Analysis Overview
SHA256
ab47f60e736382aaea83ac449682a8908b0f8fbb644d20ff975d9e27f82025c8
Threat Level: Known bad
The file 2024-03-02_1d83b5d5a996b10bd072a83df62b3ae2_goldeneye was found to be: Known bad.
Malicious Activity Summary
Auto-generated rule
Auto-generated rule
Modifies Installed Components in the registry
Executes dropped EXE
Deletes itself
Drops file in Windows directory
Unsigned PE
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-03-02 16:34
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-03-02 16:34
Reported
2024-03-02 16:36
Platform
win7-20240221-en
Max time kernel
144s
Max time network
122s
Command Line
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{24731FE3-7AAC-44b3-A7B4-3A18A89F78A2}\stubpath = "C:\\Windows\\{24731FE3-7AAC-44b3-A7B4-3A18A89F78A2}.exe" | C:\Windows\{86067B87-74DD-473d-81AE-BF0AA1EC2608}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{917EAE3E-966D-4dcb-B063-5EA3481E9237} | C:\Windows\{A675B80C-A2DB-4008-960E-A92467EDC6F0}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{03FD0D1F-0B4D-42c9-B922-22F64EE0ED1D} | C:\Users\Admin\AppData\Local\Temp\2024-03-02_1d83b5d5a996b10bd072a83df62b3ae2_goldeneye.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{CA5D9B95-F6DA-421d-AE69-A2EA98DCD469} | C:\Windows\{84219630-A311-49de-80BA-A2883CB8BD37}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{CA5D9B95-F6DA-421d-AE69-A2EA98DCD469}\stubpath = "C:\\Windows\\{CA5D9B95-F6DA-421d-AE69-A2EA98DCD469}.exe" | C:\Windows\{84219630-A311-49de-80BA-A2883CB8BD37}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{8F5AFE6E-C814-40e0-8B23-994A94C9C67A}\stubpath = "C:\\Windows\\{8F5AFE6E-C814-40e0-8B23-994A94C9C67A}.exe" | C:\Windows\{24731FE3-7AAC-44b3-A7B4-3A18A89F78A2}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{3C6F648C-31CC-43e2-A324-8E1B825038A7}\stubpath = "C:\\Windows\\{3C6F648C-31CC-43e2-A324-8E1B825038A7}.exe" | C:\Windows\{03FD0D1F-0B4D-42c9-B922-22F64EE0ED1D}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{585DE9F4-48C7-4f5d-84FA-C1C69532B9DC} | C:\Windows\{CA5D9B95-F6DA-421d-AE69-A2EA98DCD469}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{86067B87-74DD-473d-81AE-BF0AA1EC2608} | C:\Windows\{585DE9F4-48C7-4f5d-84FA-C1C69532B9DC}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{1DB83913-5521-4194-8E69-C814617D12E3} | C:\Windows\{8F5AFE6E-C814-40e0-8B23-994A94C9C67A}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{1DB83913-5521-4194-8E69-C814617D12E3}\stubpath = "C:\\Windows\\{1DB83913-5521-4194-8E69-C814617D12E3}.exe" | C:\Windows\{8F5AFE6E-C814-40e0-8B23-994A94C9C67A}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{A675B80C-A2DB-4008-960E-A92467EDC6F0} | C:\Windows\{1DB83913-5521-4194-8E69-C814617D12E3}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{917EAE3E-966D-4dcb-B063-5EA3481E9237}\stubpath = "C:\\Windows\\{917EAE3E-966D-4dcb-B063-5EA3481E9237}.exe" | C:\Windows\{A675B80C-A2DB-4008-960E-A92467EDC6F0}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{84219630-A311-49de-80BA-A2883CB8BD37} | C:\Windows\{3C6F648C-31CC-43e2-A324-8E1B825038A7}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{585DE9F4-48C7-4f5d-84FA-C1C69532B9DC}\stubpath = "C:\\Windows\\{585DE9F4-48C7-4f5d-84FA-C1C69532B9DC}.exe" | C:\Windows\{CA5D9B95-F6DA-421d-AE69-A2EA98DCD469}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{8F5AFE6E-C814-40e0-8B23-994A94C9C67A} | C:\Windows\{24731FE3-7AAC-44b3-A7B4-3A18A89F78A2}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{86067B87-74DD-473d-81AE-BF0AA1EC2608}\stubpath = "C:\\Windows\\{86067B87-74DD-473d-81AE-BF0AA1EC2608}.exe" | C:\Windows\{585DE9F4-48C7-4f5d-84FA-C1C69532B9DC}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{24731FE3-7AAC-44b3-A7B4-3A18A89F78A2} | C:\Windows\{86067B87-74DD-473d-81AE-BF0AA1EC2608}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{A675B80C-A2DB-4008-960E-A92467EDC6F0}\stubpath = "C:\\Windows\\{A675B80C-A2DB-4008-960E-A92467EDC6F0}.exe" | C:\Windows\{1DB83913-5521-4194-8E69-C814617D12E3}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{03FD0D1F-0B4D-42c9-B922-22F64EE0ED1D}\stubpath = "C:\\Windows\\{03FD0D1F-0B4D-42c9-B922-22F64EE0ED1D}.exe" | C:\Users\Admin\AppData\Local\Temp\2024-03-02_1d83b5d5a996b10bd072a83df62b3ae2_goldeneye.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{3C6F648C-31CC-43e2-A324-8E1B825038A7} | C:\Windows\{03FD0D1F-0B4D-42c9-B922-22F64EE0ED1D}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{84219630-A311-49de-80BA-A2883CB8BD37}\stubpath = "C:\\Windows\\{84219630-A311-49de-80BA-A2883CB8BD37}.exe" | C:\Windows\{3C6F648C-31CC-43e2-A324-8E1B825038A7}.exe | N/A |
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\cmd.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\{03FD0D1F-0B4D-42c9-B922-22F64EE0ED1D}.exe | N/A |
| N/A | N/A | C:\Windows\{3C6F648C-31CC-43e2-A324-8E1B825038A7}.exe | N/A |
| N/A | N/A | C:\Windows\{84219630-A311-49de-80BA-A2883CB8BD37}.exe | N/A |
| N/A | N/A | C:\Windows\{CA5D9B95-F6DA-421d-AE69-A2EA98DCD469}.exe | N/A |
| N/A | N/A | C:\Windows\{585DE9F4-48C7-4f5d-84FA-C1C69532B9DC}.exe | N/A |
| N/A | N/A | C:\Windows\{86067B87-74DD-473d-81AE-BF0AA1EC2608}.exe | N/A |
| N/A | N/A | C:\Windows\{24731FE3-7AAC-44b3-A7B4-3A18A89F78A2}.exe | N/A |
| N/A | N/A | C:\Windows\{8F5AFE6E-C814-40e0-8B23-994A94C9C67A}.exe | N/A |
| N/A | N/A | C:\Windows\{1DB83913-5521-4194-8E69-C814617D12E3}.exe | N/A |
| N/A | N/A | C:\Windows\{A675B80C-A2DB-4008-960E-A92467EDC6F0}.exe | N/A |
| N/A | N/A | C:\Windows\{917EAE3E-966D-4dcb-B063-5EA3481E9237}.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\{3C6F648C-31CC-43e2-A324-8E1B825038A7}.exe | C:\Windows\{03FD0D1F-0B4D-42c9-B922-22F64EE0ED1D}.exe | N/A |
| File created | C:\Windows\{84219630-A311-49de-80BA-A2883CB8BD37}.exe | C:\Windows\{3C6F648C-31CC-43e2-A324-8E1B825038A7}.exe | N/A |
| File created | C:\Windows\{86067B87-74DD-473d-81AE-BF0AA1EC2608}.exe | C:\Windows\{585DE9F4-48C7-4f5d-84FA-C1C69532B9DC}.exe | N/A |
| File created | C:\Windows\{917EAE3E-966D-4dcb-B063-5EA3481E9237}.exe | C:\Windows\{A675B80C-A2DB-4008-960E-A92467EDC6F0}.exe | N/A |
| File created | C:\Windows\{A675B80C-A2DB-4008-960E-A92467EDC6F0}.exe | C:\Windows\{1DB83913-5521-4194-8E69-C814617D12E3}.exe | N/A |
| File created | C:\Windows\{03FD0D1F-0B4D-42c9-B922-22F64EE0ED1D}.exe | C:\Users\Admin\AppData\Local\Temp\2024-03-02_1d83b5d5a996b10bd072a83df62b3ae2_goldeneye.exe | N/A |
| File created | C:\Windows\{CA5D9B95-F6DA-421d-AE69-A2EA98DCD469}.exe | C:\Windows\{84219630-A311-49de-80BA-A2883CB8BD37}.exe | N/A |
| File created | C:\Windows\{585DE9F4-48C7-4f5d-84FA-C1C69532B9DC}.exe | C:\Windows\{CA5D9B95-F6DA-421d-AE69-A2EA98DCD469}.exe | N/A |
| File created | C:\Windows\{24731FE3-7AAC-44b3-A7B4-3A18A89F78A2}.exe | C:\Windows\{86067B87-74DD-473d-81AE-BF0AA1EC2608}.exe | N/A |
| File created | C:\Windows\{8F5AFE6E-C814-40e0-8B23-994A94C9C67A}.exe | C:\Windows\{24731FE3-7AAC-44b3-A7B4-3A18A89F78A2}.exe | N/A |
| File created | C:\Windows\{1DB83913-5521-4194-8E69-C814617D12E3}.exe | C:\Windows\{8F5AFE6E-C814-40e0-8B23-994A94C9C67A}.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-03-02_1d83b5d5a996b10bd072a83df62b3ae2_goldeneye.exe
"C:\Users\Admin\AppData\Local\Temp\2024-03-02_1d83b5d5a996b10bd072a83df62b3ae2_goldeneye.exe"
C:\Windows\{03FD0D1F-0B4D-42c9-B922-22F64EE0ED1D}.exe
C:\Windows\{03FD0D1F-0B4D-42c9-B922-22F64EE0ED1D}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
C:\Windows\{3C6F648C-31CC-43e2-A324-8E1B825038A7}.exe
C:\Windows\{3C6F648C-31CC-43e2-A324-8E1B825038A7}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{03FD0~1.EXE > nul
C:\Windows\{84219630-A311-49de-80BA-A2883CB8BD37}.exe
C:\Windows\{84219630-A311-49de-80BA-A2883CB8BD37}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{3C6F6~1.EXE > nul
C:\Windows\{CA5D9B95-F6DA-421d-AE69-A2EA98DCD469}.exe
C:\Windows\{CA5D9B95-F6DA-421d-AE69-A2EA98DCD469}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{84219~1.EXE > nul
C:\Windows\{585DE9F4-48C7-4f5d-84FA-C1C69532B9DC}.exe
C:\Windows\{585DE9F4-48C7-4f5d-84FA-C1C69532B9DC}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{CA5D9~1.EXE > nul
C:\Windows\{86067B87-74DD-473d-81AE-BF0AA1EC2608}.exe
C:\Windows\{86067B87-74DD-473d-81AE-BF0AA1EC2608}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{585DE~1.EXE > nul
C:\Windows\{24731FE3-7AAC-44b3-A7B4-3A18A89F78A2}.exe
C:\Windows\{24731FE3-7AAC-44b3-A7B4-3A18A89F78A2}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{86067~1.EXE > nul
C:\Windows\{8F5AFE6E-C814-40e0-8B23-994A94C9C67A}.exe
C:\Windows\{8F5AFE6E-C814-40e0-8B23-994A94C9C67A}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{24731~1.EXE > nul
C:\Windows\{1DB83913-5521-4194-8E69-C814617D12E3}.exe
C:\Windows\{1DB83913-5521-4194-8E69-C814617D12E3}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{8F5AF~1.EXE > nul
C:\Windows\{A675B80C-A2DB-4008-960E-A92467EDC6F0}.exe
C:\Windows\{A675B80C-A2DB-4008-960E-A92467EDC6F0}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{1DB83~1.EXE > nul
C:\Windows\{917EAE3E-966D-4dcb-B063-5EA3481E9237}.exe
C:\Windows\{917EAE3E-966D-4dcb-B063-5EA3481E9237}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{A675B~1.EXE > nul
Network
Files
C:\Windows\{03FD0D1F-0B4D-42c9-B922-22F64EE0ED1D}.exe
| MD5 | 527c2ec66f152b1000345b6c5014840b |
| SHA1 | db58603eb6ff8fb4b192101b11ed56b997cb88b5 |
| SHA256 | 26e42ad71514d781b0f9a176b3da284560403cd264cfe2843e7dff8782d5bbc9 |
| SHA512 | 6bcd8b3cbd5bf16a79d92f5ad4931d0a8f53f675ec03a0936834439bf443fc040a242aefe4b208b1a163b65332c15111063393589231f0f473a63043cde0a87a |
C:\Windows\{3C6F648C-31CC-43e2-A324-8E1B825038A7}.exe
| MD5 | 079473632baee2085b0ac5d487d88b4a |
| SHA1 | 44ded19a1c03b45534862896d304b44dd4c4e1cf |
| SHA256 | 8d8ad3a2df65fbfef3214dbced47241b7f2da1a781bfd360fcabeafb517413e6 |
| SHA512 | 14553b986aebe9c6197d71e6bea2fac3cb1a8857eb85f53288b2adb53ee0e1d261025bbb3004415c514033e8690750dcfd264ced7a60010d1e9de32b80b184e2 |
C:\Windows\{84219630-A311-49de-80BA-A2883CB8BD37}.exe
| MD5 | c4c180291243cfc4112e8ef882356263 |
| SHA1 | 9228114ff14843777c626f246642b6611b293450 |
| SHA256 | e908fa7da17411de68094dd687f2f1627cd13a825a491f24a0f495701192b8bc |
| SHA512 | cef44f1536d1bf9e166f64c6b202e52e7f05a06e0b71c42fa9fdcd38f1375e5bcc164f16094874c6f9072d4c347b009a7eac5348dd5ae56e606bd4a40c2f617e |
C:\Windows\{CA5D9B95-F6DA-421d-AE69-A2EA98DCD469}.exe
| MD5 | 9279aad4a439505a537b9088f541e6d2 |
| SHA1 | f7088df996d96263ba792e78ddc4e39b633da945 |
| SHA256 | 79f450836900e5f6a78b3b2381f10a07f639250d0b2d9be23bf6b7408324998a |
| SHA512 | 2f2b054775b39ee256667a3766108b9302b7363039e588163235c92f0d33232058c8c2cf326611f1b91f1cc7f732c418c81e1d9b2da1c1501ff31a2ede8d1086 |
C:\Windows\{585DE9F4-48C7-4f5d-84FA-C1C69532B9DC}.exe
| MD5 | d2f4afde128d8f270c5ee3f24a51b654 |
| SHA1 | 6eaa76137064359e5047c1eae2ca2189bc70669e |
| SHA256 | 50b2c415946b265e2ead7fa1bd8c50dd683e3609db2c928421a307cd5610efdb |
| SHA512 | 3a07f6205f5d18e3355dd5ce87338f3b2af1ce1a14f141d61f4bc1072f0bffdae4aa0f93c72096dcfa9e3ba7a449a7bb46459357efb212c130627161401ba545 |
C:\Windows\{86067B87-74DD-473d-81AE-BF0AA1EC2608}.exe
| MD5 | d38e717b3f1893d25a9f06ad8ae778cf |
| SHA1 | e3668d3830a2a0b6b052fac09769fbf374b8fa43 |
| SHA256 | a81e0bff29e2ef71e2dffbbb9b64b2ef895ade76fc5bb81e49b76decb581d45b |
| SHA512 | 1d8dee410456d398dbf8743f4b4512abf1ec6717438e43b7f1b78c7cc517a04e8858c8e0e883393003702ee2dfd63d0e7c92d0e97d037d26a8f26141d83c30c1 |
C:\Windows\{24731FE3-7AAC-44b3-A7B4-3A18A89F78A2}.exe
| MD5 | d1085cb8d35cb97256ecfa340d11a979 |
| SHA1 | 7851f687f550dfea2d6a868c85032098aaf32e65 |
| SHA256 | 92d05bace4193ed5a3292172548047a269a9236d16b0078b27de8bad8a33ae34 |
| SHA512 | 3dcac3312d457212e9ee27b39c73af92466c25c9d31819033851284b0d13077d8f98873c6a78ef72bf03967b04744fd8da0b7adedf14cf3ec43b26057b1cdcd8 |
C:\Windows\{8F5AFE6E-C814-40e0-8B23-994A94C9C67A}.exe
| MD5 | d570c47b496f7239ec19c4f8ac812d3b |
| SHA1 | 0d575e9ac9ff711a1a64a2e941c9bdc1b9c0da97 |
| SHA256 | defb26ccc9f138585180c11e77f311361cfc5dee07c4b2086f5dbd8507bbad8e |
| SHA512 | f4e33dc8f3648558c39863da7a16958d569933b80217083c46ac7d4ca89477d8001e733d452726c0102aa90af0469c672007da429bc78145c8fb011a2419b84b |
C:\Windows\{1DB83913-5521-4194-8E69-C814617D12E3}.exe
| MD5 | 5ed9cdfe9ed340b79d31c2108790c282 |
| SHA1 | a27c1ce795350d6120efe605bd79ff7f5c42ec55 |
| SHA256 | 2dd1fa49d9fb6a555cd067ad8031a209f0e0969d3ec81803d382156c914ffa6a |
| SHA512 | 12decf671123b205248b67d6ce7bebf91bd8075eea5a34afe58a97a7fbc63b893b422c7d49a3b36eb245e0acdd69e52727927ac09d02dac75956c6162a71b15a |
C:\Windows\{A675B80C-A2DB-4008-960E-A92467EDC6F0}.exe
| MD5 | 5399846bcd4dccb5657459e9594598f6 |
| SHA1 | 6f82a830991888afda8b240995d3319f0d0cd13e |
| SHA256 | 9dfb0a1d7f76fef716a05200d5cde97c7aaa6d5380c5addb254f9ab228fb4842 |
| SHA512 | 4265daaf2a80f17378e0bec96a9fe7acddd44ff0ee37956b1cdc4653739f162131826b5cb996453c6132b0526e539df8da261c15d5ad0e8e1a49d12fa7eb0f63 |
C:\Windows\{917EAE3E-966D-4dcb-B063-5EA3481E9237}.exe
| MD5 | 36848ae2d61564b4c99f876128ed7b37 |
| SHA1 | 29e5421c1f02689ad09f139d4dfb0dbe18179e76 |
| SHA256 | f8cf520ec572ece46b73d11a605cacd64805e7d3ed6ec32bb2bd21da10ed5e6a |
| SHA512 | 965762f458496c6cc83ac2992e9a463dd5c7b765759e8028af10c69c0ff55e0066610001a98e5e8edfa7c6403f8c89ad30101d399ac5928e90f0668c8fecb8e1 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-03-02 16:34
Reported
2024-03-02 16:36
Platform
win10v2004-20240226-en
Max time kernel
150s
Max time network
150s
Command Line
Signatures
Auto-generated rule
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{300DE7C2-873C-4fc4-A584-CA5D1F325252}\stubpath = "C:\\Windows\\{300DE7C2-873C-4fc4-A584-CA5D1F325252}.exe" | C:\Windows\{8BA57586-0BF4-4651-8F84-D9E24B3FF680}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{1DA5CB12-7BC8-40b5-A372-D8265748FC7C}\stubpath = "C:\\Windows\\{1DA5CB12-7BC8-40b5-A372-D8265748FC7C}.exe" | C:\Windows\{CDF7E546-FBB8-4d69-A53F-08DD3BE42FE0}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5F5ED9FC-F9F7-4050-87F1-D77F04AA2E1D}\stubpath = "C:\\Windows\\{5F5ED9FC-F9F7-4050-87F1-D77F04AA2E1D}.exe" | C:\Windows\{EAA9BBB9-03B4-4368-A296-A262594ADC56}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{25420D7E-4119-40ae-8B32-15764EF66683}\stubpath = "C:\\Windows\\{25420D7E-4119-40ae-8B32-15764EF66683}.exe" | C:\Windows\{865FB709-2B21-4b13-B6BB-6B65A075923F}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{8BA57586-0BF4-4651-8F84-D9E24B3FF680} | C:\Windows\{25420D7E-4119-40ae-8B32-15764EF66683}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{8BA57586-0BF4-4651-8F84-D9E24B3FF680}\stubpath = "C:\\Windows\\{8BA57586-0BF4-4651-8F84-D9E24B3FF680}.exe" | C:\Windows\{25420D7E-4119-40ae-8B32-15764EF66683}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{9442F68B-EF56-45c0-86B1-A50A6D32F293} | C:\Windows\{D365E531-7C52-43fc-82F5-B13FB6DF7EBD}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{CDF7E546-FBB8-4d69-A53F-08DD3BE42FE0} | C:\Windows\{9442F68B-EF56-45c0-86B1-A50A6D32F293}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5F5ED9FC-F9F7-4050-87F1-D77F04AA2E1D} | C:\Windows\{EAA9BBB9-03B4-4368-A296-A262594ADC56}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{E8E99F58-F2DD-49c8-816E-01D1BD21A4A0}\stubpath = "C:\\Windows\\{E8E99F58-F2DD-49c8-816E-01D1BD21A4A0}.exe" | C:\Windows\{5F5ED9FC-F9F7-4050-87F1-D77F04AA2E1D}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{25420D7E-4119-40ae-8B32-15764EF66683} | C:\Windows\{865FB709-2B21-4b13-B6BB-6B65A075923F}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{300DE7C2-873C-4fc4-A584-CA5D1F325252} | C:\Windows\{8BA57586-0BF4-4651-8F84-D9E24B3FF680}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{D365E531-7C52-43fc-82F5-B13FB6DF7EBD} | C:\Windows\{300DE7C2-873C-4fc4-A584-CA5D1F325252}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{1DA5CB12-7BC8-40b5-A372-D8265748FC7C} | C:\Windows\{CDF7E546-FBB8-4d69-A53F-08DD3BE42FE0}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{BA8AF8A0-AA22-4970-A997-1A93050304C7} | C:\Windows\{1DA5CB12-7BC8-40b5-A372-D8265748FC7C}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{BA8AF8A0-AA22-4970-A997-1A93050304C7}\stubpath = "C:\\Windows\\{BA8AF8A0-AA22-4970-A997-1A93050304C7}.exe" | C:\Windows\{1DA5CB12-7BC8-40b5-A372-D8265748FC7C}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{E8E99F58-F2DD-49c8-816E-01D1BD21A4A0} | C:\Windows\{5F5ED9FC-F9F7-4050-87F1-D77F04AA2E1D}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{865FB709-2B21-4b13-B6BB-6B65A075923F} | C:\Users\Admin\AppData\Local\Temp\2024-03-02_1d83b5d5a996b10bd072a83df62b3ae2_goldeneye.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{865FB709-2B21-4b13-B6BB-6B65A075923F}\stubpath = "C:\\Windows\\{865FB709-2B21-4b13-B6BB-6B65A075923F}.exe" | C:\Users\Admin\AppData\Local\Temp\2024-03-02_1d83b5d5a996b10bd072a83df62b3ae2_goldeneye.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{D365E531-7C52-43fc-82F5-B13FB6DF7EBD}\stubpath = "C:\\Windows\\{D365E531-7C52-43fc-82F5-B13FB6DF7EBD}.exe" | C:\Windows\{300DE7C2-873C-4fc4-A584-CA5D1F325252}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{9442F68B-EF56-45c0-86B1-A50A6D32F293}\stubpath = "C:\\Windows\\{9442F68B-EF56-45c0-86B1-A50A6D32F293}.exe" | C:\Windows\{D365E531-7C52-43fc-82F5-B13FB6DF7EBD}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{CDF7E546-FBB8-4d69-A53F-08DD3BE42FE0}\stubpath = "C:\\Windows\\{CDF7E546-FBB8-4d69-A53F-08DD3BE42FE0}.exe" | C:\Windows\{9442F68B-EF56-45c0-86B1-A50A6D32F293}.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{EAA9BBB9-03B4-4368-A296-A262594ADC56} | C:\Windows\{BA8AF8A0-AA22-4970-A997-1A93050304C7}.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{EAA9BBB9-03B4-4368-A296-A262594ADC56}\stubpath = "C:\\Windows\\{EAA9BBB9-03B4-4368-A296-A262594ADC56}.exe" | C:\Windows\{BA8AF8A0-AA22-4970-A997-1A93050304C7}.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\{865FB709-2B21-4b13-B6BB-6B65A075923F}.exe | N/A |
| N/A | N/A | C:\Windows\{25420D7E-4119-40ae-8B32-15764EF66683}.exe | N/A |
| N/A | N/A | C:\Windows\{8BA57586-0BF4-4651-8F84-D9E24B3FF680}.exe | N/A |
| N/A | N/A | C:\Windows\{300DE7C2-873C-4fc4-A584-CA5D1F325252}.exe | N/A |
| N/A | N/A | C:\Windows\{D365E531-7C52-43fc-82F5-B13FB6DF7EBD}.exe | N/A |
| N/A | N/A | C:\Windows\{9442F68B-EF56-45c0-86B1-A50A6D32F293}.exe | N/A |
| N/A | N/A | C:\Windows\{CDF7E546-FBB8-4d69-A53F-08DD3BE42FE0}.exe | N/A |
| N/A | N/A | C:\Windows\{1DA5CB12-7BC8-40b5-A372-D8265748FC7C}.exe | N/A |
| N/A | N/A | C:\Windows\{BA8AF8A0-AA22-4970-A997-1A93050304C7}.exe | N/A |
| N/A | N/A | C:\Windows\{EAA9BBB9-03B4-4368-A296-A262594ADC56}.exe | N/A |
| N/A | N/A | C:\Windows\{5F5ED9FC-F9F7-4050-87F1-D77F04AA2E1D}.exe | N/A |
| N/A | N/A | C:\Windows\{E8E99F58-F2DD-49c8-816E-01D1BD21A4A0}.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\{9442F68B-EF56-45c0-86B1-A50A6D32F293}.exe | C:\Windows\{D365E531-7C52-43fc-82F5-B13FB6DF7EBD}.exe | N/A |
| File created | C:\Windows\{1DA5CB12-7BC8-40b5-A372-D8265748FC7C}.exe | C:\Windows\{CDF7E546-FBB8-4d69-A53F-08DD3BE42FE0}.exe | N/A |
| File created | C:\Windows\{BA8AF8A0-AA22-4970-A997-1A93050304C7}.exe | C:\Windows\{1DA5CB12-7BC8-40b5-A372-D8265748FC7C}.exe | N/A |
| File created | C:\Windows\{865FB709-2B21-4b13-B6BB-6B65A075923F}.exe | C:\Users\Admin\AppData\Local\Temp\2024-03-02_1d83b5d5a996b10bd072a83df62b3ae2_goldeneye.exe | N/A |
| File created | C:\Windows\{25420D7E-4119-40ae-8B32-15764EF66683}.exe | C:\Windows\{865FB709-2B21-4b13-B6BB-6B65A075923F}.exe | N/A |
| File created | C:\Windows\{8BA57586-0BF4-4651-8F84-D9E24B3FF680}.exe | C:\Windows\{25420D7E-4119-40ae-8B32-15764EF66683}.exe | N/A |
| File created | C:\Windows\{300DE7C2-873C-4fc4-A584-CA5D1F325252}.exe | C:\Windows\{8BA57586-0BF4-4651-8F84-D9E24B3FF680}.exe | N/A |
| File created | C:\Windows\{D365E531-7C52-43fc-82F5-B13FB6DF7EBD}.exe | C:\Windows\{300DE7C2-873C-4fc4-A584-CA5D1F325252}.exe | N/A |
| File created | C:\Windows\{CDF7E546-FBB8-4d69-A53F-08DD3BE42FE0}.exe | C:\Windows\{9442F68B-EF56-45c0-86B1-A50A6D32F293}.exe | N/A |
| File created | C:\Windows\{EAA9BBB9-03B4-4368-A296-A262594ADC56}.exe | C:\Windows\{BA8AF8A0-AA22-4970-A997-1A93050304C7}.exe | N/A |
| File created | C:\Windows\{5F5ED9FC-F9F7-4050-87F1-D77F04AA2E1D}.exe | C:\Windows\{EAA9BBB9-03B4-4368-A296-A262594ADC56}.exe | N/A |
| File created | C:\Windows\{E8E99F58-F2DD-49c8-816E-01D1BD21A4A0}.exe | C:\Windows\{5F5ED9FC-F9F7-4050-87F1-D77F04AA2E1D}.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-03-02_1d83b5d5a996b10bd072a83df62b3ae2_goldeneye.exe
"C:\Users\Admin\AppData\Local\Temp\2024-03-02_1d83b5d5a996b10bd072a83df62b3ae2_goldeneye.exe"
C:\Windows\{865FB709-2B21-4b13-B6BB-6B65A075923F}.exe
C:\Windows\{865FB709-2B21-4b13-B6BB-6B65A075923F}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
C:\Windows\{25420D7E-4119-40ae-8B32-15764EF66683}.exe
C:\Windows\{25420D7E-4119-40ae-8B32-15764EF66683}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{865FB~1.EXE > nul
C:\Windows\{8BA57586-0BF4-4651-8F84-D9E24B3FF680}.exe
C:\Windows\{8BA57586-0BF4-4651-8F84-D9E24B3FF680}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{25420~1.EXE > nul
C:\Windows\{300DE7C2-873C-4fc4-A584-CA5D1F325252}.exe
C:\Windows\{300DE7C2-873C-4fc4-A584-CA5D1F325252}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{8BA57~1.EXE > nul
C:\Windows\{D365E531-7C52-43fc-82F5-B13FB6DF7EBD}.exe
C:\Windows\{D365E531-7C52-43fc-82F5-B13FB6DF7EBD}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{300DE~1.EXE > nul
C:\Windows\{9442F68B-EF56-45c0-86B1-A50A6D32F293}.exe
C:\Windows\{9442F68B-EF56-45c0-86B1-A50A6D32F293}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{D365E~1.EXE > nul
C:\Windows\{CDF7E546-FBB8-4d69-A53F-08DD3BE42FE0}.exe
C:\Windows\{CDF7E546-FBB8-4d69-A53F-08DD3BE42FE0}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{9442F~1.EXE > nul
C:\Windows\{1DA5CB12-7BC8-40b5-A372-D8265748FC7C}.exe
C:\Windows\{1DA5CB12-7BC8-40b5-A372-D8265748FC7C}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{CDF7E~1.EXE > nul
C:\Windows\{BA8AF8A0-AA22-4970-A997-1A93050304C7}.exe
C:\Windows\{BA8AF8A0-AA22-4970-A997-1A93050304C7}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{1DA5C~1.EXE > nul
C:\Windows\{EAA9BBB9-03B4-4368-A296-A262594ADC56}.exe
C:\Windows\{EAA9BBB9-03B4-4368-A296-A262594ADC56}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{BA8AF~1.EXE > nul
C:\Windows\{5F5ED9FC-F9F7-4050-87F1-D77F04AA2E1D}.exe
C:\Windows\{5F5ED9FC-F9F7-4050-87F1-D77F04AA2E1D}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{EAA9B~1.EXE > nul
C:\Windows\{E8E99F58-F2DD-49c8-816E-01D1BD21A4A0}.exe
C:\Windows\{E8E99F58-F2DD-49c8-816E-01D1BD21A4A0}.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{5F5ED~1.EXE > nul
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 207.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.200:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 9.228.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.110.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | udp |
Files
C:\Windows\{865FB709-2B21-4b13-B6BB-6B65A075923F}.exe
| MD5 | 32e5d9650520756648ffe7448ad067d1 |
| SHA1 | c86f5401bffb6833187627c7dbce832a8ad67abb |
| SHA256 | 2e1f480200a1c665f714372fd1873769fa0d2766e80b99c45a127b0d1dfe2706 |
| SHA512 | 56560deed6ec531b294269cf89af8e3d50b9c70828b5d4a81f311a3e99826e8a4fa0d732d8c005a1c104841c2c84bc707dd9ee06caa8fc9a83bb4410e46a0d1e |
C:\Windows\{25420D7E-4119-40ae-8B32-15764EF66683}.exe
| MD5 | ac97d244c93abeaa7f6ce41613452fb0 |
| SHA1 | c7b9c91c6146e57376f20b73acf747ac3149052e |
| SHA256 | 80c660748240f997a9fb1ae6d45612b1d671bc8cc4bcf4dab093e14cbd05bd21 |
| SHA512 | a6ae8ea6ee301ebdc4cfa12d80736ff433c564043ddc2819c0f78f5bef7744b3f7469ced4928041219a9e10d941637cbf3eee2a4cab1146abf9994e9838944f8 |
C:\Windows\{8BA57586-0BF4-4651-8F84-D9E24B3FF680}.exe
| MD5 | 266b09921193f3352a625ac08711f74b |
| SHA1 | b1bc39199bcada051e046534b7e717ff1f0daea5 |
| SHA256 | 1917e63e7639403aa6e8fad4b732cbdabccba37e4b3860c0b6969fe1e5bdfb47 |
| SHA512 | 646035c06d390bfa6d993e50e7ac53e09786160f13cfb775caa14fdc828925a19a4518266092255e7dd4659aa0bac4c57d46fe50cbd29bd94d999be516627b58 |
C:\Windows\{300DE7C2-873C-4fc4-A584-CA5D1F325252}.exe
| MD5 | 48eaab127c27d7b6af12bb6b454b18c6 |
| SHA1 | 8fa2d1cec680c9e36e6ea8e24aa438eef05e22de |
| SHA256 | 9a3b897ec2555f53ce411486e2f30fdca44221f07240e26ed057bc3b6e720180 |
| SHA512 | a47f5bf06428592834afb74ee62c2adb0b84adff5770821477011e5648016042322503bbd11ade46ebc9f87c3b946b361d8750025332de2bb185d934874b3466 |
C:\Windows\{D365E531-7C52-43fc-82F5-B13FB6DF7EBD}.exe
| MD5 | dcb416d1ec3845b863cb70d75d40910f |
| SHA1 | 490043d3db41f44b29d1bcb8ff5db8763f733edc |
| SHA256 | dabbbc5963d1170205251225d863b0ce6d90d09535f7065d16d592f083bde97c |
| SHA512 | 54c3287013049152cf14dfcf50d5fb67e7c76f1cff274666eba5435bf45dce25d3df57a8ff319d0f211c2baa6c8c90d4a9fbf8c8117deb513625c9474576066e |
C:\Windows\{9442F68B-EF56-45c0-86B1-A50A6D32F293}.exe
| MD5 | 45fef899868bd8d6cf82623e45226548 |
| SHA1 | b8fd9de8cb64614529c93f4377ba0f8fccc8c672 |
| SHA256 | 8ee5c8b6f581fd291540b42ece6c9fd367b4b7fb60b35a5d788f38bb4fd18443 |
| SHA512 | 682f5fb80bb0218984c1649e86b261793e7756ef47107f0d5e59b2e84b57122dc4f1534b6db7dd395d257150712344748d092deaf7897f7b0e19f1ae8350b9b0 |
C:\Windows\{CDF7E546-FBB8-4d69-A53F-08DD3BE42FE0}.exe
| MD5 | e17b5730862c1b3de1b80130d734cb70 |
| SHA1 | c38546ba3d30b9a157788a14cc5914cab70e9341 |
| SHA256 | b760807f537c5b044b21f4c321493d1e662bf9ebe559f1316a745da10a3f7208 |
| SHA512 | 4e3bfa9b42afefadce12034263aa1590959594c7126dca8c056d151c69de07e5e88a9125da09ab00827cd14872979cc18bd56d5ec629bdcf1bf80789342c7aba |
C:\Windows\{1DA5CB12-7BC8-40b5-A372-D8265748FC7C}.exe
| MD5 | 16f95a3f3d2342a678076d481d3e60bd |
| SHA1 | faeeef39a170fdce6cc633cb7eb6c47fd407e4de |
| SHA256 | bba073cf337ecc0f820e3c1dc8319a0b3e43711e74abe51ca7c3d6f9f801082a |
| SHA512 | d652b4a0b0b0d8e8c3a67c75101042684d953ad5ee4a5aa0e879189794e6857369060b6afca09b21963b947bddcbe4937bfd8a6e0f1d67dc50601aa329d681fb |
C:\Windows\{BA8AF8A0-AA22-4970-A997-1A93050304C7}.exe
| MD5 | 693d99a8b31127a575159a755ff82fca |
| SHA1 | 6be7a8ac21ba3578b28bb19e32fbe2cfed47a786 |
| SHA256 | 530f696dafcbd875682dc9f56e2e065e0ea9bad59c170d58d52ffbdbb56851ab |
| SHA512 | 72a96c4861edb43d5aa2a2e42e5b4c292e09ea07caaebe9f0fd7ab3658c385536cb4cefc6adecadccf55c493bd70df8834e4d423a7a6af268d733ab144085426 |
C:\Windows\{EAA9BBB9-03B4-4368-A296-A262594ADC56}.exe
| MD5 | bd3d70911a73bd7faa9a10fc4a8e1b4f |
| SHA1 | 5170b2d7eccc7f1886ea2629bdfe331324a4992b |
| SHA256 | 2c39d3c999f9f6dee8811b2358c37978867764ed282d16c730bb012da8324118 |
| SHA512 | 068084f6923887b1a0183b4d9f3ca6bd96478fb141b987f9e48abba3b4e878f164d8750a82bd3c2f03fd8dc98f1deccad53b93c21daae487a0ff60ea16d626be |
C:\Windows\{5F5ED9FC-F9F7-4050-87F1-D77F04AA2E1D}.exe
| MD5 | 9b0c7929e2c4433513e4afa5fdca01f5 |
| SHA1 | 21d688bdc8a7f3846e6ab7d13defd2e22364f31a |
| SHA256 | 3fff279021fbd0f24c81d4deb98c93174c5c26d66f06567c5d536203c06bdc29 |
| SHA512 | a0e9c93b81ad53cc2656e6dadd49d4bc1610a9dae9e4c31d59a1753a79d92c86e42742ea636ced01651c931a90c8cb227f973dfe29022ebbad05cd9ee14cf20c |
C:\Windows\{E8E99F58-F2DD-49c8-816E-01D1BD21A4A0}.exe
| MD5 | b611fd925b7ea322b4c40386f990f411 |
| SHA1 | 7a326d0a79a60b71fe4e79721d45bb8cee858a0a |
| SHA256 | a55428cc30db406081f060bb17154d39890bfebe8f59daaa9d43395e390c249d |
| SHA512 | 3c18911801fd666d083aabc7dc2231fe7b2cb2ddc9e00765be8c445e71af071076480cb8b25d51b1dca887d77f8f5a9a2f9419628f567d90441f4e587a22449b |