFBAC-3677-47a0-BB2D-2B557CE10031} | C:\Windows\{1E906994-9BD7-4aa7-8A86-D14E1598567C}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{F39A3723-EFCF-43d2-BE6C-63C8AB327401} | C:\Windows\{F22EFBAC-3677-47a0-BB2D-2B557CE10031}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{C8F71E79-0AA5-472f-BA94-B4E662969B5D}\stubpath = "C:\\Windows\\{C8F71E79-0AA5-472f-BA94-B4E662969B5D}.exe" | C:\Windows\{F39A3723-EFCF-43d2-BE6C-63C8AB327401}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{7A7BE827-BA83-4855-8117-6FA863AE8BA9}\stubpath = "C:\\Windows\\{7A7BE827-BA83-4855-8117-6FA863AE8BA9}.exe" | C:\Windows\{C8F71E79-0AA5-472f-BA94-B4E662969B5D}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{90692767-9AA5-44ba-ADF0-C1B781FA909B}\stubpath = "C:\\Windows\\{90692767-9AA5-44ba-ADF0-C1B781FA909B}.exe" | C:\Windows\{C41FE860-1F41-4e02-982F-F300D9204BBE}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{7A7BE827-BA83-4855-8117-6FA863AE8BA9} | C:\Windows\{C8F71E79-0AA5-472f-BA94-B4E662969B5D}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{C41FE860-1F41-4e02-982F-F300D9204BBE} | C:\Windows\{7A7BE827-BA83-4855-8117-6FA863AE8BA9}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{C41FE860-1F41-4e02-982F-F300D9204BBE}\stubpath = "C:\\Windows\\{C41FE860-1F41-4e02-982F-F300D9204BBE}.exe" | C:\Windows\{7A7BE827-BA83-4855-8117-6FA863AE8BA9}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{FE43BF03-DBBA-4e64-8192-BFB834EB00F2}\stubpath = "C:\\Windows\\{FE43BF03-DBBA-4e64-8192-BFB834EB00F2}.exe" | C:\Windows\{CC5D2798-414D-4e1b-9726-DF0A1C2B94FB}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{6E99404B-06D2-48bc-AB6C-09C642A09FD7} | C:\Windows\{FE43BF03-DBBA-4e64-8192-BFB834EB00F2}.exe | N/A |
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\cmd.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\{1E906994-9BD7-4aa7-8A86-D14E1598567C}.exe | N/A |
| N/A | N/A | C:\Windows\{F22EFBAC-3677-47a0-BB2D-2B557CE10031}.exe | N/A |
| N/A | N/A | C:\Windows\{F39A3723-EFCF-43d2-BE6C-63C8AB327401}.exe | N/A |
| N/A | N/A | C:\Windows\{C8F71E79-0AA5-472f-BA94-B4E662969B5D}.exe | N/A |
| N/A | N/A | C:\Windows\{7A7BE827-BA83-4855-8117-6FA863AE8BA9}.exe | N/A |
| N/A | N/A | C:\Windows\{C41FE860-1F41-4e02-982F-F300D9204BBE}.exe | N/A |
| N/A | N/A | C:\Windows\{90692767-9AA5-44ba-ADF0-C1B781FA909B}.exe | N/A |
| N/A | N/A | C:\Windows\{0D6AA90D-493B-4314-8541-88CD700166E2}.exe | N/A |
| N/A | N/A | C:\Windows\{CC5D2798-414D-4e1b-9726-DF0A1C2B94FB}.exe | N/A |
| N/A | N/A | C:\Windows\{FE43BF03-DBBA-4e64-8192-BFB834EB00F2}.exe | N/A |
| N/A | N/A | C:\Windows\{6E99404B-06D2-48bc-AB6C-09C642A09FD7}.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\{F39A3723-EFCF-43d2-BE6C-63C8AB327401}.exe | C:\Windows\{F22EFBAC-3677-47a0-BB2D-2B557CE10031}.exe | N/A |
| File created | C:\Windows\{7A7BE827-BA83-4855-8117-6FA863AE8BA9}.exe | C:\Windows\{C8F71E79-0AA5-472f-BA94-B4E662969B5D}.exe | N/A |
| File created | C:\Windows\{FE43BF03-DBBA-4e64-8192-BFB834EB00F2}.exe | C:\Windows\{CC5D2798-414D-4e1b-9726-DF0A1C2B94FB}.exe | N/A |
| File created | C:\Windows\{6E99404B-06D2-48bc-AB6C-09C642A09FD7}.exe | C:\Windows\{FE43BF03-DBBA-4e64-8192-BFB834EB00F2}.exe | N/A |
| File created | C:\Windows\{1E906994-9BD7-4aa7-8A86-D14E1598567C}.exe | C:\Users\Admin\AppData\Local\Temp\2024-03-02_164de08d5920bce67bd0075809e6beb7_goldeneye.exe | N/A |
| File created | C:\Windows\{F22EFBAC-3677-47a0-BB2D-2B557CE10031}.exe | C:\Windows\{1E906994-9BD7-4aa7-8A86-D14E1598567C}.exe | N/A |
| File created | C:\Windows\{C8F71E79-0AA5-472f-BA94-B4E662969B5D}.exe | C:\Windows\{F39A3723-EFCF-43d2-BE6C-63C8AB327401}.exe | N/A |
| File created | C:\Windows\{C41FE860-1F41-4e02-982F-F300D9204BBE}.exe | C:\Windows\{7A7BE827-BA83-4855-8117-6FA863AE8BA9}.exe | N/A |
| File created | C:\Windows\{90692767-9AA5-44ba-ADF0-C1B781FA909B}.exe | C:\Windows\{C41FE860-1F41-4e02-982F-F300D9204BBE}.exe | N/A |
| File created | C:\Windows\{0D6AA90D-493B-4314-8541-88CD700166E2}.exe | C:\Windows\{90692767-9AA5-44ba-ADF0-C1B781FA909B}.exe | N/A |
| File created | C:\Windows\{CC5D2798-414D-4e1b-9726-DF0A1C2B94FB}.exe | C:\Windows\{0D6AA90D-493B-4314-8541-88CD700166E2}.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-03-02_164de08d5920bce67bd0075809e6beb7_goldeneye.exe
"C:\Users\Admin\AppData\Local\Temp\2024-03-02_164de08d5920bce67bd0075809e6beb7_goldeneye.exe"
C:\Windows\{1E906994-9BD7-4aa7-8A86-D14E1598567C}.exe
C:\Windows\{1E906994-9BD7-4aa7-8A86-D14E1598567C}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
C:\Windows\{F22EFBAC-3677-47a0-BB2D-2B557CE10031}.exe
C:\Windows\{F22EFBAC-3677-47a0-BB2D-2B557CE10031}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{1E906~1.EXE > nul
C:\Windows\{F39A3723-EFCF-43d2-BE6C-63C8AB327401}.exe
C:\Windows\{F39A3723-EFCF-43d2-BE6C-63C8AB327401}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{F22EF~1.EXE > nul
C:\Windows\{C8F71E79-0AA5-472f-BA94-B4E662969B5D}.exe
C:\Windows\{C8F71E79-0AA5-472f-BA94-B4E662969B5D}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{F39A3~1.EXE > nul
C:\Windows\{7A7BE827-BA83-4855-8117-6FA863AE8BA9}.exe
C:\Windows\{7A7BE827-BA83-4855-8117-6FA863AE8BA9}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{C8F71~1.EXE > nul
C:\Windows\{C41FE860-1F41-4e02-982F-F300D9204BBE}.exe
C:\Windows\{C41FE860-1F41-4e02-982F-F300D9204BBE}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{7A7BE~1.EXE > nul
C:\Windows\{90692767-9AA5-44ba-ADF0-C1B781FA909B}.exe
C:\Windows\{90692767-9AA5-44ba-ADF0-C1B781FA909B}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{C41FE~1.EXE > nul
C:\Windows\{0D6AA90D-493B-4314-8541-88CD700166E2}.exe
C:\Windows\{0D6AA90D-493B-4314-8541-88CD700166E2}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{90692~1.EXE > nul
C:\Windows\{CC5D2798-414D-4e1b-9726-DF0A1C2B94FB}.exe
C:\Windows\{CC5D2798-414D-4e1b-9726-DF0A1C2B94FB}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{0D6AA~1.EXE > nul
C:\Windows\{FE43BF03-DBBA-4e64-8192-BFB834EB00F2}.exe
C:\Windows\{FE43BF03-DBBA-4e64-8192-BFB834EB00F2}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{CC5D2~1.EXE > nul
C:\Windows\{6E99404B-06D2-48bc-AB6C-09C642A09FD7}.exe
C:\Windows\{6E99404B-06D2-48bc-AB6C-09C642A09FD7}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{FE43B~1.EXE > nul
Network
Files
C:\Windows\{1E906994-9BD7-4aa7-8A86-D14E1598567C}.exe
| MD5 | 28cc4bee2a1bb57f74817b4ede0525f6 |
| SHA1 | 3fe8f36b9fdf13dd2cadad6ab0ab876dd3a7b134 |
| SHA256 | 5361d7536654046c9f8ff7f31cceedbb195a3e87f456f3a3e83ea3604a0127a1 |
| SHA512 | 1a34649e86b4efc14cf92dc400da181d13417ec9487be6f11ba4e54ffadd94e3cd47751d30f7b65757c1f8c2ced7931aa22efd35a15197f5909779ed4446f40c |
C:\Windows\{F22EFBAC-3677-47a0-BB2D-2B557CE10031}.exe
| MD5 | 9526767791aa1a7994e1b550353c340c |
| SHA1 | e63534cf0bfc88984732a4927fa8779e474e745a |
| SHA256 | 8a610c3ef02b6e91790a7cd0f840819bc00f36588cd465ba0f00e4c2f8f37752 |
| SHA512 | 9fe1def048ec62256beb2addddcc9f97ab30ae6cc4c31e97f187025b77710dfef6674e272433088a17d98a662dd2285270f5f23269e6e15b30a6385373966909 |
C:\Windows\{F39A3723-EFCF-43d2-BE6C-63C8AB327401}.exe
| MD5 | e8e7596e171ef9cfaa34c3bd218dcab9 |
| SHA1 | 88ab1aab3687e1412bb670e6057858a88cc47046 |
| SHA256 | c78af638d7fb0b0a59cf18924d9fa7210f91a1cc7cd2f0ea75d39288e4ecd23e |
| SHA512 | c666a2e3f02782ee2bd26f18af841715f61437d1b6b4ff2cf1c8973c39ce2ca67c02c3a2bd635e154a2796dbb31986d99063a6ac096cf5e54e197bfe77ffa9b1 |
C:\Windows\{C8F71E79-0AA5-472f-BA94-B4E662969B5D}.exe
| MD5 | 0cf3d8bb15620e0884daf89c2acdd4ef |
| SHA1 | 4b302208c9c9aa2b8f957d141866a53e2bb7d97d |
| SHA256 | 9cd98971906a2ade31a76d2c6704b543705c36aaeb8ddfc6cf5f24dc5d8c7f74 |
| SHA512 | 60100985d02d80ede80ea6afc30bd99137374b61d97b7f0941f4ca6f3fd91f7e0070b688440fdccfa89dbb9d6293ff617242dafe5178e2cf5f5abddf61005920 |
C:\Windows\{7A7BE827-BA83-4855-8117-6FA863AE8BA9}.exe
| MD5 | 7f142d279f6d769736b4637e779645f4 |
| SHA1 | b719e52470b665f23c724a35c7be0de56cdb7726 |
| SHA256 | dee4ff6e58f4a737c7121974841ca59d9cd28cf07031b8af4aae24c57110251f |
| SHA512 | a735091db4295ed55beb4b113554d690ce86fe6d6c7c60ba2c49ce569a648e082d2a9a874f99a794d0cdb786db204557483686ccee04e503653ac60c3438b5dd |
C:\Windows\{C41FE860-1F41-4e02-982F-F300D9204BBE}.exe
| MD5 | 69b8e53fd9afbf4d79ddcfab3eaad3df |
| SHA1 | 53418e9f7a56cc1b815eca0a4929d40b7a2660df |
| SHA256 | e6c80ac166730aade6ac3a93c72e74f5fbf947ca916c71aa5eaef4c1dd3d9864 |
| SHA512 | b29406f8abbda9b17f19af3e20f06e6461c69bff4051575bdc39d6cafbc5a4982808b4cf86b280f14734890cba7a37893da4cd5c28bb5e331f6ceb8d7416d2b9 |
C:\Windows\{90692767-9AA5-44ba-ADF0-C1B781FA909B}.exe
| MD5 | 7a6a15e142979fd8b684a635786682d4 |
| SHA1 | f248eece4c4a98869139850f3635732dbb50ec36 |
| SHA256 | 4a502d181500cbf021140f1f1bb7461486881f5ae4585f973c72b0477bbcf2b5 |
| SHA512 | 1217beafa66581f6e8b5d0087f054475144c0817e052348ec9c04d569f47b724949e3b880fcb97804b86f87196ceda9060f3e2fa902eac54b0e02f969b39be28 |
C:\Windows\{0D6AA90D-493B-4314-8541-88CD700166E2}.exe
| MD5 | 19ea88ec3a9f3491dd6f19db450666b4 |
| SHA1 | 648b6030d7669524917130177b06b6dfee5735cc |
| SHA256 | a43542185a91d908ee6c1fc33ad264913d9336eb011e3f5f55bb2a928e07e54b |
| SHA512 | a84857d3ecdeabbc22386ec246d769a781391d91c3b5e502672018cbfd9c310dbd7058eb09feaa3d86a651814442b9d30e54beb54516d976cc0b38aba91c7897 |
C:\Windows\{CC5D2798-414D-4e1b-9726-DF0A1C2B94FB}.exe
| MD5 | a664c2de655404a12a34aebfe331bdff |
| SHA1 | 8f956574b8cf3a50dd538a67abbce9d3ee68d192 |
| SHA256 | aa70dd3a0fcda38efeea6e77493dc5625ee18b0f8e0c34e6310387ee32814dc2 |
| SHA512 | d87f73c19a8e417b8e60917fe3634a1926caa0441eb28631e1de2192d6350d8f520c1110db584db4d11f764c98bf947616c4418e70a3b5ece67910f9eb0f32cb |
C:\Windows\{FE43BF03-DBBA-4e64-8192-BFB834EB00F2}.exe
| MD5 | 8edbeb5b7e476176b745fc6fb0f2a00f |
| SHA1 | 3b5e7470c0616613115aeb924669ac0201997281 |
| SHA256 | b42f2a55fa9e6a64f36fc76220c5a244663432017083873e03aa9b4446832b8f |
| SHA512 | d73e2f7796d5ebd6731e216c0d6952791589b6b849d81c229a53cd774b3d4bf22e6688765056090bf66585646ac5822dfdc1874114aaf9c8fea8f45daa469f68 |
C:\Windows\{6E99404B-06D2-48bc-AB6C-09C642A09FD7}.exe
| MD5 | a15ec99267fafde4ae25bc0acc8a9347 |
| SHA1 | 19ee8309788a9d97ac4db0325e71fe67c57944df |
| SHA256 | f6bea61c1db195d4a84996bf48761760ddc7dbdc00a5171fc57f3f14f4f90767 |
| SHA512 | 75704bf69d2031063cf8fbd8c69d9617d941343a3ab7b05d976bae6b917e183e874ca8c03d853592830b7c778636a2c1071a63e2121731f361ca416bb7cd3989 |